Apigee | Google Cloud, profile picture
Uploaded byApigee | Google Cloud
PPTX, PDF35,882 views

API Design - 3rd Edition

This document provides an agenda for a presentation on API design. It begins with recapping the previous edition and then covers topics like API modeling, security, message design, hypermedia, transactions, URL design, versioning, errors, and client considerations. Throughout the presentation examples are given from APIs like Twitter, Foursquare, Instagram, GitHub, Netflix, and others. The goal is to discuss best practices for designing APIs.

Technology
Related topics:
API Design Insights
In this document
Powered by AI

Introduction to API design by Brian Mulloy and Kevin Swiber. Includes links to resources.

Covers key topics: Recap, API Modeling, Security, Message Design, Hypermedia, Transactions.

Essential guidelines for URL design, versioning strategies, HTTP methods, status codes and client considerations.

Understanding the process of building an API model and avoiding poor design practices.

Key methods for securing APIs including various authorization techniques like OAuth2.

Guidelines for effective message design including support for multiple formats with JSON as default.

Best practices on representing single items and collections using API examples from Twitter, Foursquare, and Instagram.

Approaches for representing search results with examples from Bing, Google, and Reddit API responses.

Methods to represent links using examples from Netflix and GitHub APIs.

Explaining how to represent actions using examples from a form-based API in GitHub.

How to include metadata in responses, demonstrated with examples from Flickr and Dropbox API.

Explores different hypermedia specifications (Atom, XHTML, HAL, etc.) and their application in APIs.

Techniques for managing binary data uploads, featuring methods like multipart/form-data and inline Base64.

Methods for supporting caching in APIs using expiration, ETags and last-modified techniques.

Discussion on the necessity of JavaScript APIs and preferences for data formats when posting data.

Steps for handling transactions in APIs including creation, adding items, and committing transactions.

Summary of key points from the presentation, emphasizing design elements and further learning.

Open floor for questions with a reminder for additional resources via Apigee webinars.

Providing contact details for further inquiries and additional resources for API design.

