API Design Process

Question 1

What can be said about consumers of API, are they machine to machine or people on other side?

Answer 1

In the API space, we build something on a machine for a machine to use and this is wrong because there are people on the other side of API clients.

Question 2

Define UX honeycomb which has 7 adjectives.

Answer 2

APIs should be
1) Useful
Is the API useful from end user’s point of view?

2) Usable
Can the API be quickly used by a developer and provide easy-to-use functionality?

3) Desirable
Is the functionality provided by the API something that generates desire in developers and end users?

4) Findable
Can the API documentation be found easily, and can developers tart using it immediately?

5) Acessible
Can the API provide functionality for end users who have technical constraints/limitations in consuming it?

6) Credible
Is the data provided by the API trustworthy?

7) Valuable
Does the API contribute to the company’s bottom line and improve customer satisfaction?

Question 3

What do we mean by
Designing the right thing?
Designing the thing right?

Answer 3

1) Designing the right thing?

This phase is split into Discover/Research and Define/Synthesis. While designing something new it is very easy for people to blow the actual scope of the problem and put all their effort into designing something that no one actually wants or will use. This phase of designing keeps us grounded and makes sure we are designing for the right thing by doing diligent research and defining the right problem statement to solve.

1.1) Discover/Research

• Gain domain knowledge.
• Understand what problem we are trying to solve
• Who are stakeholders
• Use-cases and the requirements
• Existing solutions and approaches
• Talk to all stakeholders

1. 2) Define/Synthesis
   - Give structure to raw data gathered from previous step
   - Try finding trends that span across multiple use-cases
   - Find dependencies to other services, like other microservice
   - Identify all the Resources for which we need APIs
   - Outline behavior and expectations of APIs
   - Identify amount of business logic that will be in service or client

2) Designing the thing right

2. 1) Develop/Ideation
   - From previous step we are clear what needs to be done
   - OpenAPI/Swagger are great to describe important aspects of API
   - Especially the frontend design decisions and architectural decisions can be captured using API description languages as they are visible to user
   - Import swagger, OpenAPI or RAML specification files into Postman Collection
   - API documentation, Different API scenarios/states, Prototype using tools like Postman
3. 2) Deliver/Implementation
   - Establish contract tests first so that if anything changes they start failing
   - If its a bug or legitimate change, you can update the code or inform the affected teams.

Question 4

What do we mean by
Designing the right thing?
Designing the thing right?

Answer 4

1) Designing the right thing?

This phase is split into Discover/Research and Define/Synthesis. While designing something new it is very easy for people to blow the actual scope of the problem and put all their effort into designing something that no one actually wants or will use. This phase of designing keeps us grounded and makes sure we are designing for the right thing by doing diligent research and defining the right problem statement to solve.

1.1) Discover/Research

• Gain domain knowledge.
• Understand what problem we are trying to solve
• Who are stakeholders
• Use-cases and the requirements
• Existing solutions and approaches
• Talk to all stakeholders

Question 5

Why is there need to build Design Style Guide for APIs?

Answer 5

When team grows new people joining start applying their own conventions when naming endpoints, use of headers, query parameters, response structures etc. In such scenario how to ensure quality and consistency.
Even UI design teams face such challenges and they solve this by creating design style guide which make sure that everyone in the team uses the same UI component etc.
Companies like Google, Paypal have design style guides.

Question 6

Which is best way to learn API designing?

Answer 6

1) Create a lot of APIs
2) Read existing APIs and design practices resources

https: //www.getpostman.com/api-network/
https: //community.apigee.com/spaces/123/index.html

Question 7

What is the job of API?

Answer 7

The API’s job is to make application developer as successful as possible.

Question 8

What should be the primary design principle when designing API?

Answer 8

It should be to maximize application developer productivity and success.

Question 9

Which are API design elements?

Answer 9

1) The representations of your resources
definition of fields in the resources (assuming structured data as opposed to stream of bytes or chars) and links to related reources

2) The use of standard HTTP headers (occasionally custom headers)

3) The URLs and URI templates
that define the query interface of your API for locating resources based on their data.

4) Required behaviors by clients for example DNS caching behaviors, retry behaviors, tolerance of fields that were not previously present in resources and so on.

