The Web API Landscape: What Exists Beyond the Basics

This course covers 36 capabilities in depth. But that is a fraction of what the browser exposes. There are hundreds of JavaScript APIs available today. Before going deep on any single one, it is worth having a map of the territory.

What follows is a tour of the major capability areas that exist, split by category. These are not covered in depth here -- each one is substantial enough to deserve its own dedicated study. But knowing they exist means you will reach for the right tool when the need comes up.

Networking and Threading

Fetch API -- the modern way to make HTTP requests. Replaced XMLHttpRequest in most codebases.

Web Workers -- run JavaScript on a background thread. The browser's JavaScript engine is single-threaded by default, so any heavy computation blocks the UI. Workers let you move that work off the main thread so the interface stays responsive.

WebAssembly -- run native compiled code in the browser. You write in C, C++, Kotlin, Swift, Rust, or TypeScript, compile it to a .wasm binary, and execute it at near-native speed. Useful for heavy computation: image processing, video encoding, physics engines.

WebSockets -- open a persistent two-way connection between browser and server. Unlike HTTP (request-response), the server can push data at any time.

WebRTC -- real-time peer-to-peer communication between browsers. Audio, video, and data channels directly between users, without routing through a server. The technology behind video calling in the browser.

Network Information API -- check the user's connection type (navigator.connection.effectiveType). Useful for adapting media quality or deferring heavy loads when someone is on a slow connection.

Device Memory API -- read how much RAM the device has (navigator.deviceMemory). Lets you scale down resource usage on low-memory devices.

Web Crypto and Authentication

Web Crypto -- browser-native cryptography. Encrypt, decrypt, sign, verify, hash, and generate keys, all without a library. Has nothing to do with cryptocurrency -- this is classical cryptography.

WebOTP -- reads a one-time password from an incoming SMS automatically. When a site sends a verification code by text message, WebOTP can intercept that SMS and fill the code in without the user switching apps. The SMS has to follow a specific format for this to work.

Web Authentication (WebAuthn) -- passwordless login. Instead of a username and password, the user authenticates with a device credential: Face ID, Touch ID, Windows Hello, or a hardware key. The browser handles the cryptographic handshake. This is one of the most impactful security APIs the web has added in years.

Credential Management -- store and retrieve user credentials client-side. Works alongside WebAuthn to streamline login flows.

Storage

Web Storage -- localStorage and sessionStorage. Simple key-value persistence.

IndexedDB -- a full client-side database. Stores structured data, supports indexes and transactions, works offline.

Cache Storage -- stores HTTP responses for offline use. The foundation of service worker caching strategies.

File System API -- read and write to the real device file system from a web app. The user grants access to a folder or file; from then on the app can read and modify it directly.

Graphics and UI

Canvas API -- draw 2D graphics programmatically. Pixel-level control. Used for image manipulation, charts, and games.

WebGL -- GPU-accelerated 3D graphics in the browser. The low-level API that powers Three.js and similar libraries.

Pointer Lock -- hide the mouse cursor and capture raw mouse movement. Used in browser-based games where you want the mouse to control a camera or viewpoint without the cursor hitting the screen edge.

Screen Capture -- capture the user's screen or a specific window. This is what Zoom and Google Meet use when you click "Share Screen."

Web Components -- define custom HTML elements with their own encapsulated behaviour and styles. Works across frameworks.

Background and PWA

Service Workers -- a script that runs between the browser and the network, even when the page is closed. The backbone of offline support, push notifications, and background sync.

Web App Manifest -- a JSON file that lets a web app install itself as a standalone app with its own icon, splash screen, and window. No app store required (though it can also be submitted to one).

Background Sync -- queue work that runs the next time the user has a network connection, even if the page is closed.

Background Fetch -- download or upload large files in the background, surviving browser restarts.

Web Push -- server-initiated notifications delivered to a user even when they are not actively using the app. Now available on iOS as well, but only for installed PWAs.

Media Session -- set metadata (title, artist, album art) so the OS knows what is playing. Enables playback controls on the lock screen, in the notification tray, and in in-car systems like Android Auto and CarPlay. A web app playing audio can appear in the car's interface just like a native music app.

The Point

None of these are exotic or experimental. Most are green, stable, and widely supported. The reason they are not covered in depth here is not that they are unimportant -- it is that each one is substantial enough to be its own course. The goal is to know they exist. When you need one, you know where to look.