Please note that index links to approximate location of each term.
+json suffix, media type 268
$ref JSON reference property 104, 107
2XX class 167
200 OK HTTP 44, 47, 48, 89, 123, 142, 167, 283, 300, 328
201 Created 129, 142, 167, 225, 278, 314
202 Accepted 129, 142, 167, 225, 278
301 Moved Permanently 226
304 Not Modified 257
400 Bad Request 123, 127, 132, 167, 210, 225, 288, 315, 352
401 Unauthorized 209
404 Not Found 47, 123, 167, 209, 226, 288, 300, 328
405 Method Not Allowed 226
409 Conflict 124
410 Gone 145
413 Payload Too Large 167
415 Unsupported Media Type error 150
429 Too many requests 225
500 Internal Server Error 124, 210, 225, 298
503 Service Unavailable 297
access control 184
partitioning API to facilitate 191–199
defining scopes with API description format 198–200
access tokens 188
action resources 69
adaptability of design 147–155
content negotiation 148
internationalizing and localizing 151–153
aggregating data, network communication efficiency 264–267
aggregating goals, for flow of interactions 134–135
analyze phase, API lifecycle 335
API calls
analyzing REST API calls 45–46
OAS, OpenAPI Specification. (see OAS (OpenAPI Specification))
API design
hiding implementation and 10–11
private APIs 9
public APIs 9
API gateway solutions 84
apihandyman.io 47
API layers, network communication efficiency 273
API Stylebook 341
API styles 14
application/json media type 78, 80, 98–99, 101–102, 104, 149, 150, 160, 240, 283–284, 295, 317–318, 332
arbitrary scopes 197
array OAS type 98
Authorization header 233
authorization server 187
backend applications 6
backend for frontend (BFF) 274, 304
before link, pagination 262
before property, pagination 262
BFF (backend for frontend) 274, 304
breaking changes, avoiding
in success and error feedback 223–225
overview 229
to input data and parameters 220–223
cacheability 73
caching
choosing cache policies 258–259
client ID 186
client/server separation 73
coarse-grained scope 197
code and business logic influences, avoiding 36–37
collection resources 51
comma-separated values (CSV) 148, 161, 299
commercial off-the-shelf (COTS) software 293, 295
common practices and standards 143–146
components section, OAS document 103, 106
components.securitySchemes section, OpenAPI document 198, 321
common practices and standards 143–146
consumer application 10
consumers 6
choosing API versioning representation from perspective of 232–234
reviewing APIs from perspective of 350
Content header 295
Content-Language header 152
content negotiation 148
content property, OpenAPI Specification 98
Content-type versioning 234
adapting communication to goals and nature of data 277–292
notifying consumers of events 279–281
processing multiple elements 286–292
choosing API style according to 299–305
event-based systems 305
consumers’ existing practices and limitations 292–296
provider’s limitations 296–299
COTS (commercial off-the-shelf) software 293, 295
CRUD functions (create, read, update, delete) 60, 69, 194
CSV (comma-separated values) 148, 161, 299
custom media type 237, 267, 268
vnd prefix, media type 233, 237, 267, 268
+json suffix, media type 268
data
for list representations 262–264
data influences, avoiding 36
data types and formats, for representations 115–116
DELETE method 58, 145, 160, 298, 352
deprecated flag, OpenAPI Specification 331
description property, OpenAPI Specification 86, 88, 91, 93, 95, 101, 322
design guidelines, API 336–342
avoiding provider’s perspective 34–41
code and business logic influences 36–37
data influences 36
detecting in API goals canvas 41–42
human organization influences 41–42
software architecture influences 38–39
API as software control panel 21–22
design level, network communication efficiency 259–274
choosing relevant data for list representations 262–264
creating different API layers 273
proposing different representations 266–267
providing more relevant data and goals 271–273
design phase, API lifecycle 336
design process guidelines 337
developer experience (DX) 9
developer portal 185
distributed systems 72
of evolutions and retirement 330–333
providing adequate information to implementers 327–330
reference documentation 308–323
generating from implementation 322–323
dynamic documentation 327
overview of common behaviors and principles 327
download speed 251
DX (developer experience) 9
efficiency 73, 111–136, 246–274
empty objects in YAML 86
error feedback
avoiding breaking changes in 223–225
