Designing and maintaining an API standard #417
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aaronrussellHO
commented
May 7, 2024
aaronrussellHO
commented
May 7, 2024
aaronrussellHO
commented
May 7, 2024
aaronrussellHO
commented
May 7, 2024
aaronrussellHO
commented
May 7, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
May 14, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
commented
Jun 4, 2024
aaronrussellHO
changed the title
Co-authored-by: VictorAlegianiSagnottiHO <[email protected]>
…neering-guidance-and-standards into 415-maintaining-an-api
VictorAlegianiSagnottiHO
approved these changes
Oct 14, 2024
Co-authored-by: edhamiltonHO <[email protected]>
aaronrussellHO
added
standard
content
Software design
Co-authored-by: Ed Hamilton <[email protected]>
…neering-guidance-and-standards into 415-maintaining-an-api
|
|
||
| Using appropiate nouns for resource names rather than actions, because nouns describe the data, and can be used hierarchically to allow a consumer to navigate an API more easily. An example may be to use /devices to list all devices and /devices/:id to list the attributes of a particular device. | ||
|
|
||
| Although this advice is given on the [RESTful resource naming page](https://restfulapi.net/resource-naming/) it details a recommended approach to help regardless on type of API (RESTful, GraphQL etc). |
There was a problem hiding this comment.
Suggested change
| Although this advice is given on the [RESTful resource naming page](https://restfulapi.net/resource-naming/) it details a recommended approach to help regardless on type of API (RESTful, GraphQL etc). | |
| Although this advice is given on the [RESTful resource naming page](https://restfulapi.net/resource-naming/) it details a recommended approach to help regardless of the type of API (RESTful, GraphQL etc). |
|
|
||
| Knowing how your API scales helps to make sure your API is resilient and can handle peaks of traffic. | ||
|
|
||
| A stateless API means that the cliant is responsible for providing information about authantication etc. In turn, this means an application can then scale easily horizontally, as it doesn't matter which instance a client connects to. |
There was a problem hiding this comment.
Suggested change
| A stateless API means that the cliant is responsible for providing information about authantication etc. In turn, this means an application can then scale easily horizontally, as it doesn't matter which instance a client connects to. | |
| A stateless API means that the client is responsible for providing information about authentication etc. In turn, this means an application can then scale easily horizontally, as it doesn't matter which instance a client connects to. |
|
|
||
| A stateless API means that the cliant is responsible for providing information about authantication etc. In turn, this means an application can then scale easily horizontally, as it doesn't matter which instance a client connects to. | ||
|
|
||
| Using other techniques such as asynchronous code, multithreading and an event driven approach can also help scale an API. |
There was a problem hiding this comment.
Suggested change
| Using other techniques such as asynchronous code, multithreading and an event driven approach can also help scale an API. | |
| Using techniques such as asynchronous code, multithreading or an event driven approach can help scale an API. |
|
|
||
| You should also consider how you a version should be depreciated, and communicate this with any consumers. | ||
|
|
||
| ### You MUST have appropriate status codes returning from each endpoint |
There was a problem hiding this comment.
Suggested change
| ### You MUST have appropriate status codes returning from each endpoint | |
| ### You MUST return appropriate status codes from each endpoint |
| ## Requirement(s) | ||
|
|
||
| - [You MUST include a form of versioning to your API](#you-must-include-a-form-of-versioning-to-your-api) | ||
| - [You MUST have appropriate status codes returning from each endpoint](#you-must-have-appropriate-status-codes-returning-from-each-endpoint) |
There was a problem hiding this comment.
Suggested change
| - [You MUST have appropriate status codes returning from each endpoint](#you-must-have-appropriate-status-codes-returning-from-each-endpoint) | |
| - [You MUST return appropriate status codes from each endpoint](#you-must-return-appropriate-status-codes-from-each-endpoint) |
|
|
||
| Although this advice is given on the [RESTful resource naming page](https://restfulapi.net/resource-naming/) it details a recommended approach to help regardless on type of API (RESTful, GraphQL etc). | ||
|
|
||
| ### You MUST include some way to observe your API |
There was a problem hiding this comment.
Suggested change
| ### You MUST include some way to observe your API | |
| ### You MUST include some way to observe your API |
|
|
||
| Authentication and authorisation are really important for API, this can mean restricting certain tasks or functions to a limited number of users. A user should have the least privilege possible. Role Based Access Control (RBAC) is an example of how to implement this. | ||
|
|
||
| ### You MUST test your API |
There was a problem hiding this comment.
Suggested change
| ### You MUST test your API | |
| ### You MUST test your API |
|
|
||
| When maintaining an API we must have a way to make sure that is in good health and there is a way to trace activity. | ||
|
|
||
| It is recommended that logs are used however the sensitivity of the data logged must also be considered. |
There was a problem hiding this comment.
Suggested change
| It is recommended that logs are used however the sensitivity of the data logged must also be considered. | |
| Application logs that are sent to an aggregation service are recommended for this. Review [the securing application logging pattern](https://engineering.homeoffice.gov.uk/patterns/securing-application-logging/) if your requests or responses could contain sensitive information. |
|
|
||
| Using an API Specification will help define your API endpoints, support is wide, with a wide community using it. | ||
|
|
||
| A good example is using OpenAPI Swagger to help build, maintain and document your API. |
There was a problem hiding this comment.
Suggested change
| A good example is using OpenAPI Swagger to help build, maintain and document your API. | |
| An example is using [OpenAPI (previously Swagger)](https://www.openapis.org/) to help build, maintain and document your API. |
|
|
||
| When designing an API aspects such as naming and versioning will help with not only the maintenance of the API, but also help the consumers of your API. | ||
|
|
||
| Been clear about how your API can be used, and what is happening can help a consumer build a better applicationby adding proper error messaging as well as using the latest versions of endpoints. |
There was a problem hiding this comment.
A few typos on this line I think? Been clear, and what is happening, applicationby
dk4g
reviewed
Jan 31, 2025
|
|
||
| ### You MUST use an API Specification | ||
|
|
||
| Using an API Specification will help define your API endpoints, support is wide, with a wide community using it. |
There was a problem hiding this comment.
Suggested change
| Using an API Specification will help define your API endpoints, support is wide, with a wide community using it. | |
| Using an API Specification will help define your API endpoints and is widely supported by a large community. |
|
|
||
| There are a few [different ways of versioning](https://www.xmatters.com/blog/blog-four-rest-api-versioning-strategies) an API, via the URI path, query parameters or headers. You will also need to decide a versioning strategy, whether that be per endpoint or for the whole API. | ||
|
|
||
| You should also consider how you a version should be depreciated, and communicate this with any consumers. |
There was a problem hiding this comment.
Suggested change
| You should also consider how you a version should be depreciated, and communicate this with any consumers. | |
| You should also consider how a version should be deprecated and communicate this to any consumers. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Is this pull request a content or a code change? (Please fill in the relevant section and delete the other)
Code change
I can confirm:
Accessibility considerations
Please review the accessibility checks for layout changes.
This change will not change layouts, page structures or anything else that might impact accessibility
or
or
(If the change might impact accessibility then please add some further information here)
Content change
I can confirm:
e.g. Writing a principle and Writing a standard