URI definition
Uniform Resource Identifiers
Format
URI = scheme "://" authority "/" path [ "?" query ] [ "#" fragment ]
Rules
Forward slash separator (/)
must be used to indicate a hierarchical relationship
should not be included in URIs end
Ex : http://api.canvas.restapi.org/shapes/
use Hyphens (-)
Do not use Underscores (_)
Lowercase letters should be preferred
File extensions should not be included
Ex : http://api..../fall.json
URI Path Design
Do not use CRUD commands or verbs
/deleteUser?userId=123
/create/
do not use HTTP methods
/getuserId/123
/getNextSequence
* NEVER USE CRUD COMMANDS OR VERBS * DONOT USE METHODS NAMES
Documents
SINGULAR NOUN
/repos/{owner}/{repo}/tags
{owner} is a document; should be SINGULAR NOUN
Collection
PLURAL NOUN
/repos/{owner}/{repo}/tags
"repos" is a collection; should be PLURAL NOUN
Store
PLURAL NOUN
/repos/{owner}/{repo}/tags
"tags" is a collection; should be PLURAL NOUN
Variable path segments may be substituted with identity-based values
/users/123
/users/3444-566-DF44-GT11
Summary do and do not
DELETEL: /users/1234
/deleteuser?userId=1234
/users
/user
/students/csandun/courses
/getStudentCourses?user=csandun
/students/12
/students/getbyid/12
/students/next
/students/get-next-id
/getNextStudentId
URI Query Design
Filter
Collection
GET: /Users
GET: /users?role=admin
a listing of all the users in the collection.
a filtered list of all the users inthe collection with a “role” value of admin
Pagination
Collection
Store
filter collections or stores
paginate collection or store results
GET verb with Querys
GET /users?pagesize=25&pageindex=2
for simple filteration
POST verb
POST /users/search
the complexity of a client’s pagination
HTTP methods
GET
retrieve a resource from the server
safe or idempotent
POST
create a new resource on the server.
not safe or not idempotent
PUT
update an existing resource on the server.
not safe, but it is idempotent
DELETE
delete a resource from the server
not safe or idempotent
PATCH
apply a set of changes exist resource
HEAD
only retrieves the HTTP headers for a resources
OPTIONS
describe the options available for a resource
describes supported HTTP verbs
Response Codes
1xx
Information
Communicates transfer protocol-level information.
2xx
Success
Indicates that the client’s request was accepted successfully
3xx
Redirection
Indicates that the client must take some additional action in order to complete their request
4xx
Client error
This category of error status codes points the finger at clients
5xx
Server error
The server takes responsibility for these error status codes.
Versioning
The practice of transparently managing changes to your API
maintain backward compatibility
Approches
URI Versioning
the version of the API is included in the URL path.
http://api.example.com/v1/resource
http://api.example.com/v2/resource
There are 2 versions in same endpoint
Custom Request Header
use custom header name
X-API-Version
"Accept" Header
specified in the "Accept" header of the HTTP request
Accept : 1.0
Hypermedia as the engine of application state (HATEOAS)
Client Concerns
Versionning
New URIs should be used to introduce new concepts
Schemas should be used to manage representational form versions
Entity tags should be used to manage representational state versions
Security
OAuth may be used to protect resources
API management solutions may be used to protect resources
HATEOS
JavaScript related Clients
CORS should be supported to provide multi-origin read/write access
Documentations
Proper documentation
Swagger
Azure API Management
Postman
Apigee
Use OpenAPI convension
URI Authority Design
Sub domain URI
"api."
https://api.github.com
https://api.twitter.com
https://servicemanagement.googleapis.com
Use Consistent subdomain names like : api
Developer Portal
"developer"
https://developer.twitter.com
Resource Modeling
4 Resource Archetypes
Document
record
instance
constains
fields
links
includes
decroot
Ex:
Collection
Server-managed
directory
resources
Ex:
Store
Client-managed
resources
repository
Ex:
Controller
procedural
Like
RPC - Remote Procedure Call
Create
Retrieve
Update
Delete
Ex:
What is REST API
Representational State Transfer
built on top of the HTTP protocol
architectural style
Main constraints
Client-server architecture
Statelessness
Cacheability
Layered system
Benefits
easy to use and understand and easy to integrate
flexible and can support a variety of data formats
JSON
XML
Stateless : doesn't depend on the state of previous requests.
Efficient: Can use various methods and customisable
Api works like this
Resource
REST API Design Rulebook
by Mark Masse