Question 10

What can be said about REST and state of resource?

Answer 10

In REST model, a web resource has underlying state, which cannot be seen directly , and what flows between clients and servers is a representation of that state. Users can view representation of a resource in different formats, called media types. In principle, all media types for the representation of a particular resource should encode the same information just in different formats.

Question 11

Which is the de-facto standard for representing resource in Web APIs and why?

Answer 11

JSON is de-facto. It is because it is easy to understand and easy to map to the programming data structures of Javascript and other languages.

Question 12

Limitations of JSON

Answer 12

It cannot represent many data types. Null, Boolean, String, Number. Dates and times are not supported.

Question 13

What guidance should be followed to keep JSON simple

Answer 13

Names/keys in the JSON are always property names and the JSON objects always correspond to entities in your API’s data model.

Example that follows this advice:
{
  "kind": "Dog",
  "name": "Lassie",
  "furColor": "brown"
}

Example that does not follow this advice
{
  "user-id-1": {
    "data" : [
       { 
          "id": "12345",
          "picture": "url"
       } 
     ]
  }
}

This one is hard to learn. data field is artifact of JSON design and not a property on User resource.

Question 14

Which is the construct used in HTTP to represent relationships?

Answer 14

Link is the natural construct in HTTP to represent relationships.

Question 15

Why is HATEOAS (Hypermedia As The Engine Of Application State) viewed as impractical?

Answer 15

Because generic clients are usually less satisfactory, especially clients with a User interface, so such API is rarely built.

Question 16

How HATEOAS helps API?

Answer 16

the realization that the use of links brings a significant
improvement to the usability and learnability of all APIs, not just those that are designed to be consumed
by completely general-purpose clients.

Question 17

Example of JSON with relationship links

Answer 17

{
  "id": "098123",
  "kind": "dog",
  "name": "Lassie",
  "furColor": "Brown",
  "ownerLink": "https://dogtracker.com/persons/12093"
}

{
  "id": "123",
  "name": "Joe",
  "hairColor": "Brown",
  "kind": "Person",
  "dogLink": "https://dogtracker.com/persons/1234/dogs"
}

Question 18

URI templates or Path params use?

Answer 18

URI templates are most useful if they accept variables whose values are easy for humans to read and remember. For example
https://dogtracker.com/persons/{personId}
is not good because it is hard to remember the obscure and length identifier.

But compared to above one
http://dogtracker.com/persons/{personName}
is more useful because names are fundamental way in which humans deal with world.

Question 19

In the dog tracking example we included link to owner using ownerId property which worked well. Now what to do if the owner can be an individual or an institution?

Answer 19

We have a few options,
First we could have ownerID and supplement it with ownerType property.
Or we can have separate personOwnerID or institutionalOwnerId out of which any one will be set at a time.
We could also have a compound owner value that can incorporate the type and the id.

Most elegant and flexible solution to this is having owner property of type url.
{
…,
“owner” : “https://dogtracker.com/persons/123213”
}
or
{
…,
“owner” : “https://dogtracker.com/institutions/1122
}
So owner property is now read-write rather than read-only. We can accommodate both individual and institution by changing the URL. Clients have to be aware that the owner URL may point to different sorts of resources and they have to be prepared to react differently.

Question 20

Should we store URLs with domain name and scheme in database?

Answer 20

No we should not store absolute url which contains domain name in database, because if domain name changes in some circumstances then DB will have to be updated. Also we want freedom to use same database in different environments (integration test, system test, pre-production) with different domain names. This means we will have to strip the scheme and authority from URLs before storing in DB and add back when requested.

Question 21

What is one of solution to avoid problems storing URLs in database?

Answer 21

To use path absolute URLs that start with /. So the URLs will be relative paths. The only tradeoff is that it introduces burden on client to turn those relative URLs into absolute before using them.

