All topics covered by analyzed Design Guidelines are listed here.
Each topic page lists all references to a specific topic throughout all analyzed guidelines.
API countsHow many endpoints/resources in an API? |
Global designGeneral considerations on API design |
GovernanceHow to ensure API governance (advertise, consistency, …) |
Updates and VersioningHow to handle API updates and versioning |
AsynchronicityHow to handle long operations |
Notifying API consumersHow to send events or notifications to API consumers |
CollectionWhat is a collection (set) of resources |
FilteringHow to select some resources in a collection |
PaginationHow to retrieve a range of resources in a collection |
Retrieve a collectionHow to get a collection or resources |
Sorting a collectionHow to sort a collection of resources |
Data formatwhich data format use |
Date and TimeHow to deal with date and time data |
InternationalizationProviding internationalized data representation (e.g. adapted to the user’s country) |
Null dataHow to deal with null data |
Standards dataWhich standard use for values like languages, countries, currencies, … |
Error formatHow to provide information about errors |
ErrorsHow to handle errors |
DELETEThe DELETE method deletes the specified resource. |
Forbidden methods alternativesWhat to do when only possible HTTP methods are POST and GET |
GETThe GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect. |
HEADThe HEAD method asks for a response identical to that of a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. |
HTTP methodsGeneral information about HTTP methods usage |
OPTIONSThe OPTIONS method returns the HTTP methods that the server supports for the specified URL. This can be used to check the functionality of a web server by requesting ‘*’ instead of a specific resource. |
PATCHThe PATCH method applies partial modifications to a resource. |
POSTThe POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database. |
PUTThe PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI. |
CachingHow to use and provide relevant caching informations |
Content negociation and media typesHow to describe your API data format and/or propose different formats (like json, yaml, xml atom, …) |
HTTP HeadersHow to use standard or custom HTTP headers |
HTTP StatusesGeneral information about HTTP statuses usage |
HTTP protocolGeneral informations about HTTP protocol |
300 Multiple ChoicesThe 300 (Multiple Choices) status code indicates that the target resource has more than one representation, each with its own more specific identifier, and information about the alternatives is being provided so that the user (or user agent) can select a preferred representation by redirecting its request to one or more of those identifiers. In other words, the server desires that the user agent engage in reactive negotiation to select the most appropriate representation(s) for its needs. |
301 Moved PermanentlyThis and all future requests should be directed to the given URI. |
302 FoundCommon way of performing URL redirection. An HTTP response with this status code will additionally provide a URL in the location header field. The user agent (e.g. a web browser) is invited by a response with this code to make a second, otherwise identical, request to the new URL specified in the location field. |
303 See OtherThe response to the request can be found under another URI using a GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a redirect with a separate GET message. |
304 Not ModifiedIndicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy. |
307 Temporary RedirectThe 307 (Temporary Redirect) status code indicates that the target resource resides temporarily under a different URI and the user agent MUST NOT change the request method if it performs an automatic redirection to that URI. Since the redirection can change over time, the client ought to continue using the original effective request URI for future requests. |
308 Permanent RedirectThe 308 (Permanent Redirect) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. |
500 Internal Server ErrorA generic error message, given when an unexpected condition was encountered and no more specific message is suitable. |
501 Not ImplementedThe server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API). |
503 Service UnavailableThe server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state. |
200 OKStandard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action. |
201 CreatedThe request has been fulfilled, resulting in the creation of a new resource. |
202 AcceptedThe request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon, and may be disallowed when processing occurs. |
203 Non-Authoritative InformationThe 203 (Non-Authoritative Information) status code indicates that the request was successful but the enclosed payload has been modified from that of the origin server’s 200 (OK) response by a transforming proxy. |
204 No ContentThe server successfully processed the request and is not returning any content. |
206 Partial ContentThe server is delivering only part of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams. |
400 Bad RequestThe server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing). |
401 UnauthorizedSimilar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. |
403 ForbiddenThe request was a valid request, but the server is refusing to respond to it. The user might be logged in but does not have the necessary permissions for the resource. |
404 Not FoundThe requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. |
405 Method Not AllowedA request method is not supported for the requested resource; for example, a GET request on a form which requires data to be presented via POST, or a PUT request on a read-only resource. |
406 Not AcceptableThe requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. |
408 Request TimeoutThe server timed out waiting for the request. According to HTTP specifications: The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time. |
409 ConflictIndicates that the request could not be processed because of conflict in the request, such as an edit conflict between multiple simultaneous updates. |
410 GoneIndicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a 404 Not Found may be used instead. |
411 Length RequiredThe request did not specify the length of its content, which is required by the requested resource. |
412 Precondition FailedThe server does not meet one of the preconditions that the requester put on the request. |
415 Unsupported Media TypeThe request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. |
422 Unprocessable EntityThe request was well-formed but was unable to be followed due to semantic errors. |
423 LockedThe resource that is being accessed is locked. |
428 Precondition RequiredThe origin server requires the request to be conditional. Intended to prevent the lost update problem, where a client GETs a resource’s state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict. |
429 Too Many RequestsThe user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes. |
HypermediaHow to use hypermedia |
Hypermedia (read)How to use hypermedia to read data |
Hypermedia (write)How to use hypermedia to write data |
API chainingHow to chain API call in internal systems |
CORSHow to deal with CORS |
Debug and diagnoseHow to provide informations to debug and diagnose |
Developer experienceHow to take care of developer experience (DX) |
DocumentationHow to produce and/or propose API documentation |
Guiding inputsHow to help consumers or end user to input relevant data |
Performance and bandwidthHow to deal with high traffic or consumers with low bandwith |
Query parametersHow to use query parameters |
Rate limitingHow to provide information about how many calls a consumer can do |
UndoHow to undo things |
CaseWhich case (lowercase, camelCase, …) to use and when |
LanguageWhich language(s) use when designing an API |
NamingHow to name things |
Action resourceHow to use action resource (e.g. resources like /cancel or /approve) |
Batch BulkHow to handle batch/bulk processing/creation/update/… (e.g. handle multiple resources at conce) |
Create resourceHow to create resources |
Create resource with a specific IDHow to create resource with a provided id |
Delete resourceHow to delete resources |
Dereference RelationshipsHow to load a resource and its linked resources in one call |
ID with semanticUsing meaningful ids (like |
RelationshipsHow to define and use relations between resources |
Replace resourceHow to replace (or update fully) a resource |
ResourceGeneral informations about resources |
Resource IDWhat is a resource ID and/or how it’s built |
Resource's stateHow to change a resource’s state/status (like processed/sent/paid/…) |
Retrieve resourceHow to retrieve a resource |
Retrieve resource partiallyHow to retrieve partially a resource |
Track changeHow to track change on resources |
URL formatHow to design URLs |
Update resourceHow to update a resource |
Update resource partiallyHow to udate partially a resource |
Data privacyData privacy concerns |
SecuritySecurity concerns |