Thursday, 26 June 2014

Internal project - design the API

I've spent some time designing the API for my internal project.

I've documented the design of the API here.

Key Points


Following best practices, I've avoided including the login and password with each request. Instead there is a session service. Call this service to create a new session and get a session token in response. In addition I've included a method to end the session early. The intention that the session token would expire. Making a call to any of the methods on the API would reset the timeout.


As far as possible I've mapped this to valid HTTP verbs.


One difficulty I ran into was how to provide a nice mechanism to mark a post a liked. It didn't make sense to mark a status item as liked by making a PUT request with the entire status item. The best option was to add a status/like URL, under the status URL.


There are a sack of really good resources out there for this:

  1. Best Practices for Designing a Pragmatic RESTful API:
  2. The Good, the Bad, and the Ugly of REST APIs:
  3. OWASP REST Security Cheat Sheet:

Current Status

  1. Document the UI - I've found this tends to make the implementation clearer
  2. Implement in bootstrap, MVC4 with SQL Server backend
  3. Design JSON API to access app
  4. Implement JSON api using WebApi backend
  5. Replace MVC app with javascript client side framework, angular
  6. Swap the SQL Server backend for a No SQL database
  7. Replace the WebApi backend with an F# implementation
  8. Replace the WebApi backend with node.js

No comments:

Post a Comment