m REST API design and tools
add Manning API book links
Key Points
- OpenAPI is the open api standard built from Swagger open-source
- SwaggerHub is an online api design center
- personal account is free but very limited
- Swagger Team is $15 per month per user ( expensive $180 per year per user )
References
Key Concepts
REST API Design Concepts
https://medium.com/better-programming/restful-api-design-step-by-step-guide-2f2c9f9fcdbf
As software developers, most of us use or build REST APIs in day to day life. APIs are the default means of communication between the systems. Amazon is the best example of how APIs can be efficiently used for communication.
In this article, I am going to talk about how to design your RESTful APIs better to avoid common mistakes.
Jeff Bezos’ (Key to Success) Mandate
Some of you might have been already aware of Jeff Bezos’ mandate to the developers in Amazon. If you never got a chance to hear about it, the following points are the crux of it.
- All teams will henceforth expose their data and functionality through service interfaces.
- Teams must communicate with each other through these interfaces.
- There will be no other form of interprocess communication allowed — no direct linking, no direct reads of another team’s data store, no shared-memory model, no back doors whatsoever. The only communication allowed is via service interface calls over the network.
- It doesn’t matter what technology they use. HTTP, Corba, Pubsub, custom protocols — doesn’t matter. Bezos doesn’t care.
- All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
- Anyone who doesn’t do this will be fired.
Eventually, this turned out to be the key to Amazon’s success. Amazon could build scalable systems and later could also offer those as services like Amazon Web Services.
Principles of Designing RESTful APIs
Now let’s understand the principles we should follow while designing the RESTful APIs.
Keep it simple
We need to make sure that the base URL of the API is simple. For example, if we want to design APIs for products, it should be designed like:
/products
/products/12345
The first API is to get all products and the second one is to get a specific product.
Use nouns and not the verbs
A lot of developers make this mistake. They generally forget that we have HTTP methods with us to describe the APIs better and end up using verbs in the API URLs. For instance, API to get all products should be:
/products
and not as shown below
/getAllProducts
Some common URL patterns, I have seen so far.
Use of the right HTTP methods
RESTful APIs have various methods to indicate the type of operation we are going to perform with this API.
- GET — To get a resource or collection of resources.
- POST — To create a resource or collection of resources.
- PUT/PATCH — To update the existing resource or collection of resources.
- DELETE — To delete the existing resource or the collection of resources.
We need to make sure we use the right HTTP method for a given operation.
Use plurals
This topic is a bit debatable. Some people like to keep the resource URL with plural names while others like to keep it singular. For instance —
/products/product
I like to keep it plural since it avoids confusion about whether we are talking about getting a single resource or a collection. It also avoids adding additional things like attaching all to the base URL e.g. /product/all
Some people might not like this but my only suggestion is to keep it uniform across the project.
Use parameters
Sometimes we need to have an API which should be telling more story than just by id. Here we should make use of query parameters to design the API.
/products?name=’ABC’
should be preferred over/getProductsByName
/products?type=’xyz’
should be preferred over/getProductsByType
This way you can avoid long URLs with simplicity in design.
Use proper HTTP codes
We have plenty of HTTP codes. Most of us only end up using two — 200 and 500! This is certainly not good practice. Following are some commonly used HTTP codes.
- 200 OK — This is most commonly used HTTP code to show that the operation performed is successful.
- 201 CREATED — This can be used when you use the POST method to create a new resource.
- 202 ACCEPTED — This can be used to acknowledge the request sent to the server.
- 400 BAD REQUEST — This can be used when client-side input validation fails.
- 401 UNAUTHORIZED / 403 FORBIDDEN— This can be used if the user or the system is not authorized to perform a certain operation.
- 404 NOT FOUND— This can be used if you are looking for a certain resource and it is not available in the system.
- 500 INTERNAL SERVER ERROR — This should never be thrown explicitly but might occur if the system fails.
- 502 BAD GATEWAY — This can be used if the server received an invalid response from the upstream server.
Versioning
Versioning of APIs is very important. Many different companies use versions in different ways. Some use versions as dates while some use versions as query parameters. I generally like to keep it prefixed to the resource. For instance:
/v1/products
/v2/products
I would also like to avoid using /v1.2/products
, as it implies the API would be frequently changing. Also, dots (.) might not be easily visible in the URLs. So keep it simple.
It is always good practice to keep backward compatibility so that if you change the API version, consumers get enough time to move to the next version.
Use pagination
Use of pagination is a must when you expose an API which might return huge data, and if proper load balancing is not done, the consumer might end up bringing down the service. We need to always keep in mind that the API design should be full proof and fool proof.
Use of limit
and offset
is recommended here. For example, /products?limit=25&offset=50
. It is also advised to keep a default limit and default offset.
Supported formats
It is also important to choose how your API responds. Most of the modern day applications should return JSON responses, unless you have a legacy app which still needs to get an XML response.
Use proper error messages
It is always good practice to keep a set of error messages the application sends and respond to that with proper id. For example, if you use Facebook graph APIs, in case of errors, it returns a message like this:
{
"error": {
"message": "(#803) Some of the aliases you requested do not exist: products",
"type": "OAuthException",
"code": 803,
"fbtrace_id": "FOXX2AhLh80"
}
}
I have also seen some examples in which people return a URL with an error message, which tells you more about the error message and how to handle it as well.
Use of OpenAPI specifications
In order to keep all teams in your company abide by certain principles, use of OpenAPI specification can be useful. OpenAPI allows you to design your APIs first and share that with the consumers in an easier manner.
Conclusion
It is quite evident that if you want to communicate better, APIs are the way to go. But if they are designed badly then it might increase confusion. So put your best effort in designing well, and the rest is just the implementation.
Other API Best Practice Tips
Digital Transformation Tip 015: 15 Best Practices for #APIs
1. Design for clear purpose, simplicity, and user centered approach
2. Follow #RESTful principles
3. Provide comprehensive documentation
4. Version your APIs
5. Use clear and consistent naming conventions
6. Use proper authentication and authorization mechanism
7. Handle errors effectively
8. Ensure #data validation and consistency
9. Implement rate limiting and throttling
10. Incorporate #security standards
11. Optimize for performance
12. Monitor, log and analyse API usage
13. Plan for scalability, extensibility and version deprecation
14. Support developer community
15. Test, evolve and iterate
API Technical Capabilties
OpenAPI
https://swagger.io/docs/specification/about/
What Is OpenAPI?
OpenAPI Specification (formerly Swagger Specification) is an API description format for REST APIs. An OpenAPI file allows you to describe your entire API, including:
- Available endpoints (
/users
) and operations on each endpoint (GET /users
,POST /users
) - Operation parameters Input and output for each operation
- Authentication methods
- Contact information, license, terms of use and other information.
API specifications can be written in YAML or JSON. The format is easy to learn and readable to both humans and machines. The complete OpenAPI Specification can be found on GitHub: OpenAPI 3.0 Specification
What Is Swagger?
Swagger is a set of open-source tools built around the OpenAPI Specification that can help you design, build, document and consume REST APIs. The major Swagger tools include:
- Swagger Editor – browser-based editor where you can write OpenAPI specs.
- Swagger UI – renders OpenAPI specs as interactive API documentation.
- Swagger Codegen – generates server stubs and client libraries from an OpenAPI spec.
Why Use OpenAPI?
The ability of APIs to describe their own structure is the root of all awesomeness in OpenAPI. Once written, an OpenAPI specification and Swagger tools can drive your API development further in various ways:
- Design-first users: use Swagger Codegen to generate a server stub for your API. The only thing left is to implement the server logic – and your API is ready to go live!
- Use Swagger Codegen to generate client libraries for your API in over 40 languages.
- Use Swagger UI to generate interactive API documentation that lets your users try out the API calls directly in the browser.
- Use the spec to connect API-related tools to your API. For example, import the spec to SoapUI to create automated tests for your API.
- And more! Check out the open-source and commercial tools that integrate with Swagger.
