web application development company in USA and across for recent years, so its scalability was not crucial in early internet history, but when there were fewer users’ that time standalone apps performed well for most of the parts. So, with the fold of different mobile devices, today users can use the same app from many different devices, which has resulted in developers needing to scale their apps. So, this makes sense to create a common API which can efficiently scale the ever-changing need of the users rather than developing different standalone apps because there are many technologies which create APIs and there is no real standard or method to follow for designing APIs. However, there are various agreed upon best practices are there for designing APIs, and in the absence of the real standard, it is challenging to create rigid conventions. API development has been widespread forand across for recent years, so its scalability was not crucial in early internet history, but when there were fewer users’ that time standalone apps performed well for most of the parts. So, with the fold of different mobile devices, today users can use the same app from many different devices, which has resulted in developers needing to scale their apps. So, this makes sense to create a common API which can efficiently scale the ever-changing need of the users rather than developing different standalone apps because there are many technologies which create APIs and there is no real standard or method to follow for designing APIs. However, there are various agreed upon best practices are there for designing APIs, and in the absence of the real standard, it is challenging to create rigid conventions.









API Design





No one likes to see an error of 404, especially when someone has bookmarked a blog post or article for future use. So, it is a hassle for a user as every time a URL needs to be changed, and in result, URL modification isn’t good for the SEO either. Therefore, designing an API without the right abstraction might require changing URLs later, although redirects can also solve this problem as SEO best practice to avoid redirects, so it makes sense to design the standards before you search into API design and focus later on the specific details and business names before creating the URLs.





Use nouns but no verbs





REST API’s must be designed for resources, which should be entities or services etc. However, it should be nouns. For example: instead of/createUser use/users.





Plurals or Singulars





The next standard is entirely based on Keep it Simple, Stupid principle because we need two base URLs per resource, so first if for multiple values and another for the specific value. For example, in the case of..





GET /users/123





The client is asking to retrieve from user’s collection with id 123, so while creating a resource, if we want to add one resource to the current collection of resources, so the API looks like the below:





POST /users





Depict Resource Hierarchy through URI





If a resource contains sub resources, then you have to make sure to describe this in the API for making it more explicit. For example, if a user has posts, then we want to retrieve a specification post by the user, then the API can be defined as GET/users/123/posts/1 which will retrieve Post with id 1 by users with id 123.





APIs Version





A version of API always helps to ensure backward compatibility of a service while adding new features or updating existing functionality for a new client. Therefore, there are different schools of thought to help for version your API, but most of them fall under two categories which are given below.





· Headers





· URL





Return Representation





POST, PUT or PATCH methods, used for creating a resource or update fields in a resource so it should always return an updated resource representation as a response with an appropriate status code.





Stateless Authentication and Authorization





REST API should be stateless so every request should be self-sufficient and must be fulfilled without knowledge of a prior request. So, this happens in the case of Authorizing a user action. Earlier, developers used to store user information in a server-side session, which is not a scalable approach. Therefore, every request should contain all the information of a user, instead of relying on the previous requests. Hence, it doesn’t limit APIs to a user to authorize person, as it allows service to service authorization as well. But, for a user authorization, JWT with OAuth2 provides a way to achieve. Additionally, for service to service communication try to have the encrypted API key passed in the header.





Swagger for Documentation





Swagger is a widely used tool which can help you to document REST APIs, which also provides the way to explore the use of specific API. Therefore, by allowing a developer to understand the underlying semantic behavior, it’s a declarative way for adding documentation using annotations, which further generates JSON describing APIs and their usage.