Embed presentation

Downloaded 969 times
API Design 3rd Edition Brian Mulloy @landlessness Kevin Swiber Apigee @kevinswiber @apigee
groups.google.com/group/api-craft
youtube.com/apigee
slideshare.net/apigee
@landlessness @kevinswiber
“ The real issue is about design: designing things that have the power required for the job while maintaining understandability, the feeling of control, and the pleasure of accomplishment. -Donald Norman
http://www.flickr.com/photos/mattharvey1/5712604622/
Agenda • Recap Previous Edition • API Modeling • Security • Message Design • Hypermedia • Transactions
http://offers.apigee.com/web-api-design-ebook/
URL Design Versioning Plural nouns for /dogs Include version in /v1/dogs collections URL ID for entity /dogs/1234 Keep one previous /v1/dogs version long /v2/dogs Associations /owners/5678/dogs enough for POST GET PUT DELETE developers to 4 HTTP migrate Methods Bias toward /dogs (not animals) concrete names Errors Multiple /dogs.json 8 Status Codes 200 201 304 400 401 403 404 500 formats in URL /dogs.xml Verbose messages {"msg": "verbose, plain language hints"} Paginate with ?limit=10&offset=0 limit and offset Query params ?color=red&state=running Client Considerations Partial selection ?fields=name,state Client does not ?suppress_response_codes=true Use medial "createdAt": 1320296464 support HTTP capitalization myObject.createdAt; status codes /convert?from=EUR&to=CNY&amoun Client does not GET /dogs?method=post Use verbs for GET /dogs non-resource t=100 support HTTP GET /dogs?method=put requests methods GET /dogs?method=delete Search /search?q=happy%2Blabrador Complement API 1. JavaScript with SDK and code 2. … DNS api.foo.com 3. … developers.foo.com libraries
How do we get started with our API?
Build an API Model http://www.flickr.com/photos/brent_nashville/2156695472/in/photostream/
Don’t Go Cowboy http://www.flickr.com/photos/theory/3364213389/in/photostream/
How do we secure our API?
Twitter Streaming API Authorization: Basic aWhlYXJ0OmFwaXM= Amazon Web Services API Authorization: AWS AKIAIOSFODNN7EXAMPLE:frJIUNo//yllqDzg= Google API Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
OAuth2 Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
How do approach message design?
Support multiple formats JSON and XML
Make JSON the default
How do we represent single items?
Twitter Foursquare Instagram { { { "created_at": "Thu Jan 10 08:44:59 "meta": {…}, "meta": {…}, +0000 2013", "notifications": […], "data": {} "id": 289291736440791040, "response": {} } "id_str": "289291736440791040", } "text": "@landlessness here's one for you: 50-year plan to fix Detroitnnhttp://t.co/kJ2l1FZv", "source": "<a href="http://twitter.com/download/andr oid" rel="nofollow">Twitter for Android</a>", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": 41020312, "in_reply_to_user_id_str": "41020312", "in_reply_to_screen_name": "landlessness", "user": {…}, "geo": {…}, "coordinates": {…}, "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false } 21
Twitter Foursquare Instagram { { { "created_at": "Thu Jan 10 08:44:59 "meta": {…}, "meta": {…}, +0000 2013", "notifications": […], "data": { "id": 289291736440791040, "response": { "attribution": {…}, "id_str": "289291736440791040", "checkin": { "type": "image", "text": "@landlessness here's one "id": "50eeff78e4b0f8e9624ea5f8", "location": {…}, for you: 50-year plan to fix "createdAt": 1357840248, "comments": {…}, Detroitnnhttp://t.co/kJ2l1FZv", "type": "checkin", "filter": "Sierra", "source": "<a "shout": "Pharmacy #DRUGS!!! "created_time": "1357826573", href="http://twitter.com/download/andr #ToothPulled :(", "link": oid" rel="nofollow">Twitter for "timeZone": "America/Detroit", "http://instagr.am/p/UTk5Xut3gN/", Android</a>", "timeZoneOffset": -300, "likes": {…}, "truncated": false, "user": {…}, "images": {…}, "in_reply_to_status_id": null, "venue": {…}, "caption": {…}, "in_reply_to_status_id_str": null, "source": {…} "user_has_liked": false, "in_reply_to_user_id": 41020312, } "id": "365798266911553549_3573549", "in_reply_to_user_id_str": } "user": {…} "41020312", } } "in_reply_to_screen_name": } "landlessness", "user": {…}, "geo": {…}, "coordinates": {…}, "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false } 22
Take the best of Foursquare and Instagram { "meta": {…}, "dog": {…} "notifications": […], } 23
How do we represent collections?
Twitter Foursquare Instagram [ { { { "meta": {…}, "meta": {…}, "created_at": "Thu Jan 10 08:44:59 "notifications": […], "data": [ +0000 2013", "response": { { "id": 289291736440791040, "recent": [ "attribution": {…}, "id_str": "289291736440791040", { "type": "image", "text": "@landlessness here's one "id": "50eeff78e4b0f8e9624ea5f8", "location": {…}, for you: 50-year plan to fix "createdAt": 1357840248, "comments": {…}, Detroitnnhttp://t.co/kJ2l1FZv", "type": "checkin", "filter": "Sierra", "source": "<a "shout": "Pharmacy #DRUGS!!! "created_time": "1357826573", href="http://twitter.com/download/andr #ToothPulled :(", "link": oid" rel="nofollow">Twitter for "timeZone": "America/Detroit", "http://instagr.am/p/UTk5Xut3gN/", Android</a>", "timeZoneOffset": -300, "likes": {…}, "truncated": false, "user": {…}, "images": {…}, "in_reply_to_status_id": null, "venue": {…} "caption": {…}, "in_reply_to_status_id_str": null, }, "user_has_liked": false, "in_reply_to_user_id": 41020312, {…}, "id": "365798266911553549_3573549", "in_reply_to_user_id_str": {…}, "user": {…} "41020312", ] }, "in_reply_to_screen_name": } {…}, "landlessness", } {…} "user": {…}, ] "geo": {…}, } "coordinates": {…}, } "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false }, {…}, {…} ] 25
Take the best of Foursquare and Instagram { "meta": {…}, "dogs": {…} /* include same info as single */ "notifications": […], } 26
How do we represent search results?
“ Selecting results is not the same as searching. -Facebook API
Bing Search Google Custom Search Reddit Search { { { "SearchResponse": { "kind": "customsearch#search", "kind": "Listing", "Version": "2.2", "url": { "data": { "Query": { "type": "application/json", "after": "t3_qy342", "SearchTerms": "sushi" "template": "before": null, }, "https://www.googleapis.com/customsearch/v1?q={s "children": [ "Web": { earchTerms}…}, { "Total": 95200000, "queries": { "data": { "Offset": 0, "request": [ "id": "f605o", "Results": [ { "num_comments": 943, { "title": "Google Custom Search - sushi", "score": 1146, "Title": "The Sushi FAQ - The ultimate "totalResults": "15000000", "ups": 3110, guide to sushi and sashimi and how to ...", "searchTerms": "sushi", "downs": 1964, "Description": "What is sushi?..", "count": 10, "created": 1295553753.0, "Url": "http://www.sushifaq.com/", "startIndex": 1, "url": "CacheUrl": } "http://www.reddit.com/r/AskReddit/comments/f605 "http://cc.bingj.com/cache.aspx?q=sushi&d=485519 ] o/this_is_a_long_shot_any_sushi_chefs_need_a_job 0808495712&w=yU8fJS-YPT-f4svREMW2xSa75OoBUAZR", }, _in/", "DisplayUrl": "www.sushifaq.com", "context": { "author": "jining", "DateTime": "2013-01-08T15:12:00Z" "title": "Custom Search" } }, }, }, { "searchInformation": { { "Title": "What Is Sushi? - Sushi Guide - "searchTime": 0.314942, "data": { Eatsushi.com", "formattedSearchTime": "0.31", "id": "c9eng”, "Description": "Eatsushi.com...", "totalResults": "15000000", "num_comments": 308, "Url": "formattedTotalResults": "15,000,000" "score": 59, "http://www.eatsushi.com/whatsushi.asp", }, "ups": 128, "CacheUrl": "items": [ "downs": 69, "http://cc.bingj.com/cache.aspx?q=sushi&d=501324 { "created": 1275155900.0, 9854931333&w=ihBzI9k9WbrnwxKcV3n8mOoV97M89K-b", "kind": "customsearch#result", "url": "DisplayUrl": "title": "Standardized Usage Statistics "http://www.reddit.com/r/IAmA/comments/c9eng/i_a "www.eatsushi.com/whatsushi.asp", Harvesting Initiative (SUSHI ... - NISO", m_a_sushi_man_ama/", "DateTime": "2013-01-07T13:51:00Z" "htmlTitle": "u003cbu003eStandardized Usage "saved": false, "is_self": true, "permalink": } Statistics Harvesting Initiativeu003c/bu003e "/r/IAmA/comments/c9eng/i_am_a_sushi_man_ama/", ] (u003cbu003eSUSHIu003c/bu003e "author": "IAmASushiMan” } u003cbu003e...u003c/bu003e - NISO", } } "link": } } "http://www.niso.org/workrooms/sushi", ] "displayLink": "www.niso.org", } "snippet": "The Standardized Usage Statistics } Harvesting Initiative (SUSHI) Protocol standard (ANSI/NISO Z39.93-2007) defines an automated request and response model ...”, 29
(Mostly) Follow Google Custom Search { "meta": { "limit": 1, "offset": 10, "totalResults": 15000000, "query": "sushi", "searchTime": 0.314942 }, "results": [ {}, {}, {} ] } 30
How do we represent links?
Netflix API <link href=“http://api-public.netflix.com/catalog/people/100637” rel=“http://schemas.netflix.com/catalog/person.actor” title="Elijah Wood” ></link> GitHub API "organization": { "login": "octocat", "id": 1, "url": "https://api.github.com/users/octocat", "type": "Organization” }
Follow Netflix and the Web Linking spec <link href=“http://api-public.netflix.com/catalog/people/100637” rel=“http://schemas.netflix.com/catalog/person.actor” title="Elijah Wood” ></link>
How do we represent actions?
GitHub Form-based API ”actions": [{ “name”: “edit-repo”, “method”: “PATCH”, “href”: “https://api.github.com/repos/kevinswiber/siren”, ”fields”: [ { “name”: “name”, “type”: “text” }, { “name”: “description”, “type”: “text” } }]
Form-based API "actions": [{ "name": "edit-repo", “method”: “PATCH”, “href”: “https://api.github.com/repos/kevinswiber/siren”, ”fields”: [ { “name”: “name”, “type”: “text” }, { “name”: “description”, “type”: “text” } }]
How do we represent metadata?
Flickr API (inline) <item type="photo” id="10289” server="2” views="47” faves="0” more="0"> Dropbox API (/metadata) { "size": "225.4KB”, "rev": "35e97029684fe”, "bytes": 230783, "modified": "Tue, 19 Jul 2011 21:55:38 +0000”, "path": "/Getting_Started.pdf”, "is_dir": false, "icon": "page_white_acrobat”, "root": "dropbox”, "mime_type": "application/pdf”, "revision": 220823 }
Include a metadata in responses and consider a dedicated /meta resource { "meta": { "size": "225.4KB”, "rev": "35e97029684fe”, "bytes": 230783, "modified": "Tue, 19 Jul 2011 21:55:38 +0000”, "path": "/Getting_Started.pdf”, "is_dir": false, "icon": "page_white_acrobat”, "root": "dropbox”, "mime_type": "application/pdf”, "revision": 220823 } } 39
What can we learn from hypermedia types?
Atom/AtomPub <?xml version="1.0"?> <entry xmlns="http://www.w3.org/2005/Atom"> <title>My New Collection</title> <id>urn:uuid:de46e3a1-e489-41a6-88a6-21e7f0e8e2d8</id> <updated>2009-06-12T12:13:46Z</updated> <author> <name>Daffy</name> </author> <summary type="text" /> <content type="application/atom+xml;type=feed" src="http://example.org/my-new-collection"/> <link rel="edit” href="http://example.org/my-new-collection.atom" /> </entry>
XHTML <ul class=“search user-list”> <li class=“user”> <div class="avatar"> <a href="/users/@kevin"> <img class=”user-image" src=”/img/avatar.png" /> </a> </div> <div> <a href=“/users/@kevin” rel=“user messages”> <span class=“user-name”>@kevin</span> (<span class="user-text">@kevin</span>) </a> </div> </li> </ul>
HAL { “currentlyProcessing”: 14 “shippedToday”: 20, “_links”: { “self”: { “href”: “/orders?page=2” }, “next”: { “href”: “/orders?page=3” }, “prev”: { “href”: “/orders?page=1” } } }
Collection+JSON { “collection”: { “version”: “1.0”, “href”: “http://example.org/friends”, “items”: [ “href”: “http://example.org/friends/kevin”, “data”: [ {“name”: “full-name”, “value”: “Kevin Swiber” } ] ], “queries”: [ {“rel”: “search”, “href”: “./search”, “data”: [ {“name”: “search”, “value”: “” } ] } }
Siren { “class”: [“owner”, “vip”], “properties”: { “name”: “Kevin” }, “entities”: [ { “rel”: [“https://rels.x.io/dog”], “href”: “https://api.x.io/dogs/1” } ], “actions”: [ { “name”: “adopt”, “method”: “POST”, “href”: “https://api.x.io/owners/1/dogs”, “fields”: [ { “name”: “dog-name”, “type”: “text” } ] } ], “links”: [ { “rel”: [“self”], “href”: “https://api.x.io/owners/1” } ] }
How do we accept binary data?
multipart/form-data Content-Type: multipart/form-data; boundary=AaB03x --AaB03x Content-Disposition: form-data; name=“caption” Cool picture of my cat. --AaB03x Content-Disposition: form-data; name=“photo”; filename=“catpajamas.jpg” Content-Type: image/jpeg Content-Transfer-Encoding: binary …contents of catpajamas.jpg… --AaB03x
Inline Base64 Encoding POST /photos { “caption”: “Cool picture of my cat.” “photo”: “RHVkZSwgbXkgY2F0IGhhcyB0aGUgYmVzdCBwYWphbWFzLg==” }
2-Step Process POST /photos { “caption”: “Cool picture of my cat.” } PUT /photos/1234/data Content-Type: image/jpeg Content-Length: 240 Content-Transfer-Encoding: binary …binary content…
Opt for multipart/form-data. Be consistent.
How do we support caching?
Expiration 200 OK Cache-Control: private, max-age=2592000
ETags GET /dogs/1 ETag: “a7D92kda94aisdfG” GET /dogs/1 If-None-Match: “a7D92kda94aisdfG”
Last-Modified GET /dogs/1 Last-Modified: Thu, 10 Jan 2013 19:43:31 GMT GET /dogs/1 If-Modified-Since: Thu, 10 Jan 2013 19:43:31 GMT
Think about the client.
Do we need a JavaScript API?
Yes. Follow LinkedIn’s lead.
What about posting data?
application/x-www-form-urlencoded breed=Dachshund&name=Hotdog&age=2
application/xml <dog> <breed>Dachshund</breed> <name>Hotdog</name> <age>2</age> </dog>
application/json { “breed”: “Dachshund”, “name”: “Hotdog”, “age”: 2 }
Favor application/x-www-form-urlencoded data.
How do we handle transactions?
Create a Transaction POST /carts … 201 Created Location: /carts/1
Add Items POST /carts/1/items/ { “productId”: “mittens123”, “quantity”: 1 } … 201 Created Location: /cartItems/1234
Commit the Transaction POST /carts/1 { “message”: “checkout” } … 200 OK
Summary • Checkout previous editions for URI design • Start with API modeling • Use OAuth for security • Good message design is for developers • Learn from hypermedia specs • More on transactions later
Questions?
THANK YOU Subscribe to API webinars at: youtube.com/apigee
THANK YOU Questions and ideas to: groups.google.com/group/api-craft
THANK YOU Contact us at: @landlessness brian@apigee.com @kevinswiber kswiber@apigee.com @apigee

