API
11 playbook/playbook
API DESIGN
API Design
- Banking API assessment
- Donβt use verbs on resources use noun for example GET /cars/1
- Versioning Strategies
- use correct http response codes: eg: 200, 404 etc
- correct use of plurals
- enabling filtering and sorting
- use header for content type
- HATEOAS - hypermedia as the engine of the application state
- API Strategy
- H-Factor
- API Scaling
Considerationsβ
- Idempotency (idempotency keys from Strip)
- URL Structure (HTTP Verbs, URL Design)
- Error Handling
- API Documentation
- Open Source Documentation?
- Getting Started?
- Swagger?
- Metadata
- Pagination
- URL Versioning
- Rolling Changes
- Stateless
- Test? Integration Test? Contract Test
- Logging Aggregation
- Filters/Search/Sort
- Environments
- 7 Factor App
- Software Engineering Laws#Hyrums Law
- Software Engineering Laws#Pastels Law
Security
security
- Bearer Token - static token generated by server
- Access Token - usually it is retrieved by using bearer token together with client id to get a expiring access token
- 2 way SSL
- API keys (public/private key pair and key chains)
- username password
- JWT
Considerationsβ
- API keys (automated key design)
- Type of Authentication: Basic Auth, Bearer Token etc
- Exposed (internal vs external)
- HTTP/s
- Data Encryption at Rest
- who can access data
- how is sensitive data stored
- can it be accessed via APIs
Reference Architectureβ
!Screen Shot 2022-12-04 at 1.18.11 pm.png
Scaling
- Gateway
- Queues
- Global access point (Edge Locations)
- Load Testing
- Concurrency
- Caching?
References
- REST Good Practices for API Design
- Netflix - Reference Architecture - Evolution of API Architecture !Pasted image 20230107145519.png