4
Sites such as Facebook, Google, and Twitter could never let third party apps connect directly to their database: it’s an enormous security risk. (Would you be comfortable if Facebook allowed anyone to access their database, including private user information and messages?)
APIs serve as a gate through which third party apps can get the kinds of information they are permitted to access.
3
There are several reasons why you would use an API instead of using direct access.
The first 2 that come to mind:
- Using an API allows you to write the client code without knowing any details of the specific implementation, so if you change your database structure or location for instance, you need only rewrite the API wrapper code, not everywhere its referenced.
- It allows you to have different levels of authentication. As mentioned in another answer, it is not ideal for all users of an application to have access to every other users data.
Source:stackexchange.com