restful

why:

  • meaningful

    This will be improve efficiency , less documents , just read the code
  • auto generate support

    Resource can be achieve automatically without writing any code according to the data model or (java) repository
  • DRY

    It becomes unnecessary to think about what's good web url for providing api to the client developer --- Just following the standard

related resource

example get the portfolios of 90 days of use id 123 :

http://www.example.com/user/123/portfolios/90

also another :

http://www.example.com/apidoc/201607/docid/98

use standard http status code

standard without extra documents, we should return http status code according to the standard

useful http status code we should know:

  • 200 OK : response for GET PUT DELETE request .
  • 201 Created
  • 304 Not Modified
  • 302 Found : Redirect
  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden : logged in user, but not allow to access the resource
  • 405 Method Not Allowed: usually for POST/PUT/DELETE request but is now request by GET request
  • 429 Too Many Request: for rate limit

401 403 405 are usually used right

when a POST request post succeed, but no new result generated, we should return 200 , instead of 201

security

  • with authentication :

    Many of the request should first logged in to get the access token in order to have the permission to access resources. Usually we have several simple ways to carry the token in the request body :

  • with hash

    Another way to keep the web request safe is to use hash code the encrypt the web parameters , example: http://www.example.com/user/123/order/541?amount=100&product=wade&hash=d328af;

    hash the parameters : amount=100&product=wade

    besides , usually the parameters is sorted by alphabet

To avoid middle man problem, we should use https.

standard Oauth 2.0 example

prosper oauth flow

simple we should do :

  • register to get client id and client secrect
  • app granted by the user to get a auth_key according to user's grant permission
  • now we can access the api via the access token and refresh token, both of which get an expire time
  • if token has expired , we need to re-access the api

request example:

  POST <prosper_base_address>/security/oauth/token
Accept: application/json
Content-type: application/x-www-form-urlencoded grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_secret>&refresh_token=<existing_refresh_token_from_user_token_request>

response example:

{
"access_token": "5098afd7-f216",
"token_type": "bearer",
"refresh_token": "7fcb8a8a-e7dd",
"expires_in": 3599
}

Note that:

error standard

some use direct HTTP STATUS CODE , ref to session: ### use standard http status code

  • method 1

http status code 401

 {
error: "Invalid API key"
}
  • method 2:

should support http status code 、error code 、error msg

example with a 200 OK:

   {
"code": -1,
"message": "Something gone wrong",
<!-- "description": "optional print your stack message here" --> //this is optional , usally for error stack message }

dig into well know company api example

mouseflow

update a new website

PUT /websites/{website-id}

curl -X PUT -u my@email.com:token1234 -d '{"name": "myshop2.com", "recordingRate": 2}' https://api-us.mouseflow.com/websites/{website-id}

simple prosper api

https://developers.prosper.com/docs/investor/accounts-api/

Authorization is in header -- which help us to which one is operating user

Version

There way to represent version:

  • /api/v1/user

  • /api/user?version=v1

  • /api/user with req.header set

version=v1

/api/v1/user is better for Load balancer to reganize

And /api/v1/user is better for rest api rather than /api/user?version=v1 , which will be use as a query:

version=v1

At last /api/v1/user is simpler compare with set to req.header

ref

RESTful API 设计指南

best practices for a pragmatic restful api

API 杂谈

rest api design

best api design

auth api design sample

best practices for designing web api的更多相关文章

  1. Designing a Secure REST (Web) API without OAuth

    原文:http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ Situation Y ...

  2. Asp.Net Web API 2第十一课——在Web API中使用Dependency Resolver

    前言 阅读本文之前,您也可以到Asp.Net Web API 2 系列导航进行查看 http://www.cnblogs.com/aehyok/p/3446289.html 本文主要来介绍在Asp.N ...

  3. Web API 简单示例

    一.RESTful和Web API Representational State Transfer (REST) is a software architecture style consisting ...