More Related Content

PDF
RESTful API Design, Second Edition
byApigee | Google Cloud
 
PPTX
Drupal のコア要素を知る ~構築を支える道具立て~
byKenji Shirane
 
PDF
REST API のコツ
bypospome
 
PDF
大規模ソーシャルゲームを支える技術~PHP+MySQLを使った高負荷対策~
byinfinite_loop
 
PDF
AWS Black Belt Online Seminar 2017 AWS Elastic Beanstalk
byAmazon Web Services Japan
 
PPTX
モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料)
byNTT DATA Technology & Innovation
 
PDF
Beyond Java: 자바 8을 중심으로 본 자바의 혁신
bySungchul Park
 
PDF
Rest api with Python
bySantosh Ghimire
 
RESTful API Design, Second Edition
byApigee | Google Cloud
 
Drupal のコア要素を知る ~構築を支える道具立て~
byKenji Shirane
 
REST API のコツ
bypospome
 
大規模ソーシャルゲームを支える技術~PHP+MySQLを使った高負荷対策~
byinfinite_loop
 
AWS Black Belt Online Seminar 2017 AWS Elastic Beanstalk
byAmazon Web Services Japan
 
モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料)
byNTT DATA Technology & Innovation
 
Beyond Java: 자바 8을 중심으로 본 자바의 혁신
bySungchul Park
 
Rest api with Python
bySantosh Ghimire
 

What's hot

PDF
[수정본] 우아한 객체지향
byYoung-Ho Cho
 
PPTX
分散トレーシングAWS:X-Rayとの上手い付き合い方
byRecruit Lifestyle Co., Ltd.
 
