Getting Started
Glossary
Updated: June 19, 2025
API Terms
API (Application Programming Interface)
A set of definitions and protocols that enable different software applications to communicate and interact with each other.
API Authentication
Authentication (AuthN) is the process of verifying the identity of the user who initiated an API request. Common methods include API keys, OAuth, JWT Authentication, and Basic Authentication.
API Authorization
Authorization (AuthZ) is the process of granting or denying access to operations, resources, or data for an authenticated user.
Backend
The server, database, and application that operate behind the scenes to deliver data and functionality to the frontend.
DDoS (Distributed Denial of Service)
A malicious attack that disrupts services by overwhelming the target infrastructure with a flood of internet traffic, preventing users from accessing services.
DELETE Request
An HTTP method used to remove a specified resource from a server.
DoS (Denial of Service)
An attack from a single source that floods a server with requests, making online services unavailable.
Endpoint
A specific URL where an API can be accessed. Each endpoint corresponds to a resource or functionality, and works with methods like GET, POST, or DELETE.
Firewall
A security system that monitors and controls incoming and outgoing network traffic based on predefined rules.
Frontend
The user-facing part of an application, typically the user interface.
GET Request
An HTTP method used to request data from a specified resource.
GraphQL
A query language for APIs that allows clients to request only the data they need, based on a defined schema.
HTTP Methods
Standard actions like GET, POST, PUT, and DELETE used in API requests to interact with resources.
JSON (JavaScript Object Notation)
A lightweight data format used for structuring data, often seen in API responses and OpenAPI specifications.
Microservices
A software architecture style where an application is built as a collection of loosely coupled, independently deployable services.
OAuth
An open authorization protocol that allows third-party applications to access user data without exposing user credentials.
OpenAPI
A specification format (formerly Swagger) used to describe and document RESTful APIs, including endpoints, parameters, and responses.
OWASP (Open Web Application Security Project)
A nonprofit foundation focused on improving software security. OWASP’s API Security Top 10 lists the most critical API security risks.
PaaS (Platform as a Service)
A cloud computing model that provides platforms and environments to develop, test, and deploy applications without managing infrastructure.
POST Request
An HTTP method used to send data to a server to create or update a resource.
PUT Request
An HTTP method used to update an existing resource with new data.
Rate Limiting
A technique to control the number of requests users can make to an API within a certain timeframe to prevent abuse and DDoS attacks.
REST (Representational State Transfer)
An architectural style for building APIs using standard HTTP methods and resource-based URLs. Commonly returns data in JSON format.
SaaS (Software as a Service)
A software delivery model where applications are hosted by a provider and accessed over the internet by users.
SDK (Software Development Kit)
A collection of tools, libraries, and documentation used by developers to create applications for a specific platform.
SQL Injection
An attack technique where malicious SQL code is injected into a query to manipulate or access data in a database.
Token
A digital key used for authentication and authorization in accessing APIs.
Webhook
A method for one application to send real-time data to another whenever an event occurs, such as an order being placed.
AI Terms
API Rate Limiting (AI Context)
Limits on how many AI model requests can be made in a given timeframe to manage cost and prevent abuse.
Embeddings
Numeric vector representations of data (text, images, etc.) that encode semantic meaning, used for tasks like similarity search.
Few-shot Learning
A method where a model is given a few examples in a prompt to complete new tasks without retraining.
Fine-tuning
The process of continuing to train a pre-trained model on a specific dataset to specialize it for a particular task.
Hallucination
When an AI model generates content that is inaccurate, fabricated, or not grounded in its training data.
Inference
The process of using a trained model to generate outputs or predictions based on new input data.
Jailbreaking
Using prompts or techniques to bypass an AI model’s content safeguards or ethical guidelines.
LLM (Large Language Model)
A type of AI model trained on massive text datasets to generate and understand human language. Examples include GPT and Claude.
Model Context Window
The maximum amount of input (prompt + response) a model can handle at once, measured in tokens.
Model Training
The process of teaching an AI model by feeding it large amounts of data to learn patterns and language structures.
Parameter
An internal value within a model that is tuned during training to optimize performance. More parameters generally mean more capability.
Prompt
The input or instruction given to an AI to generate a response. Carefully crafted prompts improve model output.
Prompt Injection
A security issue where malicious instructions are inserted into prompts to manipulate or override an AI model's intended behavior.
System Prompt
A set of instructions or context given to an AI model at initialization to shape its behavior and tone.
Temperature
A setting that adjusts randomness in AI outputs. Lower values = more precise; higher values = more creative.
Token Limit
The maximum number of tokens a model can process in one request, affecting the length of prompts and responses.
Vector Database
A database optimized for storing and querying vector embeddings, commonly used for semantic search in AI applications.
Zero-shot Learning
An AI model's ability to handle tasks or answer questions without being shown specific training examples.