OpenAPI Tools
from .. A Beginners Guide to
- There is no doubt that Swagger Codegen is not the only code generator available on the
market so why choose Swagger Codegen? Here are a couple of points to convince you
Swagger Codegen is the obvious choice:
Swagger Codegen is completely free and open-source with Apache License version
2.0. The auto-generated files are not licensed so you can apply whatever software
license to the auto-generated code as you deem appropriate. - Swagger Codegen, with 5000+ stars on the Github project page10 and 9000+
commits, has a vibrant and growing community. More than 700 software developers
all over the world have filed a Pull Request, which is the standard way to propose
code changes in git, to make Swagger Codegen better. You will find many activities
related to Swagger Codegen in StackOverflow, Twitter, Github and other social
networks. For a list of presentations, videos, tutorials and eBooks on Swagger
Codegen, please refer to the README in the Github repository11. - Swagger Codegen supports more than 30 API clients, 20 server stubs and API
documentation. Recently, we just added support for Kotlin client generator12 and
more generators such as PowerShell13, Lua14, Rust15 and Ada16 are being worked on
by the awesome community.
Swagger Editor - Open Source
https://swagger.io/docs/open-source-tools/swagger-editor/
The Swagger Editor is an open source editor to design, define and document RESTful APIs in the Swagger Specification. The source code for the Swagger Editor can be found in GitHub.
GitHub: https://github.com/swagger-api/swagger-editor
Download
Using the Editor on the Web
The Editor works in any web browser, and can be hosted locally or accessed from the web.
Using the Editor on a local machine
You can run and use the Swagger Editor on your machine as well.
Prerequisites
The following dependencies would need to be installed on your machine before downloading and running the Swagger Editor.
Once NodeJS is installed successfully, please install all the npm dependencies using
npm install;
Setup with http-server module from GitHub
The Swagger Editor can be found in this public repository on GitHub.
Please run the following to run the Editor using the http-server module from GitHub. After downloading the latest version from Github, you will need to run these scripts on your terminal.
npm install -g http-server
wget https://github.com/swagger-api/swagger-editor/releases/download/v2.10.4/swagger-editor.zip
unzip swagger-editor.zip
http-server swagger-editor
Setup from Docker
The Swagger Editor can be found in this public repository on Docker.
Please run the following to run the Editor in your local machine from Docker.
docker pull swaggerapi/swagger-editor
docker run -p 80:8080 swaggerapi/swagger-editor
Contribute
The Swagger Editor is an open source project under the Apache license. You can contribute to the project with suggestions, ideas, bug reports and pull requests in the Swagger Editor GitHub repository.
Please run the following to to see the Editor’s source code and work on the project from your local machine.
git clone https://github.com/swagger-api/swagger-editor.git
cd swagger-editor
npm install
npm run build
npm start
Common issues:
- If
npm start
does not work, delete the node_modules folder, then runnpm install
andnpm start
- If there is a problem with dist folder after cloning, go to the root and run
npm run build
Swagger UI - Open Source
https://swagger.io/docs/open-source-tools/swagger-ui/usage/installation/
Distribution channels
NPM Registry
We publish two modules to npm: swagger-ui
and swagger-ui-dist
.
swagger-ui
is meant for consumption by JavaScript web projects that include module bundlers, such as Webpack, Browserify, and Rollup. Its main file exports Swagger UI's main function, and the module also includes a namespaced stylesheet at swagger-ui/dist/swagger-ui.css
. Here's an example:
import SwaggerUI from 'swagger-ui'
// or use require, if you prefer
const SwaggerUI = require('swagger-ui')
SwaggerUI({
dom_id: '#myDomId'
})
In contrast, swagger-ui-dist
is meant for server-side projects that need assets to serve to clients. The module, when imported, includes an absolutePath
helper function that returns the absolute filesystem path to where the swagger-ui-dist
module is installed.
Note: we suggest using swagger-ui
when your tooling makes it possible, as swagger-ui-dist
will result in more code going across the wire.