PDF
俺が考えた最強のID連携デザインパターン
byMasaru Kurahayashi
 
PDF
世界でいちばんわかりやすいドメイン駆動設計
by増田 亨
 
PDF
Vue.js で XSS
bytobaru_yuta
 
PDF
[Cloud OnAir] Google Cloud とつなぐ色々な方法 〜 つなぐ方法をゼロからご紹介します〜 2019年1月31日 放送
byGoogle Cloud Platform - Japan
 
PPTX
Azure Cosmos DB を使った高速分散アプリケーションの設計パターン
byKazuyuki Miyake
 
PDF
Airflowを広告データのワークフローエンジンとして運用してみた話
byKatsunori Kanda
 
PDF
シングルサインオンの歴史とSAMLへの道のり
byShinichi Tomita
 
PDF
マルチテナントのアプリケーション実装〜実践編〜
byYoshiki Nakagawa
 
PDF
Google Cloud で実践する SRE
byGoogle Cloud Platform - Japan
 
PDF
Mercari JPのモノリスサービスをKubernetesに移行した話 PHP Conference 2022 9/24
byShin Ohno
 
PDF
これからSpringを使う開発者が知っておくべきこと
by土岐 孝平
 
PPTX
Jakarta EE: Today and Tomorrow
byDmitry Kornilov
 
PPTX
Hibernate
byPrashant Kalkar
 
PPTX
Java script
bySukrit Gupta
 
PDF
Lambda Expressions in Java | Java Lambda Tutorial | Java Certification Traini...
byEdureka!
 
PDF
怖くないSpring Bootのオートコンフィグレーション
by土岐 孝平
 
PPTX
微服務架構 導入經驗分享 吳剛志 - Community Open Camp
byAndrew Wu
 
PDF
DDL oracle - base de datos
byLuis Bando
 
[수정본] 우아한 객체지향
byYoung-Ho Cho
 
分散トレーシングAWS:X-Rayとの上手い付き合い方
byRecruit Lifestyle Co., Ltd.
 
俺が考えた最強のID連携デザインパターン
byMasaru Kurahayashi
 
世界でいちばんわかりやすいドメイン駆動設計
by増田 亨
 
Vue.js で XSS
bytobaru_yuta
 
[Cloud OnAir] Google Cloud とつなぐ色々な方法 〜 つなぐ方法をゼロからご紹介します〜 2019年1月31日 放送
byGoogle Cloud Platform - Japan
 
Azure Cosmos DB を使った高速分散アプリケーションの設計パターン
byKazuyuki Miyake
 
Airflowを広告データのワークフローエンジンとして運用してみた話
byKatsunori Kanda
 
シングルサインオンの歴史とSAMLへの道のり
byShinichi Tomita
 
マルチテナントのアプリケーション実装〜実践編〜
byYoshiki Nakagawa
 
Google Cloud で実践する SRE
byGoogle Cloud Platform - Japan
 
Mercari JPのモノリスサービスをKubernetesに移行した話 PHP Conference 2022 9/24
byShin Ohno
 
これからSpringを使う開発者が知っておくべきこと
by土岐 孝平
 
Jakarta EE: Today and Tomorrow
byDmitry Kornilov
 
Hibernate
byPrashant Kalkar
 
Java script
bySukrit Gupta
 
Lambda Expressions in Java | Java Lambda Tutorial | Java Certification Traini...
byEdureka!
 
怖くないSpring Bootのオートコンフィグレーション
by土岐 孝平
 
微服務架構 導入經驗分享 吳剛志 - Community Open Camp
byAndrew Wu
 
DDL oracle - base de datos
byLuis Bando
 

Viewers also liked

PPTX
Design Beautiful REST + JSON APIs
byStormpath
 
PPTX
Apache Mahout 맛보기 - 30분만에 추천시스템 만들기 for 네이버 TV 서비스
byMinkyu Cho
 
PDF
What Makes a Great Open API?
byJohn Musser
 
PPTX
API Management for Software Defined Network (SDN)
byApigee | Google Cloud
 
PPTX
Golden Rules of API Design
byDavid Koelle
 
PPTX
Pump api 675 presentation
byVothanh Trung
 
PPTX
HTML5: The Apps, the Frameworks, the Controversy
byApigee | Google Cloud
 
PPTX
API Product Management - Driving Success through the Value Chain
byApigee | Google Cloud
 
PPTX
Essential API Facade Patterns: One Phase to Two Phase Conversion (Episode 3)
byApigee | Google Cloud
 
PPTX
The Anatomy of Apps - How iPhone, Android & Facebook Apps Consume APIs
byApigee | Google Cloud
 
PPT
Crafting APIs for Mobile Apps - Everything You Need to Know
byApigee | Google Cloud
 
PPT
Python Deployment with Fabric
byandymccurdy
 
PPTX
Skeuomorphs, Databases, and Mobile Performance
byApigee | Google Cloud
 
PPTX
Visbility at the Edge - Deep Insights from Your API
byApigee | Google Cloud
 
PPTX
The API Facade Pattern: People - Episode 4
byApigee | Google Cloud
 
PPTX
Microservices Done Right: Key Ingredients for Microservices Success
byApigee | Google Cloud
 
PPTX
logback 세미나 발표자료
byJungGeun Lee
 
PDF
How To Design A Good A P I And Why It Matters G O O G L E
byguestbe92f4
 
PPTX
APIs Inside Enterprise - SOA Displacement?
byApigee | Google Cloud
 
PPTX
Economic Models for Reinventing Telco - Innovation with APIs
byApigee | Google Cloud
 
Design Beautiful REST + JSON APIs
byStormpath
 
Apache Mahout 맛보기 - 30분만에 추천시스템 만들기 for 네이버 TV 서비스
byMinkyu Cho
 
What Makes a Great Open API?
byJohn Musser
 
API Management for Software Defined Network (SDN)
byApigee | Google Cloud
 
Golden Rules of API Design
byDavid Koelle
 
Pump api 675 presentation
byVothanh Trung
 
HTML5: The Apps, the Frameworks, the Controversy
byApigee | Google Cloud
 
API Product Management - Driving Success through the Value Chain
byApigee | Google Cloud
 
Essential API Facade Patterns: One Phase to Two Phase Conversion (Episode 3)
byApigee | Google Cloud
 
The Anatomy of Apps - How iPhone, Android & Facebook Apps Consume APIs
byApigee | Google Cloud
 
Crafting APIs for Mobile Apps - Everything You Need to Know
byApigee | Google Cloud
 
Python Deployment with Fabric
byandymccurdy
 
Skeuomorphs, Databases, and Mobile Performance
byApigee | Google Cloud
 
Visbility at the Edge - Deep Insights from Your API
byApigee | Google Cloud
 
The API Facade Pattern: People - Episode 4
byApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
byApigee | Google Cloud
 
logback 세미나 발표자료
byJungGeun Lee
 
How To Design A Good A P I And Why It Matters G O O G L E
byguestbe92f4
 
APIs Inside Enterprise - SOA Displacement?
byApigee | Google Cloud
 
Economic Models for Reinventing Telco - Innovation with APIs
byApigee | Google Cloud
 

Similar to API Design - 3rd Edition

PPTX
HATEOAS 101 - Opinionated Introduction to a REST API Style
byApigee | Google Cloud
 
PDF
Intro to developing for @twitterapi
byRaffi Krikorian
 
PDF
Twitter Protobufs And Hadoop Hug 021709
byHadoop User Group
 
PDF
Api
byrandyhoyt
 
KEY
Intro to developing for @twitterapi (updated)
byRaffi Krikorian
 
PDF
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
byRaffi Krikorian
 
PDF
The Big Picture and How to Get Started
byguest1af57e
 
PPTX
What's New on the Facebook Platform, November 2011
byIskandar Najmuddin
 
PDF
Symfony & Javascript. Combining the best of two worlds
byIgnacio Martín
 
KEY
REST teori og praksis; REST in theory and practice
byhamnis
 
PPTX
Buiding application for social networks
byĐỗ Duy Trung
 
PDF
Alfresco tech talk live public api episode 64
byAlfresco Software
 
PPTX
API Pain Points (PHPNE)
byPhil Sturgeon
 
ZIP
The Power of Open Data
byPhil Windley
 
PPTX
10thingsyoucantdowithout yql1
bymarkandey
 
PPTX
10 things you can't do without YQL
bymarkandey
 
KEY
Blackstock wo t 2011
byMichael Blackstock
 
PDF
Power of REST - قوة الرست
bynoZom Information Technology NGO
 
KEY
Rest
byNeil Roberts
 
PDF
Tyler bell
byBen Allen
 
HATEOAS 101 - Opinionated Introduction to a REST API Style
byApigee | Google Cloud
 
Intro to developing for @twitterapi
byRaffi Krikorian
 
Twitter Protobufs And Hadoop Hug 021709
byHadoop User Group
 
Api
byrandyhoyt
 
Intro to developing for @twitterapi (updated)
byRaffi Krikorian
 
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
byRaffi Krikorian
 
The Big Picture and How to Get Started
byguest1af57e
 
What's New on the Facebook Platform, November 2011
byIskandar Najmuddin
 
Symfony & Javascript. Combining the best of two worlds
byIgnacio Martín
 
REST teori og praksis; REST in theory and practice
byhamnis
 
Buiding application for social networks
byĐỗ Duy Trung
 
Alfresco tech talk live public api episode 64
byAlfresco Software
 
API Pain Points (PHPNE)
byPhil Sturgeon
 
The Power of Open Data
byPhil Windley
 
10thingsyoucantdowithout yql1
bymarkandey
 
10 things you can't do without YQL
bymarkandey
 
Blackstock wo t 2011
byMichael Blackstock
 
Power of REST - قوة الرست
bynoZom Information Technology NGO
 
Rest
byNeil Roberts
 
Tyler bell
byBen Allen
 

More from Apigee | Google Cloud

PDF
Apigee Demo: API Platform Overview
byApigee | Google Cloud
 
PDF
How Secure Are Your APIs?
byApigee | Google Cloud
 
PPTX
Apigee Product Roadmap Part 2
byApigee | Google Cloud
 
PDF
Apigee Edge: Intro to Microgateway
byApigee | Google Cloud
 
PPTX
Monetization: Unlock More Value from Your APIs
byApigee | Google Cloud
 
PDF
Which Application Modernization Pattern Is Right For You?
byApigee | Google Cloud
 
PDF
Adapt or Die: Opening Keynote with Chet Kapoor
byApigee | Google Cloud
 
PDF
Adapt or Die: Keynote with Greg Brail
byApigee | Google Cloud
 
PDF
Ticketmaster at a glance
byApigee | Google Cloud
 
PDF
AccuWeather: Recasting API Experiences in a Developer-First World
byApigee | Google Cloud
 
PDF
Pitney Bowes at a glance
byApigee | Google Cloud
 
PDF
Magazine Luiza at a glance (1)
byApigee | Google Cloud
 
PDF
Adapt or Die: Keynote with Anant Jhingran
byApigee | Google Cloud
 
PDF
London Adapt or Die: Lunch keynote
byApigee | Google Cloud
 
PDF
Managing the Complexity of Microservices Deployments
byApigee | Google Cloud
 
PDF
London Adapt or Die: Opening Keynot
byApigee | Google Cloud
 
PPTX
London adapt or-die opening keynote chet kapoor
byApigee | Google Cloud
 
PDF
Walgreens at a glance
byApigee | Google Cloud
 
PPTX
The Four Transformative Forces of the API Management Market
byApigee | Google Cloud
 
PDF
London Adapt or Die: Closing Keynote — Adapt Now!
byApigee | Google Cloud
 
Apigee Demo: API Platform Overview
byApigee | Google Cloud
 
How Secure Are Your APIs?
byApigee | Google Cloud
 
Apigee Product Roadmap Part 2
byApigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
byApigee | Google Cloud
 
Monetization: Unlock More Value from Your APIs
byApigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
byApigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
byApigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
byApigee | Google Cloud
 
Ticketmaster at a glance
byApigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
byApigee | Google Cloud
 
Pitney Bowes at a glance
byApigee | Google Cloud
 
Magazine Luiza at a glance (1)
byApigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
byApigee | Google Cloud
 
London Adapt or Die: Lunch keynote
byApigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
byApigee | Google Cloud
 
London Adapt or Die: Opening Keynot
byApigee | Google Cloud
 
London adapt or-die opening keynote chet kapoor
byApigee | Google Cloud
 
Walgreens at a glance
byApigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
byApigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
byApigee | Google Cloud
 

Recently uploaded

PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
December Patch Tuesday
byIvanti
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 

