From CryptoDox, The Online Encyclopedia on Cryptography and Information Security
Microsoft Cryptographic Application Programming Interface (CAPI) allows developers to build cryptographic security into their applications by providing a flexible set of functions to encrypt or digitally sign data. CryptoAPI is an API that provides any application, not just web-based programs, with easy-to-implement security features<ref>Supporting CryptoApi in Real-World Applications</ref>.
The Microsoft CryptoAPI is a complete set of tools for creating secure Internet and intranet applications. Microsoft distributes the Cryptographic Service Provider Developers Kit (CSPDK) to authorized recipients located in the United States and Canada, and to persons and entities outside the United States or Canada authorized to receive the CSPDK under specific license from the U.S. State Department, Office of Defense Trade Controls.
CAPI is implemented as an application-level system that Win32 applications may call for cryptographic services. The applications are thereby insulated from the business of providing their own algorithms for such things as encryption and hashing. Against that, the applications are limited to whatever cryptographic services happen to be available in the current configuration of the CryptoAPI system<ref>Microsoft CryptoAPI</ref>.
The CryptoAPI system is built in parts. An interface layer is exposed to the client applications. Underneath are drivers that do the actual work of providing the cryptographic services. Each such driver is called a Cryptographic Service Provider (CSP). Microsoft itself supplies some CSPs with the CryptoAPI system.