RESTful API Development
The REST (Representational state transfer) model separates the API into logical resources. These resources are manipulated using HTTP requests where the method (GET, POST, PUT, PATCH, DELETE) has specific meaning.
Before creating a public API for a web app, some requirements should be considered:
- The data model must be relatively stable
It can be hard to make significant changes to an API once it’s released. To get as much correct up-front, all data sources and what actions can be taken on them should already be designed. An API is a UI, and just like any UI it’s important to ensure the user’s experience has been planned carefully!
Always use SSL for all requests. No exceptions.
SSL guarantees encrypted communications, simplifying authentication efforts – you can get away with simple access tokens instead of having to sign each API request.
Non SSL Requests
One thing to watch out for is non-SSL access to API URLs. Do not redirect these to their SSL counterparts. Throw a hard error instead! When a automatic redirect is in place, a poorly configured client could unknowingly leak request parameters over the unencrypted endpoint. A hard error ensures this mistake is caught early and the client is configured properly.