Question 22

Give some example of URI Templates that we can send in response so that client can process it

Answer 22

{
“following_url”: “https://api.github.com/users/octocat/following{/other_user}”,
“gists_url”: “https://api.github.com/users/octocat/gists{/gist_id}”,
“starred_url”: “https://api.github.com/users/octocat/starred{/owner}{/repo}”,
}

Question 23

Give some example of URI Templates that we can send in response so that client can process it

Answer 23

{
“following_url”: “https://api.github.com/users/octocat/following{/other_user}”,
“gists_url”: “https://api.github.com/users/octocat/gists{/gist_id}”,
“starred_url”: “https://api.github.com/users/octocat/starred{/owner}{/repo}”,
}

Question 24

Explain Permalinks

Answer 24

Any link that a server puts in the representation of a resource can be bookmarked, stored by the client,
and used later. This means that you need to try to make it stable.
There is some good advice on the web on how to design stable URLs.
“After the creation date, putting any information
in the name is asking for trouble one way or another.”

Question 25

In Permalinks we cannot include anything except the creation date, as anything can change. So what option do we have?

Answer 25

A consequence of following advice of not using anything other than creationdate in name is that URLs used in linking tend to be rather unfriendly to
humans. Because they must avoid including information that may change, they tend instead to have long
strings of random characters in them, like this one from Google:
https://docs.google.com/document/d/1YADQAXN2sqyC2OAkblp75GUccnAScVSVI7GZk5M-TRo

https://dogtracker.com/dogs/{uuid}

Question 26

In Permalink how to route request to implementation unit that can handle that particular type?

Answer 26

So to cater to that we cannot just include id of resource but we also need to encode the identity of the implementation unit that can handle it. As implementation units change over time, we need is some identifier that can be flexibly mapped to processing units later. So we can include “principal type” which is assumed to be immutable.

https://dogtracker.com/{type}/{uuid}

Question 27

What is the downside of encoding hierarchy in link URLs?

Answer 27

If we encode hierarchy in URL, then it will be bad. Because clients can bookmark the URLs. Hierarchies are not as stable as they seem and encoding them in URL will either prevent you from reorganizing your hierarchies or cause your persistent link to break when you do.

Question 28

What is the solution to renaming dilemma? Suppose you decide to use name in URL to keep it human friendly rather than UUID. What to do when name of the person changes?

Answer 28

The solution to this problem is to keep one URL in links and offer a different one in URI templates for queries.
For example take narendra.pathai (needs to be unique) and e9cdcf7a-25b3-11e5-9aec-34363bd0ac10. Obviously using unique name is much human friendly than UUID.

So in URI template we can have
https://dogtracker.com/person/{name}
So we get following URL
https://dogtracker.com/narendra.pathai

This URL is very attractive way to reach and find Narendra but you don’t want to use this URL in linking because while names are unique but they are subject to change, which is not desirable for persistent links.

Question 29

In the solution of renaming resources we kept two different URLs
https://dogtracker.com/persons/narendra.pathai
and
https://dogtracker.com/persons/
do they always point to the same resource

Answer 29

No. Currently when the URL is created and a unique name is chosen it may be pointing to one person. But name is subject to change and the person can rename and choose different name.
So it is like
https://wikipedia.org/page/NarendraModi (will never change)
&
https://wikipedia.org/page/CurrentPrimeMinisterOfIndia (will change)

Though they both currently point to the same resource currently but they can change.
The URL with UUID is a permanent link and will never change.

Question 30

In the solution of renaming resources we kept two different URLs
https://dogtracker.com/persons/narendra.pathai
and
https://dogtracker.com/persons/
do they always point to the same resource

Answer 30

No. Currently when the URL is created and a unique name is chosen it may be pointing to one person. But name is subject to change and the person can rename and choose different name.
So it is like
https://wikipedia.org/page/NarendraModi (will never change)
&
https://wikipedia.org/page/CurrentPrimeMinisterOfIndia (will change)

Though they both currently point to the same resource currently but they can change.
The URL with UUID is a permanent link and will never change.

Question 31

What is the disadvantage of alias approach to renaming of links?

Answer 31

In the alias approach the old links forever keep pointing to the resource and can never be freed. This is followed by GitHub. It allows renaming of repositories and uses redirects. The consequence is that the old names are never released for reuse - the URLs corresponding to the old names continue to be associated with the resource forever. This is not an issues but we need to hold on to all the previous names of resource as well as current one.

