API Design — the basics

  • How authentication will work? Do I have/need a identity provider?
  • What’s the process of authentication? Call a OAUTH server to get a token and then call the API?
  • Do I need a API Gateway?
  • Which authentication strategies make sense to my API?
  • Do I want authorization? authorization and authentication are different stuff. Which levels of authorization do I need? Which profiles do I need?
  • Transport must be safe, think about HTTPS.
  • HTTP methods.
  • HTTP status codes.
  • Headers.
  • URIs.
  • Sort order.
  • List pros and cons.
  • Draw the solution.
  • Discuss with other team members (more or less experienced).
  • Inform version on the request headers.
  • Which headers are required?
  • Which query parameters are available?
  • Which method should I use?
  • What is the HTTP response?
  • How is the request body?
  • Is this API call synchronous or asynchronous? If asynchronous, how do I poll it?
  • Which versions are available and what are the differences?
  • How long does a specific version will live?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store