How to design RESTful APIs
This is course note for the following online course: "Designing RESTful APIs" on LinkedIn by Keith Casey
https://www.linkedin.com/learning/designing-restful-apis/welcome?u=3322
Course completed on Apr 11, 2020
Why good API design important?
- What function to expose
- How to expose
- Best way to expose
- Assumptions
- Test and validate assumptions
- Rethink with unexpected use cases
- Versioning
- Backward compability
Think of 3 aspects, they have to aligned:
- What API does
- What the API makes easy
- What the user want to do
How to we add an API?
| Bolt-on Strategy | Facade Strategy | Greenfield Strategy | |
|---|---|---|---|
| Pro | Brute-force approach | Replacing system piece by piece / keep working system functioning | API first or mobile first mindset. New technologies and architectures |
| Con | Leaking internal design | Multiple mindsets / hard to replicate behavior 1:1 | Massive upfront investment before benefit from it |
How to modeling API?
3 rules
- Don't focus on tools
- Have a consistent process
- Doc things same way
- Team work sync always
- It does not count if not doc it.
- Design may not clear
- Risk is unassessed
Conclusion: doc everything
Modeling process
Understand the business process
1. Identify users
- Who: person/bot/entity
- Scope: Internal or External?
- Attitude: Active or Passive?
2. Identify activities
Example: Order a food
- place an order
- wait for the order
- receive the order
3. Break into atomic functions
Above is from user perspective, complete picture is:
- customer search for a food and decide
- customer place an order with the cashier
- cashier passes the order to chief
- chief ACK and tell cashier it's ok to cook
- cashier calculate the bill
- user make payment, accepted/rejected
- if accepted, chief cook the food
- deliver the food to customer
Example 2: online book order
- view items
- add item to cart
- remove items
- checkout
- fullfil and ship order
- view order
Validate the API to avoid ambiguities
- Check the assumptions
- Ask customer
4. Create API definitions
- Identify the resources. Find the nouns
- items/cart/order/customer/bill
- GET/DELETE/PUT/POST/PATCH
- GET: retrive a resource
- List: get items
- View: get item
- DELETE: delete a resource
- PUT: update existing record
- POST: create/update/anything not fit the first 3 verbs
- GET: retrive a resource
Now we can decide the definitions of the steps in example 2:
- View items
- GET: List items
- GET: View item
- Add item to cart
- POST: Create new cart
- Remove items
- PUT: update existing cart
- Checkout
- POST: other resources
- Fullfil and ship order
- Create order is done in POST checkout
- GET: View order
- POST: cancel order
- Customer Resource
- Customer registration: POST
- View customer: GET
Types of relationships between resources:
- Independent: Can exist on its own without any other resources (Movie and actors)
- Dependent: Can only exist if other resource already exists (Characters in movies)
- Associative: Can be dependent or independent but needs additional information to describe it (One actor play multiple characters / One character played by multiple actors)
5. Validate API
- card of scenarios
- use microframework
HTTP
- HTTP is a protocol
- XML is a markup language
- JSON is a notation
- XML standards can add structure
- JSON spec can add context
- REST is none of the above
REST APIs: 6 constraints
- Client-Server Architecture
- Stateless Architecture
- Cacheable
- Layered Systems
- Code on Demand
- Uniform Interfaces
- ID of resources
- Manipulate resources
- Self-descriptive messages
- Can discover links
API Design patterns
- Authentication (AuthN)
- Authorization (AuthZ)
AuthN is who you are. AuthZ is what you can do.
3 ways to implement them
- API Keys: Put in header, url or body
- Pro: Easiest way
- Con: leak, not easy to update
- Implement your own AuthN/AuthZ protocol
- Pro: Only you know
- Con: Untested, unproven; Training cost; No supporting tool
- OAuth 2.0
- Pro: Reliable and well established; Massive ecosystem; Open-source and commercial options
- Con: Complicated; Learning curve steep
API Versioning
2 ways to versioning:
- via URL
- via Accept Header
Payload
- Key/Value pairs
- Media Types
- Collection + JSON
- HAL (Hypertext Application Language) + JSON
- Ion Hypermedia Type
Hypermedia
Hyper: the media is not linear, it can beginning in the middle
Advanced HTTP headers: Content negotiation and caching
- Content negotiation: explicitly response based on the request
- Caching: ETag
- Client makes request
- Server response with ETag
- Client makes a HEAD request (same request as before)
- If data not changed, server returns the same ETag
- If data is changed, server returns the full request
Documentations
- Easy to search
- Easy to diff
- Easy to update
- Readability
Jekyll/Slate
SDK
- Succinct: user can write less code for same thing
- Purposeful: doc the behaviors
- Open Source
- Idiomatic: python SDK should looks like python
- Logical
Make users' lives easier. Ask existing user's demand.
Final
Conference:
- API Strategy & Practice
- REST FEST: www.restfest.org
Book:
- A practical approach to API Design