API Design - 3rd Edition

  • 1.
    API Design 3rd Edition BrianMulloy @landlessness Kevin Swiber Apigee @kevinswiber @apigee
  • 2.
  • 3.
  • 4.
  • 5.
    @landlessness @kevinswiber
  • 6.
    The real issue is about design: designing things that have the power required for the job while maintaining understandability, the feeling of control, and the pleasure of accomplishment. -Donald Norman
  • 7.
  • 8.
    Agenda • Recap Previous Edition • API Modeling • Security • Message Design • Hypermedia • Transactions
  • 9.
  • 10.
    URL Design Versioning Plural nouns for /dogs Include version in /v1/dogs collections URL ID for entity /dogs/1234 Keep one previous /v1/dogs version long /v2/dogs Associations /owners/5678/dogs enough for POST GET PUT DELETE developers to 4 HTTP migrate Methods Bias toward /dogs (not animals) concrete names Errors Multiple /dogs.json 8 Status Codes 200 201 304 400 401 403 404 500 formats in URL /dogs.xml Verbose messages {"msg": "verbose, plain language hints"} Paginate with ?limit=10&offset=0 limit and offset Query params ?color=red&state=running Client Considerations Partial selection ?fields=name,state Client does not ?suppress_response_codes=true Use medial "createdAt": 1320296464 support HTTP capitalization myObject.createdAt; status codes /convert?from=EUR&to=CNY&amoun Client does not GET /dogs?method=post Use verbs for GET /dogs non-resource t=100 support HTTP GET /dogs?method=put requests methods GET /dogs?method=delete Search /search?q=happy%2Blabrador Complement API 1. JavaScript with SDK and code 2. … DNS api.foo.com 3. … developers.foo.com libraries
  • 11.
    How do weget started with our API?
  • 12.
    Build an APIModel http://www.flickr.com/photos/brent_nashville/2156695472/in/photostream/
  • 13.
    Don’t Go Cowboy http://www.flickr.com/photos/theory/3364213389/in/photostream/
  • 14.
    How do wesecure our API?
  • 15.
    Twitter Streaming API Authorization:Basic aWhlYXJ0OmFwaXM= Amazon Web Services API Authorization: AWS AKIAIOSFODNN7EXAMPLE:frJIUNo//yllqDzg= Google API Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
  • 16.
  • 17.
    How do approachmessage design?
  • 18.
  • 19.
  • 20.
    How do werepresent single items?
  • 21.
    Twitter Foursquare Instagram { { { "created_at": "Thu Jan 10 08:44:59 "meta": {…}, "meta": {…}, +0000 2013", "notifications": […], "data": {} "id": 289291736440791040, "response": {} } "id_str": "289291736440791040", } "text": "@landlessness here's one for you: 50-year plan to fix Detroitnnhttp://t.co/kJ2l1FZv", "source": "<a href="http://twitter.com/download/andr oid" rel="nofollow">Twitter for Android</a>", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": 41020312, "in_reply_to_user_id_str": "41020312", "in_reply_to_screen_name": "landlessness", "user": {…}, "geo": {…}, "coordinates": {…}, "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false } 21
  • 22.
    Twitter Foursquare Instagram { { { "created_at": "Thu Jan 10 08:44:59 "meta": {…}, "meta": {…}, +0000 2013", "notifications": […], "data": { "id": 289291736440791040, "response": { "attribution": {…}, "id_str": "289291736440791040", "checkin": { "type": "image", "text": "@landlessness here's one "id": "50eeff78e4b0f8e9624ea5f8", "location": {…}, for you: 50-year plan to fix "createdAt": 1357840248, "comments": {…}, Detroitnnhttp://t.co/kJ2l1FZv", "type": "checkin", "filter": "Sierra", "source": "<a "shout": "Pharmacy #DRUGS!!! "created_time": "1357826573", href="http://twitter.com/download/andr #ToothPulled :(", "link": oid" rel="nofollow">Twitter for "timeZone": "America/Detroit", "http://instagr.am/p/UTk5Xut3gN/", Android</a>", "timeZoneOffset": -300, "likes": {…}, "truncated": false, "user": {…}, "images": {…}, "in_reply_to_status_id": null, "venue": {…}, "caption": {…}, "in_reply_to_status_id_str": null, "source": {…} "user_has_liked": false, "in_reply_to_user_id": 41020312, } "id": "365798266911553549_3573549", "in_reply_to_user_id_str": } "user": {…} "41020312", } } "in_reply_to_screen_name": } "landlessness", "user": {…}, "geo": {…}, "coordinates": {…}, "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false } 22
  • 23.
    Take the bestof Foursquare and Instagram { "meta": {…}, "dog": {…} "notifications": […], } 23
  • 24.
    How do werepresent collections?
  • 25.
    Twitter Foursquare Instagram [ { { { "meta": {…}, "meta": {…}, "created_at": "Thu Jan 10 08:44:59 "notifications": […], "data": [ +0000 2013", "response": { { "id": 289291736440791040, "recent": [ "attribution": {…}, "id_str": "289291736440791040", { "type": "image", "text": "@landlessness here's one "id": "50eeff78e4b0f8e9624ea5f8", "location": {…}, for you: 50-year plan to fix "createdAt": 1357840248, "comments": {…}, Detroitnnhttp://t.co/kJ2l1FZv", "type": "checkin", "filter": "Sierra", "source": "<a "shout": "Pharmacy #DRUGS!!! "created_time": "1357826573", href="http://twitter.com/download/andr #ToothPulled :(", "link": oid" rel="nofollow">Twitter for "timeZone": "America/Detroit", "http://instagr.am/p/UTk5Xut3gN/", Android</a>", "timeZoneOffset": -300, "likes": {…}, "truncated": false, "user": {…}, "images": {…}, "in_reply_to_status_id": null, "venue": {…} "caption": {…}, "in_reply_to_status_id_str": null, }, "user_has_liked": false, "in_reply_to_user_id": 41020312, {…}, "id": "365798266911553549_3573549", "in_reply_to_user_id_str": {…}, "user": {…} "41020312", ] }, "in_reply_to_screen_name": } {…}, "landlessness", } {…} "user": {…}, ] "geo": {…}, } "coordinates": {…}, } "place": {…}, "contributors”:{…}, "retweet_count": 0, "entities": {…}, "favorited": false, "retweeted": false, "possibly_sensitive": false }, {…}, {…} ] 25
  • 26.
    Take the bestof Foursquare and Instagram { "meta": {…}, "dogs": {…} /* include same info as single */ "notifications": […], } 26
  • 27.
    How do werepresent search results?
  • 28.
    Selecting results is not the same as searching. -Facebook API
  • 29.
    Bing Search Google Custom Search Reddit Search { { { "SearchResponse": { "kind": "customsearch#search", "kind": "Listing", "Version": "2.2", "url": { "data": { "Query": { "type": "application/json", "after": "t3_qy342", "SearchTerms": "sushi" "template": "before": null, }, "https://www.googleapis.com/customsearch/v1?q={s "children": [ "Web": { earchTerms}…}, { "Total": 95200000, "queries": { "data": { "Offset": 0, "request": [ "id": "f605o", "Results": [ { "num_comments": 943, { "title": "Google Custom Search - sushi", "score": 1146, "Title": "The Sushi FAQ - The ultimate "totalResults": "15000000", "ups": 3110, guide to sushi and sashimi and how to ...", "searchTerms": "sushi", "downs": 1964, "Description": "What is sushi?..", "count": 10, "created": 1295553753.0, "Url": "http://www.sushifaq.com/", "startIndex": 1, "url": "CacheUrl": } "http://www.reddit.com/r/AskReddit/comments/f605 "http://cc.bingj.com/cache.aspx?q=sushi&d=485519 ] o/this_is_a_long_shot_any_sushi_chefs_need_a_job 0808495712&w=yU8fJS-YPT-f4svREMW2xSa75OoBUAZR", }, _in/", "DisplayUrl": "www.sushifaq.com", "context": { "author": "jining", "DateTime": "2013-01-08T15:12:00Z" "title": "Custom