The module's contents mirrors the dist
folder you see in the Git repository. The most useful file is swagger-ui-bundle.js
, which is a build of Swagger UI that includes all the code it needs to run in one file. The folder also has an index.html
asset, to make it easy to serve Swagger UI like so:
const express = require('express')
const pathToSwaggerUi = require('swagger-ui-dist').absolutePath()
const app = express()
app.use(express.static(pathToSwaggerUi))
app.listen(3000)
The module also exports SwaggerUIBundle
and SwaggerUIStandalonePreset
, so if you're in a JavaScript project that can't handle a traditional npm module, you could do something like this:
var SwaggerUIBundle = require('swagger-ui-dist').SwaggerUIBundle
const ui = SwaggerUIBundle({
url: "https://petstore.swagger.io/v2/swagger.json",
dom_id: '#swagger-ui',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIBundle.SwaggerUIStandalonePreset
],
layout: "StandaloneLayout"
})
SwaggerUIBundle
is equivalent to SwaggerUI
.
Docker
You can pull a pre-built docker image of the swagger-ui directly from Docker Hub:
docker pull swaggerapi/swagger-ui
docker run -p 80:8080 swaggerapi/swagger-ui
Will start nginx with Swagger UI on port 80.
Or you can provide your own swagger.json on your host
docker run -p 80:8080 -e SWAGGER_JSON=/foo/swagger.json -v /bar:/foo swaggerapi/swagger-ui
The base URL of the web application can be changed by specifying the BASE_URL
environment variable:
docker run -p 80:8080 -e BASE_URL=/swagger -e SWAGGER_JSON=/foo/swagger.json -v /bar:/foo swaggerapi/swagger-ui
This will serve Swagger UI at /swagger
instead of /
.
For more information on controlling Swagger UI through the Docker image, see the Docker section of the Configuration documentation.
unpkg
You can embed Swagger UI's code directly in your HTML by using unpkg's interface:
<script src="//unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js"></script>
<!-- `SwaggerUIBundle` is now available on the page -->
See unpkg's main page for more information on how to use unpkg.
Swagger Codegen - Open Source
https://swagger.io/docs/open-source-tools/swagger-codegen/
The Swagger Codegen is an open source code-generator to build server stubs and client SDKs directly from a Swagger defined RESTful API. The source code for the Swagger Codegen can be found in GitHub.
GitHub: https://github.com/swagger-api/swagger-codegen
Compatibility
Swagger Codegen Version | Release Date | Swagger Spec Compatibility | Notes |
---|---|---|---|
2.3.0 (upcoming minor release) | TBD | 1.0, 1.1, 1.2, 2.0 | Minor releases with breaking changes |
2.2.2 (upcoming patch release) | TBD | 1.0, 1.1, 1.2, 2.0 | Patch release (without breaking changes) |
2.2.1 (current stable) | 2016-08-07 | 1.0, 1.1, 1.2, 2.0 | tag v2.2.1 |
2.1.6 | 2016-04-06 | 1.0, 1.1, 1.2, 2.0 | tag v2.1.6 |
2.0.17 | 2014-08-22 | 1.1, 1.2 | tag v2.0.17 |
1.0.4 | 2012-04-12 | 1.0, 1.1 | tag v1.0.4 |
Installation
Prerequisites
The following dependencies would need to be installed on your machine before downloading and running the Swagger Codegen.
- Java, version 7 or higher
Installation with Homebrew
If you have a Mac or a Linux environment, then you could use Homebrew to install the Swagger Codegen.
brew install swagger-codegen
Installation from Maven Central
All versions of the Swagger Codegen project can be found on Maven Central. Visit this folder on Maven, and choose the appropriate version (we recommend the latest version).
You could download and run the executable .jar file (for example, swagger-codegen-cli-2.2.1.jar)
Alternatively, you could use the wget command as well.
wget {link address of the executable .jar file}
Example:
wget https://oss.sonatype.org/content/repositories/releases/io/swagger/swagger-codegen-cli/2.2.1/swagger-codegen-cli-2.2.1.jar
Usage
For the sake of simplicity, we will assume you have the swagger-codegen-cli-2.2.1 installed. Please visit the installation section of the Swagger Codegen to learn about how to get the Codegen on your machine.
