book

Designing Web APIs

by Brenda Jin, Saurabh Sahni, Amir Shevat

September 2018

Intermediate to advanced

230 pages

5h 11m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

How This Book Is OrganizedConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
Why Do We Need APIs?Who Are Our Users?The Business Case for APIsAPIs for Internal Developers First, External Developers SecondAPIs for External Developers First, Internal Developers SecondAPIs as the ProductWhat Makes an API Great?Closing Thoughts
Request–Response APIsRepresentational State TransferRemote Procedure CallGraphQLEvent-Driven APIsWebHooksWebSocketsHTTP StreamingClosing Thoughts
Authentication and AuthorizationOAuthToken GenerationScopesToken and Scope ValidationToken Expiry and Refresh TokensListing and Revoking AuthorizationsOAuth Best PracticesWebHooks SecurityVerification TokensRequest Signing and WebHook SignaturesMutual Transport Layer SecurityThin Payloads and API RetrievalWebHook Security Best PracticesClosing Thoughts
Designing for Real-Life Use CasesDesigning for a Great Developer ExperienceMake It Fast and Easy to Get StartedWork Toward ConsistencyMake Troubleshooting EasyMake Your API ExtensibleClosing Thoughts
Scenario 1Define Business ObjectivesOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationScenario 2Define the ProblemOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationValidate Your DecisionsClosing Thoughts
Scaling ThroughputFinding the BottlenecksAdding Computing ResourcesDatabase IndexesCachingDoing Expensive Operations AsynchronouslyScaling Throughput Best PracticesEvolving Your API DesignIntroducing New Data Access PatternsAdding New API MethodsSupporting Bulk EndpointsAdding New Options to Filter ResultsEvolving API Design Best PracticesPaginating APIsOffset-Based PaginationCursor-Based PaginationPagination Best PracticesRate-Limiting APIsWhat Is Rate-Limiting?Implementation StrategiesRate Limits and DevelopersRate-Limiting Best PracticesDeveloper SDKsRate-Limiting SupportPagination SupportUsing gzipCaching Frequently Used DataError Handling and Exponential Back-OffSDK Best PracticesClosing Thoughts
Toward ConsistencyAutomated TestingAPI description languagesBackward CompatibilityPlanning for and Communicating ChangeCommunication PlanAddingRemovingVersioningClosing Thoughts
Developers, Developers, DevelopersThe HobbyistThe HackerThe Business-Focused, Tech-Savvy UserThe Professional DeveloperAnd Many MoreBuilding a Developer StrategyDeveloper SegmentationDistilling the Value PropositionDefining Your Developer FunnelMapping the Current and Future StateOutlining Your TacticsDeriving MeasurementsClosing Thoughts
API DocumentationGetting StartedAPI Reference DocumentationTutorialsFrequently Asked QuestionsLanding PageChangelogTerms of ServiceSamples and SnippetsCode SamplesSnippetsSoftware Development Kits and FrameworksSDKsFrameworksDevelopment ToolsDebugging and TroubleshootingSandboxes and API TestersRich MediaVideosOffice HoursWebinars and Online TrainingCommunity ContributionClosing Thoughts

Defining Your Developer ProgramsBreadth and Depth AnalysisDeep Developer ProgramsTop Partner ProgramBeta ProgramDesign SprintsBroad Developer ProgramsMeetups and Community EventsHackathonsSpeaking at Events and Event SponsorshipsTrain-the-Trainer and Ambassador ProgramsOnline Videos and StreamingSupport, Forums, and Stack OverflowCredit ProgramMeasuring Developer ProgramsClosing Thoughts
Define Business ObjectivesThe ProblemThe ImpactKey User StoriesTechnology ArchitectureAPI Specification TemplateTitleAuthorsProblemSolutionImplementationAuthenticationOther Things We ConsideredInputs, Outputs (REST, RPC)Events, Payloads (Event-Driven APIs)ErrorsFeedback PlanAPI Implementation Checklist:

Content preview from Designing Web APIs

Chapter 2. API Paradigms

Picking the right API paradigm is important. An API paradigm defines the interface exposing backend data of a service to other applications. When starting out with APIs, organizations do not always consider all the factors that will make an API successful. As a result, there isn’t enough room built in to add the features they want later on. This can also happen when the organization or product changes over time. Unfortunately, after there are developers using it, changing an API is difficult (if not impossible). To save time, effort, and headaches—and to leave room for new and exciting features—it’s worthwhile to give some thought to protocols, patterns, and a few best practices before you get started. This will help you design an API that allows you to make the changes you want in the future.

Over the years, multiple API paradigms have emerged. REST, RPC, GraphQL, WebHooks, and WebSockets are some of the most popular standards today. In this chapter, we dive into these different paradigms.

Request–Response APIs

Request–response APIs typically expose an interface through an HTTP-based web server. APIs define a set of endpoints. Clients make HTTP requests for data to those endpoints and the server returns responses. The response is typically sent back as JSON or XML. There are three common paradigms used by services to expose request–response APIs: REST, RPC, and GraphQL. We look into each of them in the subsections that follow.