Anatomy of an HTTP Request
- The version of the HTTP protocol.
- Optional headers that convey additional information
for the servers.
- Body, for some methods like POST, similar to those in
responses, which contain the resource sent.
Anatomy of an HTTP Response
- HTTP version protocol they follow.
- Status code indicating if the
request has been successful, or
not, and why.
- Status message a
non-authoritative short description
of the status code.
- HTTP headers like those for
- Optionally a body containing the
- There are three common API
- Basic Auth
- API keys
Authentication: Basic Authentication
- Basic Auth only requires a
username and password.
- Passed on via Authorization
- Server returns http code 401 to let
client know authorization failed
API Key Authentication
- key is usually a long series of letters
and numbers that is distinct from the
account owner's login password
- keys are used simply so the user
does not have to give out their
- You can put the key in the
Authorization header or add the key
onto the URL
Open Authorization (OAuth)
- Automates key exchange by providing a
standard way for the client to get a key from
server through walking user via simple steps.
- OAuth 2 involves;
- User: Person who wants to connect two
websites they use
- Client: Website that will be granted
access to the user's data
- Server: website that has the user's
API design basics
- Resources are the nouns of APIs
- Key pointers;
- Decide what resource(s) need to be
- Assign URLs to those resources.
- Decide what actions the client should
be allowed to perform on those
- Figure out what pieces of data are
required for each action and what
format they should be in.
Developer relations, Africa’s talking
@oquidave on Twitter
More cool Resources:
● Api security checklist
● API best practices:
● Zapier: https://zapier.com/learn/apis/