error message 289
errors, preventing in flow of interactions 132–134
ETag header 257
event-based systems 305
event property, SSE 285
breaking changes, avoiding
in success and error feedback 223–225
overview 229
to input data and parameters 220–223
designing API evolutions 215–229
extensible APIs 245
extensible interactions 243–244
invisible interface contract 228–229
choosing versioning representation 232–234
understanding impact of 238–239
vs. implementation versioning 230–233
exhaustive error feedback, interactions 126–128
expansion, network communication efficiency 268–269
experience APIs 274
extensible APIs 245
extensible interactions 243–244
fannish folk law 299
feedback
error feedback
avoiding breaking changes in 223–225
success feedback
avoiding breaking changes in 223–225
filtering
network communication efficiency 260–262
flows
avoiding breaking changes in 225–226
usability and straightforwardness of 129–136
format parameter 148
formats, adaptabiity of design 147–151
functional errors 121
functional limitations 297
GDPR (General Data Protection Regulation) 204
generic prefix 139
generic suffix 139
GET method 44–45, 47–48, 57, 88, 92, 98, 158, 160, 226, 296, 301
get property, OpenAPI Specification 88
aggregating goals for flow of interactions 134–135
avoiding breaking changes in 225–226
goal chain for flow of interactions 131–132
goals canvas
detecting provider’s perspective in 41–42
identifying actions and their parameters and returns with 52–54
identifying resources and their relationships with 49–51
network communication efficiency 271–273
transposing into REST APIs 49–60
Goals column, API goals canvas 32
granularity
grouped errors 168
grouping
properties 165
HATEOAS (hypermedia as the engine of the application state) 160
headers map 290
HIPAA (Health Insurance Portability and Accountability Act) 204
How’s column, API goals canvas 32
HTTP headers 149
Accept-Language header 152
Content header 295
Content-Language header 152
ETag header 257
Link header 160
Location header 339
HTTP (HyperText Transfer Protocol) 6, 45, 47, 54, 72, 74, 122, 145, 225, 237, 285
cheat sheet 60
HTTP method 47
DELETE method 58, 145, 160, 298, 352
GET method 44–45, 47–48, 57, 88, 92, 98, 158, 160, 226, 296, 301
POST method 47, 56, 60, 70, 78, 89–90, 105, 202, 270, 276, 296
PROPFIND method 289
PROPPATCH method 289
HTTP status code 46
2XX class 167
200 OK HTTP 44, 47, 48, 89, 123, 142, 167, 283, 300, 328
201 Created 129, 142, 167, 225, 278, 314
202 Accepted 129, 142, 167, 225, 278
301 Moved Permanently 226
304 Not Modified 257
400 Bad Request 123, 127, 132, 167, 210, 225, 288, 315, 352
401 Unauthorized 209
404 Not Found 47, 123, 167, 209, 226, 288, 300, 328
405 Method Not Allowed 226
409 Conflict 124
410 Gone 145
413 Payload Too Large 167
415 Unsupported Media Type error 150
429 Too many requests 225
500 Internal Server Error 124, 210, 225, 298
503 Service Unavailable 297
human organization influences, avoiding 41–42
actions element 157
hypermedia as the engine of the application state (HATEOAS) 160
HyperText Transfer Protocol. See HTTP (HyperText Transfer Protocol)
Hyrum’s law 228
I
implementation 5
generating reference documentation from 322–323
implementation specifications 307
implement phase, API lifecycle 336
implicit flow 198
info.contact.url, OpenAPI Specification 326
info.description.section, OpenAPI Specification 326, 331
information leak 209
informative error feedback, interactions 122–126
info.section, OpenAPI Specification 321
in property, OpenAPI Specification 93, 106
input data
avoiding breaking changes in 220–223
Inputs (source) column, API goals canvas 32
interactions, usability and straightforwardness of 118–129
error feedback
interfaces
balancing user-friendliness and compliance 71
basic principles of 48
impact of constraints on design 74–76
transposing API goals into 49–60
internationalizing design 151–153
International Telecommunication Union (ITU) 348
invalid parameters 244
invisible interface contract 228–229
IoT (Internet of Things) 305
ISO 639 language codes 151
ISO 3166 country codes 151
ISO 4217 currency codes 144
ISO 7000 graphical symbols for use on equipment 144
items property, list 141, 156, 223, 240–241, 283, 287, 289
items property, OpenAPI Specification 98–99, 104
ITU (International Telecommunication Union) 348
java.lang.NullPointerException 210, 216
JSON reference 103
JSON Schema 91, 94–97, 106, 113
language parameter 151
latency 251