Search" } }, }, }, { "searchInformation": { { "Title": "What Is Sushi? - Sushi Guide - "searchTime": 0.314942, "data": { Eatsushi.com", "formattedSearchTime": "0.31", "id": "c9eng”, "Description": "Eatsushi.com...", "totalResults": "15000000", "num_comments": 308, "Url": "formattedTotalResults": "15,000,000" "score": 59, "http://www.eatsushi.com/whatsushi.asp", }, "ups": 128, "CacheUrl": "items": [ "downs": 69, "http://cc.bingj.com/cache.aspx?q=sushi&d=501324 { "created": 1275155900.0, 9854931333&w=ihBzI9k9WbrnwxKcV3n8mOoV97M89K-b", "kind": "customsearch#result", "url": "DisplayUrl": "title": "Standardized Usage Statistics "http://www.reddit.com/r/IAmA/comments/c9eng/i_a "www.eatsushi.com/whatsushi.asp", Harvesting Initiative (SUSHI ... - NISO", m_a_sushi_man_ama/", "DateTime": "2013-01-07T13:51:00Z" "htmlTitle": "u003cbu003eStandardized Usage "saved": false, "is_self": true, "permalink": } Statistics Harvesting Initiativeu003c/bu003e "/r/IAmA/comments/c9eng/i_am_a_sushi_man_ama/", ] (u003cbu003eSUSHIu003c/bu003e "author": "IAmASushiMan” } u003cbu003e...u003c/bu003e - NISO", } } "link": } } "http://www.niso.org/workrooms/sushi", ] "displayLink": "www.niso.org", } "snippet": "The Standardized Usage Statistics } Harvesting Initiative (SUSHI) Protocol standard (ANSI/NISO Z39.93-2007) defines an automated request and response model ...”, 29
  • 30.
    (Mostly) Follow GoogleCustom Search { "meta": { "limit": 1, "offset": 10, "totalResults": 15000000, "query": "sushi", "searchTime": 0.314942 }, "results": [ {}, {}, {} ] } 30
  • 31.
    How do werepresent links?
  • 32.
    Netflix API <link href=“http://api-public.netflix.com/catalog/people/100637” rel=“http://schemas.netflix.com/catalog/person.actor” title="Elijah Wood” ></link> GitHub API "organization": { "login": "octocat", "id": 1, "url": "https://api.github.com/users/octocat", "type": "Organization” }
  • 33.
    Follow Netflix andthe Web Linking spec <link href=“http://api-public.netflix.com/catalog/people/100637” rel=“http://schemas.netflix.com/catalog/person.actor” title="Elijah Wood” ></link>
  • 34.
    How do werepresent actions?
  • 35.
    GitHub Form-based API ”actions": [{ “name”: “edit-repo”, “method”: “PATCH”, “href”: “https://api.github.com/repos/kevinswiber/siren”, ”fields”: [ { “name”: “name”, “type”: “text” }, { “name”: “description”, “type”: “text” } }]
  • 36.
    Form-based API "actions": [{ "name": "edit-repo", “method”: “PATCH”, “href”: “https://api.github.com/repos/kevinswiber/siren”, ”fields”: [ { “name”: “name”, “type”: “text” }, { “name”: “description”, “type”: “text” } }]
  • 37.
    How do werepresent metadata?
  • 38.
    Flickr API (inline) <item type="photo” id="10289” server="2” views="47” faves="0” more="0"> Dropbox API (/metadata) { "size": "225.4KB”, "rev": "35e97029684fe”, "bytes": 230783, "modified": "Tue, 19 Jul 2011 21:55:38 +0000”, "path": "/Getting_Started.pdf”, "is_dir": false, "icon": "page_white_acrobat”, "root": "dropbox”, "mime_type": "application/pdf”, "revision": 220823 }
  • 39.
    Include a metadatain responses and consider a dedicated /meta resource { "meta": { "size": "225.4KB”, "rev": "35e97029684fe”, "bytes": 230783, "modified": "Tue, 19 Jul 2011 21:55:38 +0000”, "path": "/Getting_Started.pdf”, "is_dir": false, "icon": "page_white_acrobat”, "root": "dropbox”, "mime_type": "application/pdf”, "revision": 220823 } } 39
  • 40.
    What can welearn from hypermedia types?
  • 41.
    Atom/AtomPub <?xml version="1.0"?> <entry xmlns="http://www.w3.org/2005/Atom"> <title>My New Collection</title> <id>urn:uuid:de46e3a1-e489-41a6-88a6-21e7f0e8e2d8</id> <updated>2009-06-12T12:13:46Z</updated> <author> <name>Daffy</name> </author> <summary type="text" /> <content type="application/atom+xml;type=feed" src="http://example.org/my-new-collection"/> <link rel="edit” href="http://example.org/my-new-collection.atom" /> </entry>
  • 42.
    XHTML <ul class=“search user-list”> <li class=“user”> <div class="avatar"> <a href="/users/@kevin"> <img class=”user-image" src=”/img/avatar.png" /> </a> </div> <div> <a href=“/users/@kevin” rel=“user messages”> <span class=“user-name”>@kevin</span> (<span class="user-text">@kevin</span>) </a> </div> </li> </ul>
  • 43.
    HAL { “currentlyProcessing”: 14 “shippedToday”: 20, “_links”: { “self”: { “href”: “/orders?page=2” }, “next”: { “href”: “/orders?page=3” }, “prev”: { “href”: “/orders?page=1” } } }
  • 44.
    Collection+JSON { “collection”: { “version”: “1.0”, “href”: “http://example.org/friends”, “items”: [ “href”: “http://example.org/friends/kevin”, “data”: [ {“name”: “full-name”, “value”: “Kevin Swiber” } ] ], “queries”: [ {“rel”: “search”, “href”: “./search”, “data”: [ {“name”: “search”, “value”: “” } ] } }
  • 45.
    Siren { “class”: [“owner”, “vip”], “properties”: { “name”: “Kevin” }, “entities”: [ { “rel”: [“https://rels.x.io/dog”], “href”: “https://api.x.io/dogs/1” } ], “actions”: [ { “name”: “adopt”, “method”: “POST”, “href”: “https://api.x.io/owners/1/dogs”, “fields”: [ { “name”: “dog-name”, “type”: “text” } ] } ], “links”: [ { “rel”: [“self”], “href”: “https://api.x.io/owners/1” } ] }
  • 46.
    How do weaccept binary data?
  • 47.
    multipart/form-data Content-Type: multipart/form-data; boundary=AaB03x --AaB03x Content-Disposition:form-data; name=“caption” Cool picture of my cat. --AaB03x Content-Disposition: form-data; name=“photo”; filename=“catpajamas.jpg” Content-Type: image/jpeg Content-Transfer-Encoding: binary …contents of catpajamas.jpg… --AaB03x
  • 48.
    Inline Base64 Encoding POST/photos { “caption”: “Cool picture of my cat.” “photo”: “RHVkZSwgbXkgY2F0IGhhcyB0aGUgYmVzdCBwYWphbWFzLg==” }
  • 49.
    2-Step Process POST /photos { “caption”: “Cool picture of my cat.” } PUT /photos/1234/data Content-Type: image/jpeg Content-Length: 240 Content-Transfer-Encoding: binary …binary content…
  • 50.
  • 51.
    How do wesupport caching?
  • 52.
  • 53.
    ETags GET /dogs/1 ETag: “a7D92kda94aisdfG” GET/dogs/1 If-None-Match: “a7D92kda94aisdfG”
  • 54.
    Last-Modified GET /dogs/1 Last-Modified: Thu,10 Jan 2013 19:43:31 GMT GET /dogs/1 If-Modified-Since: Thu, 10 Jan 2013 19:43:31 GMT
  • 55.
  • 56.
    Do we needa JavaScript API?
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
    application/json { “breed”: “Dachshund”, “name”: “Hotdog”, “age”: 2 }
  • 62.
  • 63.
    How do wehandle transactions?
  • 64.
    Create a Transaction POST/carts … 201 Created Location: /carts/1
  • 65.
    Add Items POST /carts/1/items/ {“productId”: “mittens123”, “quantity”: 1 } … 201 Created Location: /cartItems/1234
  • 66.
    Commit the Transaction POST/carts/1 { “message”: “checkout” } … 200 OK
  • 67.
    Summary • Checkout previous editions for URI design • Start with API modeling • Use OAuth for security • Good message design is for developers • Learn from hypermedia specs • More on transactions later
  • 68.
  • 69.
    THANK YOU Subscribe toAPI webinars at: youtube.com/apigee
  • 70.
    THANK YOU Questions andideas to: groups.google.com/group/api-craft
  • 71.
    THANK YOU Contact usat: @landlessness brian@apigee.com @kevinswiber kswiber@apigee.com @apigee

