APIs have become a part of the product ecosystem - and help the businesses by extending their developer base, and offering seamless integration with other services or products. Sometimes, the APIs themselves are the product. However, with so many APIs around, patterns emerge. Patterns are repeatable, reusable solutions to commonly occurring problems. Where there are patterns, there are also antipatterns. While APIs are not a new paradigm - there are no set standards or specifications formed by a committees or governing bodies for APIs. On top of this, the APIs are often built at various stages of the product, and have a good chance of being disjoint as more are added. In this talk Netflix engineers will discuss various antipatterns that creep into the API design and implementation, and how to identify and avoid them. They will also share their experiences with building APIs. While the antipatterns do not pose as big a functional challenge, they can and do impact integration efforts, scalability and performance among other things. After this session, you should be able to get familiar with the best practices around solving the most common patterns, and make your engineers and API consumers happy!
31. HTTP Response Codes
• There are more codes than 200 and 500
– 2xx for success
– 3xx for redirects/caching
– 4xx for request/client errors
– 5xx for server errors
33. HTTP Response Codes
• Return after a delete? 204
• Failed database constraint? 409
• Method not supported? 405
• Trying to ask for too much data? 413
40. Methods
• Do not use GET for all reads
– HEAD to get headers (mostly used for caching)
– OPTIONS
• Do not use POST for all writes
– POST to create, or upsert
– PUT to update
– DELETE to delete
51. Authentication
• Use HTTP 401 to indicate that the client needs
to authenticate
• Use HTTP 403 to indicate that the credentials
the client holds do not allow access to the said
resource(s).
52. 401 vs 403
401 = Come back with a key
403 = Your key does not work for this lock.
53. Resources in an Island
Every entity or a resource is tied to others.
54. Resources in an Island
When you’re stuck guessing the connections of
a resource.
76. State
Avoid cookies!
• Use tokens instead. Let the client figure out to
store it as a cookie for convinience.
• Accept cookies as a fallback, but prefer a
query parameter or HTTP request header.
77. More topics..
• Versioning
– Using 301s to redirect/retire APIs
• Caching
– Using HTTP headers correctly
– Caching response bodies