Like every other type of software, the success of application program interfaces (APIs) hinges crucially on the type of user-experience they provide. There is, however, a significant point of difference. While user-oriented software (mobile apps, for instance) need to be easily usable for the general public, APIs have to be accepted by developers – who are established programmers themselves. Hence, there is a certain additional level of technical sophistication required, when you design new APIs. In what follows, we will highlight a few handy tips for efficient API designing:
Know the purpose of your API
Keep in mind that APIs are, in most cases at least, not technical solutions per se. They are built to serve as tools for web and mobile app developers. Make sure that there is a clear requirement of your API – a unique problem it solves or a specific need it addresses. Instead of focusing on how your API can fit into existing IT setups, think of how it can help businesses in the long run. Avoid making APIs just for the heck of it – that would be a waste of time and hard work.
Note: The name of your API should clearly indicate its functionality. Do not fall into the ProcessData() trap, and stay away from trying to promote your company through API names.
Go for Versioning
It’s a brand new API, and you have no idea whether there will ever be a need for subsequent versions. Do you still need to use versioning in such cases? Oh yes, absolutely – since top-level versioning would make it extremely easy for you to add fresh versions later and include more functionalities in them, without having to change the API interface (versioning is, of course, free too!). What’s more, if your API is properly versioned, you can get a clear idea of its user-distribution as well. The version of an API should ideally be stated in its URL.
Identify the core features of your API and keep them simple
There are plenty of areas where an API can trip up, owing to sub-standard designing. However, you should be particularly careful while finalizing the data structure and options in your software, the workflows and data sequencing involved in it, and obviously, the richness of the data used in the API. Do not include too many structural variations and find out how many fields should be present in responses. Within the API workflow, ensure that the user-authentication/authorization flow is transparent and customer-friendly. While adding rich data, keep in mind that making the API layer too heavy can make its development cycle lengthier and also affect its overall performance.
Use HTTP codes correctly
Stay well away from API development and designing until you have a thorough idea of what each HTTP status codes mean. For a general REST (representational state transfer) API, the most common response codes are 200 (OK), 201 (Created), 204 (Zero Content), 401 (Unauthorized), 404 (Not Found) and 422 (Unprocessable Entity). The 5xx status codes signify refer to server-side errors (just as 4xx responses indicate client errors). Understand and use HTTP codes correctly in your API – mistakes here can introduce serious glitches in your software.
Note: Instead of having to deal with heavy XML processing for transferring data to your API’s endpoints, make use of JSON. SOAP APIs have given way to RESTful exchanges in terms of simplicity (and hence, popularity), and JSON is significantly easier to work with than XML.
Make your APIs more scalable with hypermedia
As widely discussed in last year’s Nordic API World Tour, hypermedia is the best possible tool for ensuring seamless evolvability in your APIs. Broadly speaking, hypermedia refers to all hypertext extensions for multimedia functionality, and it allows API providers to adapt to the rapidly changing ecosystem of business API requirements – without damaging the existing client applications. At first, the presence of hypermedia might just make an API seem slightly complex to mobile app developers. However, from a long-term perspective and changes that are likely to be needed in future, they have to be included.
Include data caching in your API
This is particularly important for APIs that need some time to load and execute. API providers mostly opt for distributed caching services, which allow all hosts to access/make modifications in it (as and when required). Avoid using in-memory data caching for every host, since that can make the entire system setup complicated and buggy. It has been proven that APIs with a hosted caching solution in the cloud execute faster and are, all things considered, more efficient.
Note: You have to use HTTP caching headers to define the caching rules for your API.
Consider implementing a rate-limit
Not a mandatory requirement, but a smart one nonetheless. As the user-base of your API grows, it will be integrated in an increasing number of new workflows and system infrastructure. App developers might make the mistake of introducing endless loops while calling the endpoints, resulting in serious API concurrency issues (such issues from the client-side can even result in your API breaking down temporarily). To minimize such risks, you should introduce basic rate-limits – to specify the maximum number of API calls/network requests within a given time-span – for endpoints that are the most resource-intensive. Make sure that your rate-limits are easily understandable by users.
Formal documentation is necessary
Technical documentation for an API is no longer an option. The documentation serves as the first point of interaction between your interface and developers who are likely to use it. You need to get your message about the features and advantages of your API across fast – or else, users might move over to another API provider. In addition to the methods, functions, requests, responses and other basic features – make it a point to include a detailed tutorial and multiple examples/Use Cases in the API documentation. It should work well as a guide for developers using your API for the first time.
Note: To find out whether your documentation is good enough, ask the API testers to go through it and then use it to create a basic application within 15-20 minutes. If they cannot do that, that’s a signal that further explanations are required in the documentation.
A consistent, easy-to-understand pagination system can go a long way in enhancing the usability of your API. For starters, it would bring down the total volume of computations required on the app servers. In addition, pagination would stop non-essential data from being transferred to clients. Choose from the different patterns available for pagination, depending on precise nature and likely usage of your API. All the timestamped pages in the API need to have links to more pages. That would ensure that pagination requests do not return duplicate results, even when the concerned objects have been modified.
Know your way with the HTTP ‘verbs’
We have already spoken about the importance of the HTTP status codes. Equally crucial are the so-called HTTP verbs, during the creation of any standard REST API. POST is used to create a new resource, PATCH is specified for the updation of already existing resources, GET is called for data retrieval, while for deleting a resource, the DELETE verb is used. There are several other common HTTP verbs as well, and they help developers while using new APIs.
Note: Avoid trying to use the GET request to to make data modifications. It is meant to be used only for retrieving data, and not for making changes in it.
11. Use annotations and markers
Are you making a private API or a public/open API? Is authentication required on it? Create and use custom annotations and markers to clearly specify these issues. Both authentication requirements as well as the degree of access control can be managed with markers/annotations. To gain further information on the user calling an API, the markers need to have additional ‘context objects’. Yet another advantage of using markers and annotations in APIs is that, they can easily classify network requests on a granular level, based on user-profiling.
12. API security should be a prime concern
If the security features of your API are suspect, it is almost destined to fail. Instead of providing your API exclusively under HTTP, go for simultaneous HTTP and HTTPS support. You can even consider offering your API only under HTTPS (this is increasingly being done by leading API developers across the world). Use ‘throttling’ methods (e.g, a 503 response) to protect your API’s performance from getting affected due to a huge number of requests from single users. Be wary of the many other forms of Denial-of-Service (DoS) attacks. If your API can promise (and deliver!) complete security assurance, nothing like it.
Note: Cross-site Request Forgery, or CSRF, is another serious black-hat security threat for APIs. The risk is particularly big when the interactive users use the same authentication configuration that is accepted by the API.
In addition to the above points, make sure that you follow the four rules of thumb while creating your API. Firstly, make your API highly reliable, with minimal system downtimes. For public APIs (which are rapidly growing) set up a transparent API monetization model and deliver high longevity. Next, share the best practices of using your API with its target users (i.e. the developers). Finally, design your API in a way that ensures that users have optimal ‘control’ over it. You can do this by letting developers download and store API data in their local servers, instead of having to depend on cloud operations at all times. Make APIs easily ‘discoverable’, and provide robust, round-the-clock developer support (with SDKs, references, pricing issues, and more).
Remember one thing: most API complexities need to be managed by you, the provider. Deliver a great user-experience to developers with your API – that’s the best way to pave the path for its success!