or “being a provider in an age of mass consumption.”
While blogging to abstraction, I kept thinking of ways to I should have avoided those awkward and painful APIs that I’ve written in the past. Short of a mouthful of bad tasting SOAP, here are my top API considerations.
Before you get started:
- Take are to design the semantics of you API because APIs are abstraction that hide complexity from, simplify work of and encourage good behaviors in its consumers.
- Think security and auditing first because it’s difficult to “see” all the options that an API will expose on a quick review. You don’t want deal with the mess when Venkman crosses the streams.
- Write tests for your API because you want to find out that you broke it before your consumers do. Even better, also add simulators that pump data into your API so that you can run system tests.
- Use versioned APIs even at 1.0 because you and your consumer must expect APIs to evolve.
- Separate verbs (taking actions) from nouns (editing things) in your API because they have fundamentally different use, validation, and notification models. This also helps eliminate side-effects.
- Do not anticipate consumers’ appetite for data because there is a cost for returning information and maintaining compatibility.
Now that you’re committed:
- Offer the minimum options to service the consumer’s use-case because it’s easier to add than remove options.
- Avoid exposing details to your consumer because it will lock-in your implementation and limit your flexibility.
- Use natural keys over system assigned keys because users will have to make extra calls to figure out your assignments and it will lock your implementation.
- Never break your API’s existing calls when adding options because you never really know who is using which API calls.
- Object versioning (timestamping is enough!) reduces confusion because you can’t control how long a user will hang onto an object before they decide to send it back to you.
- Fail loudly with obvious delight because you want to make it hard for bad data to get into your system and you also consumers to know what went wrong.
- And, when failing loudly use HTTP error codes correctly because they really do mean something.
- Finally, be text tolerant because strong typing makes your API harder to use and text is very robust and flexible.
Whew. Now for a REST.