  4. ASP.NET Web API中的依赖注入

    什么是依赖注入 依赖,就是一个对象需要的另一个对象,比如说,这是我们通常定义的一个用来处理数据访问的存储,让我们用一个例子来解释,首先,定义一个领域模型如下: namespace Pattern.DI ...

  5. Web API中使用Dependency Resolver

    Web API中使用Dependency Resolver 前言 阅读本文之前,您也可以到Asp.Net Web API 2 系列导航进行查看 http://www.cnblogs.com/aehyo ...

  6. ASP.NET Core Web API下事件驱动型架构的实现(三):基于RabbitMQ的事件总线

    在上文中,我们讨论了事件处理器中对象生命周期的问题,在进入新的讨论之前,首先让我们总结一下,我们已经实现了哪些内容.下面的类图描述了我们已经实现的组件及其之间的关系,貌似系统已经变得越来越复杂了. 其 ...

  7. Running Web API using Docker and Kubernetes

    Context As companies are continuously seeking ways to become more Agile and embracing DevOps culture ...

  8. ASP.NET Web API实践系列02,在MVC4下的一个实例, 包含EF Code First,依赖注入, Bootstrap等

    本篇体验在MVC4下,实现一个对Book信息的管理,包括增删查等,用到了EF Code First, 使用Unity进行依赖注入,前端使用Bootstrap美化.先上最终效果: →创建一个MVC4项目 ...

  9. Dependency Injection in ASP.NET Web API 2 Using Unity

    What is Dependency Injection? A dependency is any object that another object requires. For example, ...

随机推荐

  1. msvc命令行cl编译c程序问题及解决

    1.cmd命令行cl提示没有这玩意儿 装上Visual Studio之类 2.cl main.c提示缺dll everything搜dll所在路径,在环境配置PATH增加对应bin.IDE 3.cl ...

  2. 【Core Swagger】.NET Core中使用swagger

    一.入门 https://www.nuget.org/packages/Swashbuckle.AspNetCore.SwaggerGen/ 1.添加核心NUGET包 Swashbuckle.AspN ...

  3. eclipse中svn上传及更新

  4. 力扣(LeetCode)463. 岛屿的周长

    给定一个包含 0 和 1 的二维网格地图,其中 1 表示陆地 0 表示水域. 网格中的格子水平和垂直方向相连(对角线方向不相连).整个网格被水完全包围,但其中恰好有一个岛屿(或者说,一个或多个表示陆地 ...

  5. 清理SuperMap三维缓存

    一.iclient三维插件浏览器端缓存 方法1:遍历users子文件夹,发现指定目录有supermap,即删除 @echo offtitle 清理三维缓存@echo 开始清理三维缓存...for /f ...

  6. acm

    给定一组数字,一组有9个数字,将这9个数字填写到3*3的九宫格内:使得横,竖,斜对角一条线上的三个数字之和相等:如果无解则打印无解: #include <iostream> #includ ...

  7. Netflix分享构建Microservices的经验

    Netflix分享构建Microservices的经验 http://t.cn/Rwjgutw 新词:Microservices.我觉得就是service oriented architecture的 ...

  8. Matlab:Crank Nicolson方法求解线性抛物方程

    tic; clear clc M=[,,,,,,];%x的步数 K=M; %时间t的步数 :length(M) hx=/M(p); ht=/K(p); r=ht/hx^; %网格比 x=:hx:; t ...

  9. ThinkPHP5.0源码学习之框架启动流程

    ThinkPHP5框架的启动流程图如下: ThinkPHP5的启动流程按照文件分为三步: 1.请求入口(public/index.php) 2.框架启动(thinkphp/start.php) 3.应 ...

  10. Javascript时间戳和日期时间的相互转换

    跟后台对接的时候经常碰到时间格式的问题,有时返回的是时间戳,有时返回的是具体时间,需求又需要它们之间的转换,所以干脆把之前遇到过的情况都给记录下来,以供自己参考! 本文备注:(时间戳单位为毫秒ms,换 ...