When creating an API from scratch, you need to get many details right. From basic security considerations to using the right HTTP methods, implementing authentication, deciding which requests and responses you should accept and return, ... the list goes on. In this post, I'm trying my best to compress everything I know about what makes a good API.
Table of contents
1. Be consistent2. Use ISO 8601 UTC dates3. Make an exception for public endpoints4. Provide a health check endpoint5. Version the API6. Accept API key authentication7. Use reasonable HTTP status codes8. Use reasonable HTTP methods9. Use self-explanatory, simple names10. Use standardized error responses11. Return created resources upon POST12. Prefer PATCH over PUT13. Be as specific as possible14. Use pagination15. Allow expanding resources13 Comments
Sort: