Scribd
Upload
12 views

REST API Check List

Uploaded by

Niraj Rathi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

REST API Check List

Uploaded by

Niraj Rathi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

© Memi Lavi www.memilavi.com memi@memilavi.

com

Software Architecture Series: REST API Design


Check List
When designing your REST API, make sure to follow all the following items. Doing that
will ensure your REST API is professional, easy to use, and attractive.

Item Description Comments


Request The request should include:
- Method
- URL
- Headers
- Body (if Method is POST or PUT)

-
Response The response should include:
- Status Code
- Headers
- Body (Optional)

HTTP Verb Verb Role Body? Params In… Other, rarely


GET Retrieve No URL used verbs:
resource(s) PATCH – Partial
POST Add Yes Body updates
resource(s) HEAD – GET
PUT Modify Yes Body without the body
resource(s)
DELETE Delete No URL
resource(s)
© Memi Lavi www.memilavi.com [email protected]

URL - NEVER include


verbs in URL
Structure - Some parts are
optional (ie.
Sub-entity)
- Use
singular/plural
wisely
Response Verb Allowed Codes - Avoid non-
Codes GET 200 OK standard codes
400 Bad Request - Consider use of
401 / 403 Authorization Related 207 Multi
404 Not Found Status code
when
POST 200 OK necessary
201 Created
202 Accepted
204 No Content
400 Bad Request
401 / 403 Authorization Related
404 Not Found
PUT 200 OK
202 Accepted
204 No Content
400 Bad Request
401 / 403 Authorization Related
404 Not Found
DELETE 200 OK
400 Bad Request
401 / 403 Authorization Related
404 Not Found
Docs - ALWAYS use OpenAPI / Swagger for
documenting the API
- Great for testing and documentation
- Doesn’t have to be exposed to external clients
Versioning - Include version in the API (URL or Header)
- Define version support policy
Authn & - Prefer using widely-used protocols such as If the API is
OAuth internal and
Authz cannot utilize
- Use popular authentication servers if possible external authn
servers, check
if local AD can
be used.
Performance - If needed, make sure Rate Limit and Quota are
in place
- Use caching whenever possible
© Memi Lavi www.memilavi.com [email protected]

Monitoring - Collect API usage data DO NOT


- Use this data to improve the API develop your
own monitoring
engine, Use a
3rd party for
that.

Hope you enjoyed the course, and that it helped you creating great REST
API!
For any question or comment contact me at:
[email protected]

Thanks,
Memi

You might also like