Editor's Notes

  • #2 Creative Commons Attribution-Share Alike 3.0 United States License
  • #7 “The argument is not between adding features and simplicity, between adding capability and usability. The real issue is about design: designing things that have the power required for the job while maintaining understandability, the feeling of control, and the pleasure of accomplishment.” – Donald Norman, “Simplicity Is Not The Answer”, ACM Interactions, volume 15, issue 5. “We are faced with an apparent paradox, but don&apos;t worry: good design will see us through. People want the extra power that increased features bring to a product, but they intensely dislike the complexity that results. Is this a paradox? Not necessarily. Complexity can be managed. “ – Donald Norman, “Simplicity Is Not the Answer”, ACM Interactions, volume 15, issue 5.
  • #8 http://www.flickr.com/photos/mattharvey1/5712604622/We’re building a cathedral. Though it is complex, it must be beautiful.
  • #12 What security measures can we put around our API?
  • #13 http://www.flickr.com/photos/brent_nashville/2156695472/in/photostream/Collaborate with all stakeholders: marketing, business analysts, software engineers, key business people, etc. This will be your API team.Develop a ubiquitous language, a glossary of terms that will appear in your API. This keeps everyone on the same page.Document a mental model of your API. (How you do this is up to you. See: UML)Iterate.
  • #14 http://www.flickr.com/photos/theory/3364213389/in/photostream/Freedom is fantastic until you hit the wall of reality. Your API represents your organization. Make sure your organization is present on key decisions.
  • #15 What security measures can we put around our API?
  • #16 Twitter uses HTTP Basic authentication. It has been around for a long time.Amazon Web Services chose to roll their own. This may have pre-dated the OAuth 1.0 specification.Google is using Bearer tokens with the OAuth 2.0 Framework specification.
  • #17 We like OAuth2. It’s a standard, which means anyone can read how it’s done. There are also good libraries out there to help build this for your API.OAuth2 allows developers to build clients that take advantage of user resources located on other services, such as Facebook, Google, and GitHub.A good alternative is using OAuth 1.0a. LinkedIn uses OAuth 1.0a for authorizing clients in their API, and it works very well.Keep an eye on stronger access token algorithms. OAuth2 MAC token support is still an Internet-Draft.
  • #18 What security measures can we put around our API?
  • #19 What security measures can we put around our API?
  • #20 What security measures can we put around our API?
  • #21 What security measures can we put around our API?
  • #22 What security measures can we put around our API?
  • #23 What security measures can we put around our API?
  • #24 What security measures can we put around our API?
  • #25 What security measures can we put around our API?
  • #26 What security measures can we put around our API?
  • #27 What security measures can we put around our API?
  • #28 What security measures can we put around our API?
  • #29 What security measures can we put around our API?
  • #30 What security measures can we put around our API?
  • #31 What security measures can we put around our API?
  • #33 Netflix uses Web Linking (RFC5899). Links have a relation value that may contain standard or custom relation types. An href is included as a link to follow based on that rel value.GitHub repos contain an organization object that has a URL one can follow. Note: GitHub does follow the Web Linking spec for certain links. They include a Link header with prev and next links.
  • #34 We prefer the Web Linking style, which can be expressed in both XML and JSON styles. It adheres to a standard that anyone can follow. Also, we can utilize the standard link relations where appropriate.
  • #36 GitHub’s API prefers an out-of-band approach. The alternative is based on HTML forms. Here’s a snippet of the Siren format using actions.
  • #37 Inline form-style actions provide greater insight to developers exploring the API via HTTP. It allows the server to maintain control of the preferred method, href, and fields. This approach allows for easier inclusion of hidden field values the server deems necessary. Note: This is still emerging and is not yet widespread.
  • #39 Flickr includes metadata such as number of views, server, and favorites inline with the data representation. Dropbox has a separate metadata resource that returns its metadata.
  • #40 Actually, we think both these options are good. If the amount of metadata is relatively small, including it inline makes a lot of sense, as it’s less overhead than creating a brand new resource.If metadata happens to be very large, as may be the case for Dropbox, adding a separate resource may make sense. At this point, the metadata itself may be important enough to your API consumers to warrant a new resource. This is a good topic for discussion during an API modeling exercise.Metadata can also include response times, pagination counts, etc.
  • #41 Simultaneous presentation of information and controls such that the information becomes the affordance through which the user obtains choices and selects actions.Not a linear progression, more of a directed acyclic graph.Offers choices for users to select actions.Offers links to related representations.
  • #43 ALPS example from rstat.us.
  • #44 ALPS example from rstat.us.
  • #45 Links, Queries, Write Templates
  • #46 Properties, Entities, Actions, Links
  • #48 Benefits: Only one HTTP call. Binary files can be sent in binary format—more compact than base64. HTTP tools to handle this.
  • #49 Benefits: Quick to implement. Good for small files.
  • #50 Benefits: Good for larger binary files.
  • #51 Just choose one method of submitting binary data in your API. Think about the options, how big your binary data will be, and where you want to go in the future. Even though there are trade-offs to each approach, they’re all capable.
  • #53 30 Days
  • #56 Yes, it’s important to not beat up your API server with requests. It’s also important to let client knows if they can save a round-trip to your server.