Question 32

What can be said about stability of types when we used in url
https://dogtracker.com/person/

Answer 32

In this URL there is an assumption that person is a stable property. In this case its OK, because person does not turn into a mouse or dog, but hunters turn into prey, politicians turn into lobbyists, clients are also servers and so on.
In client and server example, single resource can have multiple types.

The only motivation for having person appear in a permanent link URL is for the server to be able to route incoming requests to the right implementation. So when designing we need to think in terms of mapping current and future - between resources and implementation handlers and not in terms of meaning to clients, for whom a link URL should be opaque.

Question 33

URI template style query endpoints vs query param based.
https://dogtracker.com/persons/{personId}/dogs
vs
https://dogtracker.com/search?type=Dog&owner={personId}

Answer 33

There are number of reasons why former is preferred

• Easier to consume and understand API, readable and intuitive
• Implementing API is usually easier
• In the second style people may think that all combinations of query parameters and values are supported, which can be very difficult to handle.
• Expresses relations and graph traversals easily that are difficult to express in query parameter style.

Ex. https://dogtracker.com/dogs/123456/owner/spouse

This query url encodes the graph traversal and makes the relationship clear. These are quiet easy to express in URL as sequence of path segments, but more difficult to express in query parameters.

Question 34

What is the general pattern for query URLs when it comes to relationships between objects

Answer 34

/{relationship-name}[/{resource-id}]/…/{relationship-name}[/{resource-id}]
Where the resource-id are required only if the relationship in the preceding path segment is multi-values or one to many.

Question 35

What is the general pattern for query URLs when it comes to relationships between objects

Answer 35

/{relationship-name}[/{resource-id}]/…/{relationship-name}[/{resource-id}]

Question 36

Describe path parameters or matrix parameters

Answer 36

This is alternative syntax for query URL. Rather than using / like persons/123/dogs we can use URLs like this

/persons;123/dogs
/persons;id=123/dogs
/persons;name=narendra.pathai/dogs

which generalizes to this rule
/{relationship-name}[;{selector}]/…/{relationship-name}[{;selector}]

The elements after ; are path parameters or matrix parameters. This is a good style for its syntactic tidiness and its conceptual clarity.

Question 37

Differentiate between path segments and path variables

Answer 37

Path segments are that follow after /
and path variables are that follow ;

So representing query URL like this
https://dogtracker.com/person/123/dogs/543
is using path segments and a URL like this
https://dogtracker.com/person;123/dogs;id=543
is using path parameters.

Question 38

URL format for relationships that involve one-multiple values and filtering that collection

Answer 38

For that query parameters are a good way something like

Filter out only red dogs of person with id 123

https: //dogtracker.com/persons/123/dogs?color=red
https: //dogtracker.com/persons/123/dogs?color=brown&breed=labrador

Question 39

What to do when the responses that don’t involve persistent resources? Like calculate, translate, convert.
Here we are just making simple algorithmic calculation like how much tax someone should pay or do a natural language translation or convert one currency to other. None of these involve persistent resources returned from a database.
How to follow our noun-based model?

Answer 39

The key insight here is that the URL should identify the resource in the response, not the processing algorithm that calculates the response. Since the resource whose representation is in the response is a thing, it is easy to invent a URL for it that fits the noun-based entity model for the web. From the client’s perspective, it is irrelevant whether the result is being calculated or retrieved from the database and indeed it is common for calculated resources to be subsequently stored in persistent cache for performance.
So API for money conversion can be
/monetary-amount?quantity=100&unit=EUR&in=CNY
or simply
/monetary-amount/100/EUR/CNY

Other approach can be to POST to some noun-based URL
POST /money-converter
{
  "amount" : 100,
  "inCurrency": "EUR",
  "toCurrency": "CNY"
}

Question 40

What are problems with POST to noun-based URL approach for handling non-persistent resources like money converter, translator etc.

