RESTFul API Guidelines
Zalando
API Design
API countsHow many endpoints/resources in an API?
|
Global designGeneral considerations on API design |
API Lifecycle
GovernanceHow to ensure API governance (advertise, consistency, …) |
Updates and VersioningHow to handle API updates and versioning |
Asynchronicity
AsynchronicityHow to handle long operations |
Notifying API consumersHow to send events or notifications to API consumers |
Collection Resources
FilteringHow to select some resources in a collection
|
PaginationHow to retrieve a range of resources in a collection
|
Retrieve a collectionHow to get a collection or resources
|
Sorting a collectionHow to sort a collection of resources
|
CollectionWhat is a collection (set) of resources |
Data
Standards dataWhich standard use for values like languages, countries, currencies, … |
Date and TimeHow to deal with date and time data
|
Null dataHow to deal with null data |
Data formatwhich data format use |
Error handling
Error formatHow to provide information about errors |
HTTP Methods
DELETEThe DELETE method deletes the specified resource. |
GETThe GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect. |
HEADThe HEAD method asks for a response identical to that of a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. |
OPTIONSThe OPTIONS method returns the HTTP methods that the server supports for the specified URL. This can be used to check the functionality of a web server by requesting ‘*’ instead of a specific resource. |
PATCHThe PATCH method applies partial modifications to a resource. |
POSTThe POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database. |
PUTThe PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI. |
HTTP methodsGeneral information about HTTP methods usage |
HTTP Protocol
CachingHow to use and provide relevant caching informations |
Content negociation and media typesHow to describe your API data format and/or propose different formats (like json, yaml, xml atom, …) |
HTTP HeadersHow to use standard or custom HTTP headers
|
HTTP StatusesGeneral information about HTTP statuses usage |
HTTP protocolGeneral informations about HTTP protocol |
HTTP Status Redirection
301 Moved PermanentlyThis and all future requests should be directed to the given URI. |
302 FoundCommon way of performing URL redirection. An HTTP response with this status code will additionally provide a URL in the location header field. The user agent (e.g. a web browser) is invited by a response with this code to make a second, otherwise identical, request to the new URL specified in the location field. |
303 See OtherThe response to the request can be found under another URI using a GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a redirect with a separate GET message. |
304 Not ModifiedIndicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy. |
HTTP Status Server Error
500 Internal Server ErrorA generic error message, given when an unexpected condition was encountered and no more specific message is suitable. |
501 Not ImplementedThe server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API). |
503 Service UnavailableThe server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state. |
HTTP Status Success
200 OKStandard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action. |
201 CreatedThe request has been fulfilled, resulting in the creation of a new resource. |
202 AcceptedThe request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon, and may be disallowed when processing occurs. |
204 No ContentThe server successfully processed the request and is not returning any content. |
HTTP Status User Error
400 Bad RequestThe server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing). |
401 UnauthorizedSimilar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. |
403 ForbiddenThe request was a valid request, but the server is refusing to respond to it. The user might be logged in but does not have the necessary permissions for the resource. |
404 Not FoundThe requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. |
405 Method Not AllowedA request method is not supported for the requested resource; for example, a GET request on a form which requires data to be presented via POST, or a PUT request on a read-only resource. |
406 Not AcceptableThe requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. |
408 Request TimeoutThe server timed out waiting for the request. According to HTTP specifications: The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time. |
409 ConflictIndicates that the request could not be processed because of conflict in the request, such as an edit conflict between multiple simultaneous updates. |
412 Precondition FailedThe server does not meet one of the preconditions that the requester put on the request. |
415 Unsupported Media TypeThe request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. |
423 LockedThe resource that is being accessed is locked. |
428 Precondition RequiredThe origin server requires the request to be conditional. Intended to prevent the lost update problem, where a client GETs a resource’s state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict. |
429 Too Many RequestsThe user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes. |
Hypermedia
Hypermedia (read)How to use hypermedia to read data |
HypermediaHow to use hypermedia |
Miscellaneous
DocumentationHow to produce and/or propose API documentation |
Performance and bandwidthHow to deal with high traffic or consumers with low bandwith |
Query parametersHow to use query parameters |
Naming
LanguageWhich language(s) use when designing an API |
CaseWhich case (lowercase, camelCase, …) to use and when |
NamingHow to name things |
Resources
Action resourceHow to use action resource (e.g. resources like /cancel or /approve) |
Create resourceHow to create resources
|
Delete resourceHow to delete resources
|
RelationshipsHow to define and use relations between resources |
Replace resourceHow to replace (or update fully) a resource
|
Dereference RelationshipsHow to load a resource and its linked resources in one call
|
Retrieve resource partiallyHow to retrieve partially a resource
|
Retrieve resourceHow to retrieve a resource
|
Update resource partiallyHow to udate partially a resource
|
Update resourceHow to update a resource |
URL formatHow to design URLs |
ResourceGeneral informations about resources |
Security
SecuritySecurity concerns |