List of supported languages
To get a list of languages supported by the Swagger Codegen -
If you have Homebrew installed:
swagger-codegen
Else, you could use:
java -jar swagger-codegen-cli-2.2.1.jar
Help options in terminal
To see the various help section options of the Swagger Codegen -
If you have Homebrew installed:
swagger-codegen help
Else, you could use:
java -jar swagger-codegen-cli-2.2.1.jar help
Once you have the various help section options, you can learn about a specific topic.
If you have Homebrew installed:
swagger-codegen help <command>
Example:
swagger-codegen help generate
Else, you could use:
java -jar swagger-codegen-cli-2.2.1.jar help <command>
Example:
java -jar swagger-codegen-cli-2.2.1.jar help generate
To see the various config help section options for specific languages supported by the Swagger Codegen -
If you have Homebrew installed:
swagger-codegen config-help -l <language name>
Example:
swagger-codegen config-help -l php
Else, you could use:
java -jar swagger-codegen-cli-2.2.1.jar config-help -l <language name>
Example:
java -jar swagger-codegen-cli-2.2.1.jar config-help -l php
Generating Code
To generate code from an existing swagger specification -
If you have Homebrew installed:
swagger-codegen generate -i <path of your Swagger specification> -l <language>
Example:
swagger-codegen generate -i http://petstore.swagger.io/v2/swagger.json -l csharp
Else, you could use:
java -jar swagger-codegen-cli-2.2.1.jar generate -i <path of your Swagger specification> -l <language>
` Example:
java -jar swagger-codegen-cli-2.2.1.jar generate -i http://petstore.swagger.io/v2/swagger.json -l csharp
In the above code, we pass two arguments : - i
and -l
. -i
is used to specify the path of your API’s specification. -l
is used to specify the language you want to generate the code for your specified API’s specification
The Codegen creates a README file with all the information for running and building the API. Each language creates a different README, so please go through it to learn about how to build your Swagger defined API.
Contribute
The Swagger Codegen is an open source project under the Apache license. You can contribute to the project with suggestions, ideas, bug reports and pull requests in the GitHub repository, found here -https://github.com/swagger-api/swagger-codegen.
Guidelines
Before submitting an issue
- If you're not using the latest master to generate API clients or server stubs, please give it another try by pulling the latest master as the issue may have already been addressed. Ref: Getting Started
- Search the open issue and closed issue to ensure no one else has reported something similar before.
- File an issue ticket by providing all the required information.
- Test with the latest master by building the JAR locally to see if the issue has already been addressed.
- You can also make a suggestion or ask a question by opening an "issue".
Before submitting a PR
- Search the open issue to ensure no one else has reported something similar and no one is actively working on similar proposed change.
- If no one has suggested something similar, open an "issue" with your suggestion to gather feedback from the community.
- It's recommended to create a new git branch for the change so that the merge commit message looks nicer in the commit history.
How to contribute
Code generators
All the code generators can be found in modules/swagger-codegen/src/main/java/io/swagger/codegen/languages
Templates
All the templates (mustache) can be found in modules/swagger-codegen/src/main/resources.
For a list of variables available in the template, please refer to this page
Style guide
Code change should conform to the programming style guide of the respective languages:
- Android: https://source.android.com/source/code-style.html
- C#: https://msdn.microsoft.com/en-us/library/vstudio/ff926074.aspx
- C++: https://google.github.io/styleguide/cppguide.html
- Haskell: https://github.com/tibbe/haskell-style-guide/blob/master/haskell-style.md
- Java: https://google.github.io/styleguide/javaguide.html
- JavaScript: https://github.com/airbnb/javascript
- Groovy: http://groovy-lang.org/style-guide.html
- Go: https://github.com/golang/go/wiki/CodeReviewComments
- ObjC: https://github.com/NYTimes/objective-c-style-guide
- Perl: http://perldoc.perl.org/perlstyle.html
- PHP: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md
- Python: https://www.python.org/dev/peps/pep-0008/
- Ruby: https://github.com/bbatsov/ruby-style-guide
- Scala: http://docs.scala-lang.org/style/
- Swift: https://developer.apple.com/library/prerelease/ios/documentation/Swift/Conceptual/Swift_Programming_Language/TheBasics.html
- TypeScript: https://github.com/Microsoft/TypeScript/wiki/Coding-guidelines
For other languages, feel free to suggest.