Answer 40

The problem with having a POST URL
/money-converter and put JSON in body to represent amount, from, to values is that
- It is not cacheable using standard HTTP mechanisms
- Beginning to stray from the uniform
interface model, because each entity you POST to typically has its own unique inputs and outputs
that are not deducible from a broader data model that underpins a whole set of operations.
- begin to look more like the wider, more complex
- we are beginning to lose one of the
most fundamental advantages of REST. Extending the DBMS analogy, this is similar to what happens
when you introduce stored procedures into a database schema—it can be powerful, but it makes the
interface more complex and increases the coupling between client and server.

Question 41

Is there a reason why urls have to have verbs in case when representing non persistent resources like money convert, translate, calculate etc?

Answer 41

No, there is no reason for a URL to appear to identify a verb - they can always be nouns that identify things or atleast identify the things that will be returned in response.

Question 42

Why should we include self-references and kind properties in response?

Answer 42

“kind” property sometimes also spelled as “isA” or “type”.
“selfLink” property sometimes also spelled as “self”, which is better choice because “self” is standardized in ATOM specification, registered in IANA and copied by others.
These properties apply to every JSON object not just to top level one.

Why self link?
This is useful because including self link makes it explicit what web resource’s properties we are talking about without requiring contextual knowledge - like what URL did we GET to retrieve this JSON. This is especially useful for nested JSON objects where the outer context doesn’t help establish what resource we’re talking about.

Why kind property?
Helps client recognize whether or not this is an object they know how to process. This helps you add new concepts to your API without having to change the API version.

Question 43

Which are the ways to represent collections?

Answer 43

Because they are collections it doesn’t mean they are any different than previous objects. So same conventions can be applied to collections as well.
For example
{“self” : “https://dogtracker.com/dogs,
“kind”: “Collection”,
“contents”: [
{“self” : “https://dogtracker.com/dogs/12343”,
“kind”: “Dog”,
“name”: “Fido”
..
},
.
]
}
The value in contents property is a JSON array of JSON objects.
The array of URLs would be another good option if your clients don’t need any data about each of the content resources.

We can also omit the collection part and just start directly with JSON array in response rather than introducing collection type.

Question 44

What are advantages of explicitly using “collection” kind over directly using JSON array.

Answer 44

• Collections are like every other resource, not a special case.
• The collection is self describing, don’t have to be in code to know what collection you’re looking at
• Obvious place to put other properties like creationDate, owner, modificationdate, revisionID, parentResource etc.

Question 45

How to handle paginated collections?

Answer 45

Calling https://dogtracker.com/dogs is likely to be huge. It is neither good for client or server to return large collections. So pagination is required. This is how it has been handled in past
Req:
GET /dogs HTTP/1.1
Host: dogtracker.com
Accept: application/json

Res:
HTTP/1.1 303 See Other
Location: https://dogtracker.com/dogs?limit=25,offset=0

Req:
GET /dogs?limit=25,offset=0 HTTP/1.1
Host: dogtracker.com
Accept: application/json

Res:
HTTP/1.1 200 OK
Content-type: application/json
Content-Location: https://dogtracker.com/dogs?limit=25,offset=0
Content-length: 11233
{“self”: “https://dogtracker.com/dogs?limit=25,offset=0”,
“kind”: “Page”,
“pageOf”: “https://dogtracker.com/dogs”,
“next”: “https://dogtracker.com/dogs?limit=25,offset=25”,
“contents”: [
	 {“self”: “https://dogtracker.com/dogs/12344”,
	 “kind”: “Dog”,
	 “name”: “Fido”,
	 “furColor”: “white”
	},
	 {“self”: “https://dogtracker.com/dogs/12345”,
	 “kind”: “Dog”,
	 “name”: “Rover”,
	 “furColor”: “brown”
	},

… (23 more)
]
}

Question 46

Which are good properties to have when returning paginated response

Answer 46

pageOf - tells the original URL for which page is being sent
next - references the subsequent page (unless there is no next page)
previous - references the previous page (unless it is the first page and there is no previous)

Question 47

Is there a standard for the representation of pages of collections?

Answer 47

here is no standard for the representation of pages of collections shown here—we offer it in the spirit of
a minimalist approach that uses JSON in a simple, direct way. There are many other approaches out there.

