Continuing where I left, this blog is next in series after short introduction of API design
HTTP makes the web work!!๐
HTTP is protocol, XML is markup language, JSON is notation
REST is none of the above.
SOAP has a very fixed process, detailed scenarios, complex error handling.
REST has very few requirements, flexible based on needs and patterns.
HTTP is well understood protocol that is simple and powerful, every request and response has two parts, header and payload.
Payload is HTML, JSON, XML, or whatever comes there you can view, interact and process.
HTTP codes
2XX :
200 OK - Request successful
201 Created - Resources successfully created
202 Accepted - Identify that action is underway but not completed yet
204 No content - Delete a resource
3XX :
301 - Moved permanently
302 - Moved temporarily
4XX :
400 - Bad request
401 - Authentication required
402 - Forbidden
404 - Not found
HTTP Response Codes : 100s
100-199 : Informational
200-299 : Success
300-399 : Redirect
400-499 : Client Error
500-599 : Server Error
Content-Type - A header that identifies type of payload being provided by server from normal web browser, it'll be normal HTML.
Media types are named and structured payload that allow client to be customize to handle them.
REST API Constrains
- Client Server Architecture - API should be designed for this
- Stateless Architecture - Every request should be processed independently of each other
- Layered System
- Cacheable
- Code on demand
- Uniform interfaces
Authentication and Authorization
Authentication means establishing who you are, login with credentials.
Authorization established your permissions.
APIs have authorization factors, like who you are, your group membership, subscription level, context etc
API keys
Long string issues by API provider, appended to URL, not secure as URLs are not safeOAuth
Authorization protocol, upon authentication, a token maps to an authentication description.
API Versioning
- Versioning in URL
- Versioning via the accept header
Thanks for reading ๐
Top comments (0)