Did you develop an API using best practices?
In Cornershop by Uber we use and create a lot of APIs, and no matter how advanced you’re it’s always key to check if you’re using all the best practices according to industry standards, that’s why we came up with this short and concise list
- [ ] The API has defined authorization and authentication schemes
- [ ] The API makes correct use of HTTP verbs (GET, POST, PUT, PATCH, DELETE).
- [ ] The API has a clear definition of the endpoints. This definition includes: What it does and how it relates to other endpoints.
- [ ] The API has quality documentation containing the structure of the responses, the methodology of each endpoint, the description of each endpoint, and example use cases
- [ ] The API has a response structure for error handling and uses error codes correctly (4xx or 5xx errors)
- [ ] In the API design, an accurate modeling of sources was performed, taking into account the REST API principles
- [ ] The API uses nouns in the names of resources e.g.,
- [ ] The API uses plural nouns in the endpoints or URLs e.g.,
- [ ] API avoids deeply nested sources, e.g.,
- [ ] The API uses non-sequential resource identifiers, e.g.,
- [ ] The API does not utilize custom actions on its endpoints, e.g.: POST
/posts/d92hf73/publishThis goes against REST principles.
- [ ] The API has some defined structure for responses, e.g. JSON API, or one that is internally defined
- [ ] The API correctly utilizes HTTP response codes, e.g. if you are create a resource, use 201 code in the response.
- [ ] The API uses a version control
- [ ] The API has basic security principles, such as request rate limits
- [ ] The API has a support section for developers
- [ ] The API has filterable, sortable, and pageable collections (In Cornershop by Uber we strongly recommend that your responses are paginated)
- [ ] The API has an obsolescence policy