Haufe API style guide

Haufe

API Design

Global design

General considerations on API design

API Lifecycle

Versioning

How to handle API versioning

Governance

How to ensure API governance (advertise, consistency, …)

Collection Resources

Retrieve a collection

How to get a collection or resources

Collection

What is a collection (set) of resources

Pagination

How to retrieve a range of resources in a collection

Sorting a collection

How to sort a collection of resources

Filtering

How to select some resources in a collection

Data

Standards data

Which standard use for values like languages, countries, currencies, …

Date and Time

How to deal with date and time data

Data format

which data format use

Error handling

Errors

How to handle errors

Error format

How to provide information about errors

HTTP Methods

HTTP methods

General information about HTTP methods usage

GET

The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.

DELETE

The DELETE method deletes the specified resource.

PUT

The PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.

PATCH

The PATCH method applies partial modifications to a resource.

POST

The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database.

HTTP Protocol

HTTP Statuses

General information about HTTP statuses usage

Caching

How to use and provide relevant caching informations

HTTP Headers

How to use standard or custom HTTP headers

HTTP Status Redirection

304 Not Modified

Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.

HTTP Status Server Error

501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API).

500 Internal Server Error

A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.

HTTP Status Success

200 OK

Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled, resulting in the creation of a new resource.

204 No Content

The server successfully processed the request and is not returning any content.

HTTP Status User Error

412 Precondition Failed

The server does not meet one of the preconditions that the requester put on the request.

411 Length Required

The request did not specify the length of its content, which is required by the requested resource.

410 Gone

Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a 404 Not Found may be used instead.

422 Unprocessable Entity

The request was well-formed but was unable to be followed due to semantic errors.

409 Conflict

Indicates that the request could not be processed because of conflict in the request, such as an edit conflict between multiple simultaneous updates.

408 Request Timeout

The server timed out waiting for the request. According to HTTP specifications: The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.

400 Bad Request

The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).

405 Method Not Allowed

A request method is not supported for the requested resource; for example, a GET request on a form which requires data to be presented via POST, or a PUT request on a read-only resource.

404 Not Found

The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible.

403 Forbidden

The request was a valid request, but the server is refusing to respond to it. The user might be logged in but does not have the necessary permissions for the resource.

401 Unauthorized

Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.

406 Not Acceptable

The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.

415 Unsupported Media Type

The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.

Miscellaneous

Documentation

How to produce and/or propose API documentation

Developer experience

How to take care of developer experience (DX)

Resources

Resource's state

How to change a resource’s state/status (like processed/sent/paid/…)

Delete resource

How to delete resources

Resource ID

What is a resource ID and/or how it’s built

Relationships

How to define and use relations between resources

Replace resource

How to replace (or update fully) a resource

Create resource with a specific ID

How to create resource with a provided id

Retrieve resource

How to retrieve a resource

Create resource

How to create resources

Retrieve resource partially

How to retrieve partially a resource

Update resource

How to update a resource

URL format

How to design URLs

Resource

General informations about resources

Update resource partially

How to udate partially a resource

Security

Data privacy

Data privacy concerns

Security

Security concerns