User:DKinzler (WMF)/API Guidelines: Difference between revisions

Browse history interactively

← Older edit Newer edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 23:11, 18 March 2023

API Guidelines | Product Brief

For Maintainers

Wikimedia_Engineering_Architecture_Principles#api/domain
Core Platform Team/Initiative/Core REST API in Mediawiki/Design principles
https://wikitech.wikimedia.org/wiki/Services/FirstDeployment
https://wikitech.wikimedia.org/wiki/ServiceOwnership
https://wikitech.wikimedia.org/wiki/Deployment_pipeline
https://github.com/wikimedia/service-template-node
API Life Cycle (draft by Daniel)
API versioning
- https://phabricator.wikimedia.org/T232485 REST Versioning RFC
Service-template-node/APIDesign
https://api.wikimedia.org/wiki/Community/API_guidelines
wikitech:API_Gateway#How_to_design_your_API
meta:User:BPirkle (WMF)/Stuff/Designing APIs
"Good API, Great API" Google Doc
Authorization and Rate Limiting: https://docs.google.com/document/d/1pG2qd4w_RW7wl_6Od1jFo4CkKA3zCA2wQDtmY2e5Tb8/edit#
API:Cross-site requests
Ideas:
- paging?
- localization (mostly for errors)
Writing an extension for deployment
Wikimedia services policy (see also Requests for comment/Standards for external services)
Requests for comment/API roadmap
Micosoft API Guidelines, Microsoft API Versioning
Google API Guidelines (these seem pretty good!)
Maturity model, see also https://blog.restcase.com/4-maturity-levels-of-rest-api-design/
List of other people's API Guidelines: https://github.com/masteringapi/rest-api-standards

For Clients

Bill's Links

Search / WDQS

Bits & Pieces

Note to self: looked at: Adidas, Maturity, Atlassian, Whitehouse, Google

Typical Structure & Aspects

Documentation
- discoverable specs and schemas
HTTP binding
- use of verbs, HATEOAS, idempotence (put vs post vs patch)
  - see https://cloud.google.com/apis/design/standard_methods?hl=en
  - see google's idea for custom verbs
- use of error codes, body of error responses
- content types & negotiation
- caching
- conditionals
- redirects (normalization, deprecation, and other)
- other headers
- guidance on urls vs header vs query param
- resources vs entities
- etags, see https://cloud.google.com/apis/design/design_patterns?hl=en#etags
payload data
- serialization (JSON)
- shared data model
- standard data types (date format, language codes, etc)
- standard field names (rel, ref, etc) - compare https://cloud.google.com/apis/design/standard_fields?hl=en
- schemas
- pagination, ordering, filtering
- response for long running operations?
- standard query params: localization, variants, embedding/expansion
- batch operations and collections (put vs post)
- foreign key relation (entitiy URLs)
- domains and bounded contexts, separation of concerns
- no data in keys (really? maps are neat...)
- errors, compare https://cloud.google.com/apis/design/errors?hl=en
Evolution
- Versioning
- URL vs headers, etc
- content negotiation
- deprecation
- compatibility, see https://cloud.google.com/apis/design/compatibility?hl=en
URL structure
- characters & encoding
- resources & collections (sub-collections, formats, nested resources, etc)
- use American English nouns (singlular or plural?) (kebab-case or CamelCase?)
- searching vs. listing
- formats / file extension suffix
Compliance
- testing (pact)
- SLA, rate limits
Security
- Authentication
- CORS/CSP
- CSRF
Design process (see also https://cloud.google.com/apis/design/resources?hl=en)
- Model entities (resources, nouns) and their relationships
- Design a URL scheme for addressing the resources and collections
- Define schemas for representing the entities.
- Determine the behavior of standard verbs for each resource (and collection)

@@ Line 28: / Line 28: @@
 * [https://github.com/microsoft/api-guidelines/ Micosoft API Guidelines], [https://github.com/microsoft/api-guidelines/blob/vNext/Guidelines.md#122-when-to-version Microsoft API Versioning]
 * [https://cloud.google.com/apis/design/resources?hl=en Google API Guidelines] (these seem pretty good!)
-* '''Maturity levels''': https://blog.restcase.com/4-maturity-levels-of-rest-api-design/
+* '''Maturity ''' https://blog.restcase.com/4-maturity-levels-of-rest-api-design/
 * List of other people's API Guidelines: https://github.com/masteringapi/rest-api-standards
@@ Line 61: / Line 61: @@
 == Bits & Pieces ==
 Note to self: looked at: Adidas, Maturity, Atlassian, Whitehouse
 Typical Structure & Aspects
@@ Line 69: / Line 69: @@
 * HTTP binding
 ** use of verbs, HATEOAS, idempotence (put vs post vs patch)
+*** see https://cloud.google.com/apis/design/standard_methods?hl=en
+*** see [https://cloud.google.com/apis/design/custom_methods?hl=en google's idea for custom verbs]
 ** use of error codes, body of error responses
 ** content types & negotiation
@@ Line 77: / Line 79: @@
 ** guidance on urls vs header vs query param
 ** resources vs entities
+** etags, see https://cloud.google.com/apis/design/design_patterns?hl=en#etags
 * payload data
 ** serialization (JSON)
 ** shared data model
 ** data types (date format, language codes, etc)
 ** field names (rel, ref, etc)
 ** schemas
 ** pagination
+** response for long running operations?
 ** standard query params: localization, variants, embedding/expansion
 ** batch operations and collections (put vs post)
@@ Line 89: / Line 93: @@
 ** domains and bounded contexts, separation of concerns
 ** no data in keys (really? maps are neat...)
+** errors, compare https://cloud.google.com/apis/design/errors?hl=en
 * Evolution
 ** Versioning
@@ Line 94: / Line 99: @@
 ** content negotiation
 ** deprecation
+** compatibility, see https://cloud.google.com/apis/design/compatibility?hl=en
 * URL structure
 ** characters & encoding
 ** resources & collections (sub-collections, formats, nested resources, etc)
+** use American English nouns ([https://stackoverflow.com/questions/54057388/rest-api-resource-naming-conventions-user-or-users-pluralisation singlular or plural]?) (kebab-case or CamelCase?)
-** use American English nouns
 ** searching vs. listing
 ** formats / file extension suffix