best practices for designing web api

restful
why:
- meaningful
This will be improve efficiency , less documents , just read the code - auto generate support
Resource can be achieve automatically without writing any code according to the data model or (java) repository - DRY
It becomes unnecessary to think about what's good web url for providing api to the client developer --- Just following the standard
related resource
example get the portfolios of 90 days of use id 123 :
also another :
use standard http status code
standard without extra documents, we should return http status code according to the standard
useful http status code we should know:
- 200 OK : response for GET PUT DELETE request .
- 201 Created
- 304 Not Modified
- 302 Found : Redirect
- 400 Bad Request
- 401 Unauthorized
- 403 Forbidden : logged in user, but not allow to access the resource
- 405 Method Not Allowed: usually for POST/PUT/DELETE request but is now request by GET request
- 429 Too Many Request: for rate limit
401 403 405 are usually used right
when a POST request post succeed, but no new result generated, we should return 200 , instead of 201
security
- with authentication :
Many of the request should first logged in to get the access token in order to have the permission to access resources. Usually we have several simple ways to carry the token in the request body :- within the http header
- within the cookies
- within the url : http://www.example.com/user/123?token=a12dc5
- with hash
Another way to keep the web request safe is to use hash code the encrypt the web parameters , example: http://www.example.com/user/123/order/541?amount=100&product=wade&hash=d328af;
hash the parameters : amount=100&product=wade
besides , usually the parameters is sorted by alphabet
To avoid middle man problem, we should use https.
standard Oauth 2.0 example
prosper oauth flow
simple we should do :
- register to get client id and client secrect
- app granted by the user to get a auth_key according to user's grant permission
- now we can access the api via the access token and refresh token, both of which get an expire time
- if token has expired , we need to re-access the api
request example:
POST <prosper_base_address>/security/oauth/token
Accept: application/json
Content-type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_secret>&refresh_token=<existing_refresh_token_from_user_token_request>
response example:
{
"access_token": "5098afd7-f216",
"token_type": "bearer",
"refresh_token": "7fcb8a8a-e7dd",
"expires_in": 3599
}
Note that:
error standard
some use direct HTTP STATUS CODE , ref to session: ### use standard http status code
- method 1
http status code 401
{
error: "Invalid API key"
}
- method 2:
should support http status code 、error code 、error msg
example with a 200 OK:
{
"code": -1,
"message": "Something gone wrong",
<!-- "description": "optional print your stack message here" --> //this is optional , usally for error stack message
}
dig into well know company api example
mouseflow
update a new website
PUT /websites/{website-id}
curl -X PUT -u my@email.com:token1234 -d '{"name": "myshop2.com", "recordingRate": 2}' https://api-us.mouseflow.com/websites/{website-id}
simple prosper api
https://developers.prosper.com/docs/investor/accounts-api/
Authorization is in header -- which help us to which one is operating user
Version
There way to represent version:
/api/v1/user
/api/user?version=v1
/api/user with req.header set
version=v1
/api/v1/user is better for Load balancer to reganize
And /api/v1/user is better for rest api rather than /api/user?version=v1 , which will be use as a query:
version=v1
At last /api/v1/user is simpler compare with set to req.header
ref
RESTful API 设计指南
best practices for a pragmatic restful api
API 杂谈
rest api design
best api design
auth api design sample
best practices for designing web api的更多相关文章
- Designing a Secure REST (Web) API without OAuth
原文:http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ Situation Y ...
- Asp.Net Web API 2第十一课——在Web API中使用Dependency Resolver
前言 阅读本文之前,您也可以到Asp.Net Web API 2 系列导航进行查看 http://www.cnblogs.com/aehyok/p/3446289.html 本文主要来介绍在Asp.N ...
- Web API 简单示例
一.RESTful和Web API Representational State Transfer (REST) is a software architecture style consisting ...
- ASP.NET Web API中的依赖注入
什么是依赖注入 依赖,就是一个对象需要的另一个对象,比如说,这是我们通常定义的一个用来处理数据访问的存储,让我们用一个例子来解释,首先,定义一个领域模型如下: namespace Pattern.DI ...
- Web API中使用Dependency Resolver
Web API中使用Dependency Resolver 前言 阅读本文之前,您也可以到Asp.Net Web API 2 系列导航进行查看 http://www.cnblogs.com/aehyo ...
- ASP.NET Core Web API下事件驱动型架构的实现(三):基于RabbitMQ的事件总线
在上文中,我们讨论了事件处理器中对象生命周期的问题,在进入新的讨论之前,首先让我们总结一下,我们已经实现了哪些内容.下面的类图描述了我们已经实现的组件及其之间的关系,貌似系统已经变得越来越复杂了. 其 ...
- Running Web API using Docker and Kubernetes
Context As companies are continuously seeking ways to become more Agile and embracing DevOps culture ...
- ASP.NET Web API实践系列02,在MVC4下的一个实例, 包含EF Code First,依赖注入, Bootstrap等
本篇体验在MVC4下,实现一个对Book信息的管理,包括增删查等,用到了EF Code First, 使用Unity进行依赖注入,前端使用Bootstrap美化.先上最终效果: →创建一个MVC4项目 ...
- Dependency Injection in ASP.NET Web API 2 Using Unity
What is Dependency Injection? A dependency is any object that another object requires. For example, ...
随机推荐
- msvc命令行cl编译c程序问题及解决
1.cmd命令行cl提示没有这玩意儿 装上Visual Studio之类 2.cl main.c提示缺dll everything搜dll所在路径,在环境配置PATH增加对应bin.IDE 3.cl ...
- 【Core Swagger】.NET Core中使用swagger
一.入门 https://www.nuget.org/packages/Swashbuckle.AspNetCore.SwaggerGen/ 1.添加核心NUGET包 Swashbuckle.AspN ...
- eclipse中svn上传及更新
- 力扣(LeetCode)463. 岛屿的周长
给定一个包含 0 和 1 的二维网格地图,其中 1 表示陆地 0 表示水域. 网格中的格子水平和垂直方向相连(对角线方向不相连).整个网格被水完全包围,但其中恰好有一个岛屿(或者说,一个或多个表示陆地 ...
- 清理SuperMap三维缓存
一.iclient三维插件浏览器端缓存 方法1:遍历users子文件夹,发现指定目录有supermap,即删除 @echo offtitle 清理三维缓存@echo 开始清理三维缓存...for /f ...
- acm
给定一组数字,一组有9个数字,将这9个数字填写到3*3的九宫格内:使得横,竖,斜对角一条线上的三个数字之和相等:如果无解则打印无解: #include <iostream> #includ ...
- Netflix分享构建Microservices的经验
Netflix分享构建Microservices的经验 http://t.cn/Rwjgutw 新词:Microservices.我觉得就是service oriented architecture的 ...
- Matlab:Crank Nicolson方法求解线性抛物方程
tic; clear clc M=[,,,,,,];%x的步数 K=M; %时间t的步数 :length(M) hx=/M(p); ht=/K(p); r=ht/hx^; %网格比 x=:hx:; t ...
- ThinkPHP5.0源码学习之框架启动流程
ThinkPHP5框架的启动流程图如下: ThinkPHP5的启动流程按照文件分为三步: 1.请求入口(public/index.php) 2.框架启动(thinkphp/start.php) 3.应 ...
- Javascript时间戳和日期时间的相互转换
跟后台对接的时候经常碰到时间格式的问题,有时返回的是时间戳,有时返回的是具体时间,需求又需要它们之间的转换,所以干脆把之前遇到过的情况都给记录下来,以供自己参考! 本文备注:(时间戳单位为毫秒ms,换 ...