Question 48

What approach should be taken to support multiple formats

Answer 48

• Only JSON on output has the advantage of simplicity
• client demand for XML or other formats
• support multiple output formats by supporting the
  standard HTTP Accept header

Question 49

Should HTTP PATCH method be supported for update and why?

Answer 49

Yes.
- it helps with the evolution of your API.
- PUT requires client to replace the entire content of the resource with every update.
- As your API evolves, want
to be able to add new properties without breaking existing clients.
- If clients replace the entire content on
every update, you are relying on them to preserve all properties, even if they weren’t changed
and even if they didn’t exist at the time the client was written.
- This is fragile—a single misbehaved client
can cause significant problems. PATCH avoids this risk.

Question 50

Which convention should be used for property names?
camelCase
snake_case

Answer 50

It depends on customer opinion. By default camelCase works the best.
Avoid use of special characters like \/=:;,.?#<>@

Question 51

Should REST APIs look like normalized relational database schema?

Answer 51

No, no rule says that REST interfaces must look like this. That makes REST APIs “chatty”. Client will have to perform many GETs to retrieve all information.

Question 52

Solution to relational schema normalization and REST interfaces being “chatty”?

Answer 52

Normalized schemas make updates simple, so one useful strategy for an API is to define all the resources
that you would associate with a normalized schema, and give those resources both read and update
capabilities. You can then add as many read-only denormalized resources as you need to support efficient
clients. These denormalized resources are true REST resources also—they have meaning as entities, they
have URIs, and so on. Their state may overlap with the state of other resources, but this is not a problem,
and this API will be no less RESTful and much more useful than a normalized one

Question 53

Why are partial responses useful?

Answer 53

Because there may be a lot of information that the client does not need. So to allow client to tell the fields it needs we use partial response.

Question 54

Possible formats for partial response?

Answer 54

LinkedIn
/people:(id,first-name,last-name,industry)

Facebook
/joe.smith/friends?fields=id,name,picture

Google
?fields=title,media:group(media:thumbnail)

They each have an optional parameter called fields after which you put the names of fields you want to be
returned.
As you see in this example, you can also put subobjects in responses to pull in other information from
additional resources.

Question 55

Recommended approach for partial response

Answer 55

Add optional “fields” in comma separated list

/dogs?fields=name,color,location

This works well because

• simple to read
• application developer can select just the information an apps needs at a given time
• it cuts down on bandwidth issues, which is important for mobile apps

Question 56

What is the advantage of including links like “first”, “next”, “previous”, “last” in REST api response when returning paginated data?

Answer 56

It makes it easier for the client to navigate through the pages without the need to construct the urls.

Question 57

How to make it easy for application developers to paginate objects in a database?

Answer 57

Usually links of previous, next, first and last are sufficient for handling large collections, but sometimes you may want to allow clients explicit control over pagination.

Facebook uses “offset” and “limit”.
Twitter uses “page” and “rpp” (records per page)
LinkedIn uses “start” and “count”.

Facebook and LinkedIn do the same thing but use different names.

To get records 50 through 75 from each system you would use:
Facebook: offset 50, limit 25
Twitter: page 3 and rpp 25
LinkedIn: start 50, count 25

Recommended approach is to use limit and offset.

Question 58

Why is good error design especially important for API designers?

Answer 58

• everything on the other side of that interface is a black box
• developers learn to write code through errors due to TDD and extreme programming
• developers depend on well-designed errors at the critical times when they are troubleshooting, and resolving issues

Question 59

Which is the best way to return errors from REST API?

Answer 59

Use of HTTP status codes with proper headers if very important. HTTP status codes should not be considered as return values from your function but they almost always are paired with headers.

For HTTP Get 200 it is not only data but also headers like Content-Location, Content-type, ETag, Content-Length etc

For HTTP 405 Method not allowed, must be paired with Allow header which includes the methods that are allowed. PUT, GET, DELETE

Make messages returned in the payload as verbose as possible

Question 60

If an error occurs which levels of information should be present in response. Include different audience like application developer, end user etc

Answer 60

{“developerMessage” : “Some technical language that points to the cause of the issue”, “userMessage” : “Pass this message on to the app user if needed”, “errorCode” :11234, “moreInfo”: “https://dev.teachdogrest.com/errors/12345”}