book

Designing Web APIs

by Brenda Jin, Saurabh Sahni, Amir Shevat

September 2018

Intermediate to advanced

230 pages

5h 11m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
How This Book Is OrganizedConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
1. What’s an API?
Why Do We Need APIs?Who Are Our Users?The Business Case for APIsAPIs for Internal Developers First, External Developers SecondAPIs for External Developers First, Internal Developers SecondAPIs as the ProductWhat Makes an API Great?Closing Thoughts
2. API Paradigms
Request–Response APIsRepresentational State TransferRemote Procedure CallGraphQLEvent-Driven APIsWebHooksWebSocketsHTTP StreamingClosing Thoughts
3. API Security
Authentication and AuthorizationOAuthToken GenerationScopesToken and Scope ValidationToken Expiry and Refresh TokensListing and Revoking AuthorizationsOAuth Best PracticesWebHooks SecurityVerification TokensRequest Signing and WebHook SignaturesMutual Transport Layer SecurityThin Payloads and API RetrievalWebHook Security Best PracticesClosing Thoughts
4. Design Best Practices
Designing for Real-Life Use CasesDesigning for a Great Developer ExperienceMake It Fast and Easy to Get StartedWork Toward ConsistencyMake Troubleshooting EasyMake Your API ExtensibleClosing Thoughts
5. Design in Practice
Scenario 1Define Business ObjectivesOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationScenario 2Define the ProblemOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationValidate Your DecisionsClosing Thoughts
6. Scaling APIs
Scaling ThroughputFinding the BottlenecksAdding Computing ResourcesDatabase IndexesCachingDoing Expensive Operations AsynchronouslyScaling Throughput Best PracticesEvolving Your API DesignIntroducing New Data Access PatternsAdding New API MethodsSupporting Bulk EndpointsAdding New Options to Filter ResultsEvolving API Design Best PracticesPaginating APIsOffset-Based PaginationCursor-Based PaginationPagination Best PracticesRate-Limiting APIsWhat Is Rate-Limiting?Implementation StrategiesRate Limits and DevelopersRate-Limiting Best PracticesDeveloper SDKsRate-Limiting SupportPagination SupportUsing gzipCaching Frequently Used DataError Handling and Exponential Back-OffSDK Best PracticesClosing Thoughts
7. Managing Change
Toward ConsistencyAutomated TestingAPI description languagesBackward CompatibilityPlanning for and Communicating ChangeCommunication PlanAddingRemovingVersioningClosing Thoughts
8. Building a Developer Ecosystem Strategy
Developers, Developers, DevelopersThe HobbyistThe HackerThe Business-Focused, Tech-Savvy UserThe Professional DeveloperAnd Many MoreBuilding a Developer StrategyDeveloper SegmentationDistilling the Value PropositionDefining Your Developer FunnelMapping the Current and Future StateOutlining Your TacticsDeriving MeasurementsClosing Thoughts
9. Developer Resources
API DocumentationGetting StartedAPI Reference DocumentationTutorialsFrequently Asked QuestionsLanding PageChangelogTerms of ServiceSamples and SnippetsCode SamplesSnippetsSoftware Development Kits and FrameworksSDKsFrameworksDevelopment ToolsDebugging and TroubleshootingSandboxes and API TestersRich MediaVideosOffice HoursWebinars and Online TrainingCommunity ContributionClosing Thoughts

10. Developer Programs
Defining Your Developer ProgramsBreadth and Depth AnalysisDeep Developer ProgramsTop Partner ProgramBeta ProgramDesign SprintsBroad Developer ProgramsMeetups and Community EventsHackathonsSpeaking at Events and Event SponsorshipsTrain-the-Trainer and Ambassador ProgramsOnline Videos and StreamingSupport, Forums, and Stack OverflowCredit ProgramMeasuring Developer ProgramsClosing Thoughts
11. Conclusion
A. API Design Worksheets
Define Business ObjectivesThe ProblemThe ImpactKey User StoriesTechnology ArchitectureAPI Specification TemplateTitleAuthorsProblemSolutionImplementationAuthenticationOther Things We ConsideredInputs, Outputs (REST, RPC)Events, Payloads (Event-Driven APIs)ErrorsFeedback PlanAPI Implementation Checklist:
Index

Content preview from Designing Web APIs

Chapter 2. API Paradigms

Picking the right API paradigm is important. An API paradigm defines the interface exposing backend data of a service to other applications. When starting out with APIs, organizations do not always consider all the factors that will make an API successful. As a result, there isn’t enough room built in to add the features they want later on. This can also happen when the organization or product changes over time. Unfortunately, after there are developers using it, changing an API is difficult (if not impossible). To save time, effort, and headaches—and to leave room for new and exciting features—it’s worthwhile to give some thought to protocols, patterns, and a few best practices before you get started. This will help you design an API that allows you to make the changes you want in the future.

Over the years, multiple API paradigms have emerged. REST, RPC, GraphQL, WebHooks, and WebSockets are some of the most popular standards today. In this chapter, we dive into these different paradigms.

Request–Response APIs

Request–response APIs typically expose an interface through an HTTP-based web server. APIs define a set of endpoints. Clients make HTTP requests for data to those endpoints and the server returns responses. The response is typically sent back as JSON or XML. There are three common paradigms used by services to expose request–response APIs: REST, RPC, and GraphQL. We look into each of them in the subsections that follow.

Representational State ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492026914Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design