Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Api Design Anti-Patterns


Published on

Common issues found in API designs proposed by developers at PayPal (and elsewhere!), along with some solutions.

Published in: Software

Api Design Anti-Patterns

  1. 1. API DESIGN ANTI- PATTERNS Jason Harmon API Design @PayPal @Braintree @jharmn
  2. 2. JASON HARMON • From Austin, TX • Head of API Design at PayPal • Moving into Braintree • Blogger at, • Organizer meetup • Youtube: API Workshop • annel/UCKK2ir0jqCvfB- kzBGka_Lg
  3. 3. COLLECTOR OF MISTAKESJob #1 in creating consistent DX
  4. 4. MIXED UP CONVENTION S Path, query parameters, headers, fields resourceName resource-name resource_name PICK ONE, BE CONSISTENT!
  5. 5. PARAMETER CONFUSIONPath, Query, Body, Header?
  6. 6. • A few rules of thumb: • Path: required, resource-identifier • Query: optional, query collections • Body: resource-specific/logic • Header: global/platform-wide API PARAMETERS
  7. 7. SEQUENTIAL IDENTIFIERS /invoices/8765432 Usually derived from database sequences +1 each time a resource is created
  8. 8. • 10-A4-Insecure_Direct_Object_References • Developers suck at securing resources • Better to use non-sequential strings for resource IDs • UUID/GUID is an obvious option INSECURE DIRECT OBJECT REFERENCE
  9. 9. IDENTITY IN URLS /license?user=T22000129 /license?token=E43FD312 /users/T22000129/license
  10. 10. HTTP DEFINES AUTH Use the Authorization header + token
  11. 11. DON’T FORGET THE LOGSMost web servers/proxies/intermediaries log: Verb + URL, not often query, rarely headers
  12. 12. RELAX. These are pretty easy fixes
  13. 13. CREATE STANDARDS Make the rules, and stick to them
  14. 14. Jason Harmon API Design @PayPal @Braintree @jharmn