You may find the current code base not 100% conform to the coding style and we welcome contributions to fix those.
For Vendor Extensions, please follow the naming convention below:
- For general vendor extension, use lower case and hyphen. e.g.
x-is-unique
,x-content-type
- For language-specified vendor extension, put it in the form of
x-{lang}-{extension-name}
. e.g.x-objc-operation-id
,x-java-feign-retry-limit
- For a list of existing vendor extensions in use, please refer to https://github.com/swagger-api/swagger-codegen/wiki/Vendor-Extensions. If you've addaed new vendor extensions as part of your PR, please update the wiki page.
Testing
To add test cases (optional) covering the change in the code generator, please refer to modules/swagger-codegen/src/test/java/io/swagger/codegen
To test the templates, please perform the following:
- Update the Petstore sample by running the shell script under
bin
folder. For example, run./bin/ruby-petstore.sh
to update the Ruby PetStore API client undersamples/client/petstore/ruby
For Windows, the batch files can be found underbin\windows
folder. (If you find that there are new files generated or unexpected changes as a result of the update, that's not unusual as the test cases are added to the OpenAPI/Swagger spec from time to time. If you've questions or concerns, please open a ticket to start a discussion) - Run the tests in the sample folder, e.g. in
samples/client/petstore/ruby
, runmvn integration-test -rf :RubyPetstoreClientTests
. (some languages may not contain unit testing for Petstore and we're looking for contribution from the community to implement those tests) - Finally, git commit the updated samples files:
git commit -a
(git add -A
if added files with new test cases)
To start the CI tests, you can run mvn verify -Psamples
(assuming you've all the required tools installed to run tests for different languages) or you can leverage http://travis-ci.org to run the CI tests by adding your own Swagger-Codegen repository.
Tips
- Smaller changes are easier to review
- [Optional] For bug fixes, provide a OpenAPI Spec to repeat the issue so that the reviewer can use it to confirm the fix
- Add test case(s) to cover the change
- Document the fix in the code to make the code more readable
- Make sure test cases passed after the change (one way is to leverage https://travis-ci.org/ to run the CI tests)
- File a PR with meaningful title, description and commit messages. A good example is PR-3306
Use Open API to Design REST API
https://swagger.io/blog/api-design/openapi-3-0-specification-training/
swagger.io-Documenting Your Existing APIs API Documentation Made Easy with OpenAPI Swagger.pdf
use SwaggerHub to generate Open API specs
SwaggerHub online Open API Design tool
https://app.swaggerhub.com/organizations/create-wizard?from-signup=true
jm9 Syn$
SwaggerHub url
Here is your personalized API URL
https://app.swaggerhub.com/apis/
s9561
API design concept
SCRUD all entitiy objects
define process objects with custom APIs
Open API Training for SwaggerHub
https://swagger.io/blog/api-design/openapi-3-0-specification-training/
OpenAPI 3.0, which is based on the original Swagger 2.0 specification, has emerged as the world’s standard for defining and describing RESTful APIs. The next version of the OpenAPI Specification – version 3.0 – is officially released, and comes with a host of rich, expressive capabilities for your API design and documentation. Some of these capabilities include support for describing callbacks, links to express relationships between operations, enhanced examples, and a simplified structure for better reusability. SwaggerHub now offers support for designing and documenting APIs with OpenAPI 3.0, as well as the ability to convert APIs defined with Swagger 2.0 to the latest version of the specification. In this free SwaggerHub training, we look at what’s new in OAS 3.0, and show a live demo of defining APIs using OAS 3.0 in SwaggerHub
video url
API Blueprint DSL
Potential Value Opportunities
Potential Challenges
Candidate Solutions
Step-by-step guide for Example
sample code block