Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How do you prefer to structure web APIs?
1 point by osrec on Feb 6, 2019 | hide | past | favorite | 1 comment
I've seen people use the full suite of HTTP verbs and headers, and follow REST principles down to a tee. I've seen others send everything as a Post request (to prevent caching) with a JSON payload that contains all the needed info to execute the request, including in some cases, an authorisation token as well.

So, people of HN, how best do you like to structure your web APIs?



My advice is: Use standards and don't reinvent the wheel. There are plenty of them...

https://jsonapi.org/

https://github.com/OAI/OpenAPI-Specification

http://json-schema.org/

https://graphql.org/learn/

...

And for authentication and authorisation use oauth:

https://oauth.net/2/

and prevent states and cookies (!) - use tokens and headers instead.

There is no "BEST" option in my opinion, but https://api-platform.com/ is a good place to start for getting things done... and perhaps search for HATEOAS libs in the programming language of your choice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: