Haufe API style guide

Global design

General considerations on API design

• Introduction
• General Guidelines
• Message Schema and Postel's Law

Governance

How to ensure API governance (advertise, consistency, …)

• API Modelling and Design Process
• API Design Review Process
• Message Schema and Postel's Law

Updates and Versioning

How to handle API updates and versioning

• Version

Filtering

How to select some resources in a collection

• Filtering
• Time selection
• Search

Pagination

How to retrieve a range of resources in a collection

• Paging

Retrieve a collection

How to get a collection or resources

• Get List of resources

Sorting a collection

How to sort a collection of resources

• Sorting

Collection

What is a collection (set) of resources

• Collection Resources

Standards data

Which standard use for values like languages, countries, currencies, …

• Currency

  3-character ISO-4217

• Country

  ISO 3166-1-alpha-2

Date and Time

How to deal with date and time data

• Dates and Times

Data format

which data format use

• Hypermedia Response Format
• Type Formatting
• Message Schema and Postel's Law

Errors

How to handle errors

• Error handling

Error format

How to provide information about errors

• Error handling

DELETE

The DELETE method deletes the specified resource.

• HTTP Verbs

GET

The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.

• HTTP Verbs
• Get List of resources
• Read Single Resource

PATCH

The PATCH method applies partial modifications to a resource.

• HTTP Verbs
• Update Partial Single Resource

POST

The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database.

• HTTP Verbs
• Create New Resource
• Using POST (Search)

PUT

The PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.

• HTTP Verbs
• Update Single Resource
• Create New Resource - Consumer Supplied Identifier

HTTP methods

General information about HTTP methods usage

• HTTP Verbs

Caching

How to use and provide relevant caching informations

• Caching

HTTP Headers

How to use standard or custom HTTP headers

• Expires HTTP Header
• https://github.com/Haufe-Lexware/api-style-guide/blob/master/caching/caching.md#cache-control-header
• ETag

HTTP Statuses

General information about HTTP statuses usage

• Mapping Response Codes For Success and Failure
• HTTP Status Codes

304 Not Modified

Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.

• HTTP Status Codes

500 Internal Server Error

A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.

• HTTP Status Codes

501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API).

• HTTP Status Codes

200 OK

Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

• HTTP Status (Get List of resources)
• HTTP Status (Read Single Resource)
• HTTP Status Codes

201 Created

The request has been fulfilled, resulting in the creation of a new resource.

• HTTP Status Codes

204 No Content

The server successfully processed the request and is not returning any content.

• HTTP Status (Update Single Resource)
• HTTP Status (Update Partial Single Resource)
• Delete Single Resource
• HTTP Status Codes

400 Bad Request

The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).

• HTTP Status (Get List of resources)
• HTTP Status (Update Single Resource)
• HTTP Status (Update Partial Single Resource)
• HTTP Status Codes

401 Unauthorized

Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.

• HTTP Status Codes

403 Forbidden

The request was a valid request, but the server is refusing to respond to it. The user might be logged in but does not have the necessary permissions for the resource.

• HTTP Status Codes

404 Not Found

The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible.

• HTTP Status (Get List of resources)
• HTTP Status (Read Single Resource)
• Delete Single Resource

  404 Not Found HTTP status should not be utilized

• HTTP Status Codes

405 Method Not Allowed

A request method is not supported for the requested resource; for example, a GET request on a form which requires data to be presented via POST, or a PUT request on a read-only resource.

• HTTP Status Codes

406 Not Acceptable

The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.

• HTTP Status Codes

408 Request Timeout

The server timed out waiting for the request. According to HTTP specifications: The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.

• HTTP Status Codes

409 Conflict

Indicates that the request could not be processed because of conflict in the request, such as an edit conflict between multiple simultaneous updates.

• HTTP Status Codes

410 Gone

Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a 404 Not Found may be used instead.

• HTTP Status Codes

411 Length Required

The request did not specify the length of its content, which is required by the requested resource.

• HTTP Status Codes

412 Precondition Failed

The server does not meet one of the preconditions that the requester put on the request.

• HTTP Status Codes

415 Unsupported Media Type

The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.

• HTTP Status Codes

422 Unprocessable Entity

The request was well-formed but was unable to be followed due to semantic errors.

• HTTP Status (Update Single Resource)
• HTTP Status (Update Partial Single Resource)
• HTTP Status Codes

Hypermedia (read)

How to use hypermedia to read data

• Expanding Resources Through Hypermedia Linking
• Hypermedia and REST
• Relationships and Sub-Resources
• Hypermedia Links (Pagination)

Hypermedia

How to use hypermedia

• Expanding Resources Through Hypermedia Linking
• Support Hypermedia
• Hypermedia and REST
• Relationships and Sub-Resources
• Hypermedia Links (Pagination)
• Hypermedia Response Format

Developer experience

How to take care of developer experience (DX)

• Documentation

Documentation

How to produce and/or propose API documentation

• Every API MUST be described using a formal API description language
• Documentation

Naming

How to name things

• Building Your Resource Taxonomy
• Resource naming

Create resource with a specific ID

How to create resource with a provided id

• Create New Resource - Consumer Supplied Identifier

Create resource

How to create resources

• Create New Resource

Delete resource

How to delete resources

• Delete Single Resource

Resource ID

What is a resource ID and/or how it’s built

• Composite Keys

Relationships

How to define and use relations between resources

• How to Handle Resource Relationships and Composition
• Relationships and Sub-Resources

Replace resource

How to replace (or update fully) a resource

• Update Single Resource

Retrieve resource partially

How to retrieve partially a resource

• Field selection

Retrieve resource

How to retrieve a resource

• Read Single Resource

Resource's state

How to change a resource’s state/status (like processed/sent/paid/…)

Update resource partially

How to udate partially a resource

• Update Partial Single Resource

Update resource

How to update a resource

• Update Single Resource
• Update Partial Single Resource

URL format

How to design URLs

• URI Components

Resource

General informations about resources

• Building Your Resource Taxonomy
• Defining Resource Lifecycles
• Resources

Security

Security concerns

• API clients MUST use an API Key

Data privacy

Data privacy concerns

• Security and Authentication