book

Designing Web APIs

by Brenda Jin, Saurabh Sahni, Amir Shevat

September 2018

Intermediate to advanced

230 pages

5h 11m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

How This Book Is OrganizedConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
Why Do We Need APIs?Who Are Our Users?The Business Case for APIsAPIs for Internal Developers First, External Developers SecondAPIs for External Developers First, Internal Developers SecondAPIs as the ProductWhat Makes an API Great?Closing Thoughts
Request–Response APIsRepresentational State TransferRemote Procedure CallGraphQLEvent-Driven APIsWebHooksWebSocketsHTTP StreamingClosing Thoughts
Authentication and AuthorizationOAuthToken GenerationScopesToken and Scope ValidationToken Expiry and Refresh TokensListing and Revoking AuthorizationsOAuth Best PracticesWebHooks SecurityVerification TokensRequest Signing and WebHook SignaturesMutual Transport Layer SecurityThin Payloads and API RetrievalWebHook Security Best PracticesClosing Thoughts
Designing for Real-Life Use CasesDesigning for a Great Developer ExperienceMake It Fast and Easy to Get StartedWork Toward ConsistencyMake Troubleshooting EasyMake Your API ExtensibleClosing Thoughts
Scenario 1Define Business ObjectivesOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationScenario 2Define the ProblemOutline Key User StoriesSelect Technology ArchitectureWrite an API SpecificationValidate Your DecisionsClosing Thoughts
Scaling ThroughputFinding the BottlenecksAdding Computing ResourcesDatabase IndexesCachingDoing Expensive Operations AsynchronouslyScaling Throughput Best PracticesEvolving Your API DesignIntroducing New Data Access PatternsAdding New API MethodsSupporting Bulk EndpointsAdding New Options to Filter ResultsEvolving API Design Best PracticesPaginating APIsOffset-Based PaginationCursor-Based PaginationPagination Best PracticesRate-Limiting APIsWhat Is Rate-Limiting?Implementation StrategiesRate Limits and DevelopersRate-Limiting Best PracticesDeveloper SDKsRate-Limiting SupportPagination SupportUsing gzipCaching Frequently Used DataError Handling and Exponential Back-OffSDK Best PracticesClosing Thoughts
Toward ConsistencyAutomated TestingAPI description languagesBackward CompatibilityPlanning for and Communicating ChangeCommunication PlanAddingRemovingVersioningClosing Thoughts
Developers, Developers, DevelopersThe HobbyistThe HackerThe Business-Focused, Tech-Savvy UserThe Professional DeveloperAnd Many MoreBuilding a Developer StrategyDeveloper SegmentationDistilling the Value PropositionDefining Your Developer FunnelMapping the Current and Future StateOutlining Your TacticsDeriving MeasurementsClosing Thoughts
API DocumentationGetting StartedAPI Reference DocumentationTutorialsFrequently Asked QuestionsLanding PageChangelogTerms of ServiceSamples and SnippetsCode SamplesSnippetsSoftware Development Kits and FrameworksSDKsFrameworksDevelopment ToolsDebugging and TroubleshootingSandboxes and API TestersRich MediaVideosOffice HoursWebinars and Online TrainingCommunity ContributionClosing Thoughts

Defining Your Developer ProgramsBreadth and Depth AnalysisDeep Developer ProgramsTop Partner ProgramBeta ProgramDesign SprintsBroad Developer ProgramsMeetups and Community EventsHackathonsSpeaking at Events and Event SponsorshipsTrain-the-Trainer and Ambassador ProgramsOnline Videos and StreamingSupport, Forums, and Stack OverflowCredit ProgramMeasuring Developer ProgramsClosing Thoughts
Define Business ObjectivesThe ProblemThe ImpactKey User StoriesTechnology ArchitectureAPI Specification TemplateTitleAuthorsProblemSolutionImplementationAuthenticationOther Things We ConsideredInputs, Outputs (REST, RPC)Events, Payloads (Event-Driven APIs)ErrorsFeedback PlanAPI Implementation Checklist:

Content preview from Designing Web APIs

Chapter 4. Design Best Practices

In the previous chapters, we gave an overview of various approaches for transmitting data via your web API. Now that you’re familiar with the landscape of transport and have an understanding of how to choose between various patterns and frameworks, we want to provide some tactical best practices to help your developers get the most out of your API.

Designing for Real-Life Use Cases

When designing an API, it’s best to make decisions that are grounded in specific, real-life use cases. Let’s dig into this idea a bit more. Think about the developers who are using your API. What tasks should they be able to complete with your API? What types of apps should developers be able to build? For some companies, this is as targeted as “developers should be able to charge customer credit cards.” For other companies, the answer can be more open-ended: “developers should be able to create a full suite of interactive consumer-quality applications.”

After you have your use cases defined, make sure that developers can actually do the things you want them to do using your API.

Quite often APIs are designed based on the internal architecture of the application, leaking details of the implementation. This leads to confusion for third-party developers and a bad developer experience. That’s why it’s so important to focus not on exposing on your company’s internal infrastructure but on the experience that an outside developer should have when interacting with your API. ...