layered systems 73
learning principles, design 14–15
least privilege principle 192
Link header 160
links property 159
Location header 339
long processes, managing 277–278
malformed request errors 121
mandatory properties 221
Markdown format 318
Maslow’s law 299
media type 98–99, 101, 149–150, 152, 233, 237, 267–268, 284, 288
vnd prefix, media type 233, 237, 267–268
+json suffix, media type 268
media types
application/json media type 78, 80, 98–99, 101–102, 104, 149–150, 160, 240, 283–284, 295, 317–318, 332
text/event-stream media type 283–284
text/plain 240
Message Queuing Telemetry Protocol (MQTP) 305
Microsoft Visual Studio Code editor 82
MQTP (Message Queuing Telemetry Protocol) 305
network communication efficiency 246–274
choosing relevant data for list representations 262–264
creating different API layers 273
proposing different representations 266–267
providing more relevant data and goals 271–273
activating compression and persistent connections 254–255
choosing cache policies 258–259
enabling caching and conditional requests 255–258
nonfunctional requirements 292
non-volatile storage 259
number data type 64, 115, 139, 206
OAI (OpenAPI Initiative) 79
OAS (OpenAPI Specification) 78, 85–91, 113, 146, 200
array OAS type 98
describing API resources and actions with 86–87
describing operations on resource 87–91
array type 98
describing path parameters 105–108
documentation 107
security
oauth2 security type 198
oauth2 security type, OpenAPI Specification 198
OpenAPI Initiative (OAI) 79
OpenAPI Specification (OAS). See OAS (OpenAPI Specification)
OpenID Connect 188
Open Web Application Security Project (OWASP) 192
output data, avoiding breaking changes in 215–220
Output (usage) column, API goals canvas 32
OWASP (Open Web Application Security Project) 192
after property 262
before link 262
before property 262
size query parameter 261
parameters, API data
avoiding breaking changes in 220–223
checking parameter data sources 67–68
parameters property, OpenAPI Specification 92
partitioning API to facilitate access control 191–199
paths property, OpenAPI Specification 86
PCI DSS (Payment Card Industry Data Security Standard) 204
persistent connections, network communication efficiency 254–255
PlantUML (PUML) 326
portable data types 115
Postel’s law 243
POST method 47, 56, 60, 70, 78, 89–90, 105, 202, 270, 276, 296
predictability of design 137–161
internationalizing and localizing 151–153
common practices and standards 143–146
prefixes 114
PROPFIND method 289
PROPPATCH method 289
ProtoBuf data format 303
protocol level, network communication efficiency 254–259
activating compression and persistent connections 254–255
choosing cache policies 258–259
enabling caching and conditional requests 255–258
provider-facing documentation 330
provider’s perspective 18, 34–41
adapting design for provider’s limitations 296–299
code and business logic influences 36–37
data influences 36
detecting in API goals canvas 41–42
human organization influences 41–42
software architecture influences 38–39
public APIs 8–9, 13, 184, 308, 327
publish phase, API lifecycle 336
PUML (PlantUML) 326
querying, network communication efficiency 269–271
query parameters 57, 68, 92–93, 142, 211, 244
query property, GraphQL 270
Range header 154
redoc-cli command-line utility 309
ReDoc 83
reference documentation 308–323
generating from implementation 322–323
reference guidelines 337
reference property 44, 62, 66, 94, 97
reliability 73
Remote Procedure Call (RPC) 301
Representational State Transfer (REST). See REST (Representational State Transfer)
representations
network communication efficiency 266–267
usability and straightforwardness of 112–118
data types and formats 115–116
requestBody property, OpenAPI Specification 78, 101
Request For Comments (RFC). See RFC (Request For Comments)
required property, OpenAPI Specification 93, 95
resource expansion 268
resource owner 187
resources 47
resource server 187
resources type 145
response body 46
responses, API data
analyzing REST API calls 45–46
basic principles of 48
HTTP
cheat sheet 60
impact of constraints on design 74–76
transposing API goals into 49–60
cheat sheet 60
representing resources with paths 54–56
REST (Representational State Transfer) 44, 72, 75, 76, 160, 277, 300, 303
reusability 73
reusable schema, OpenAPI Specification 103
challenging and analyzing needs 343–344
from consumer’s perspective 350
from provider’s perspective 348–350
verifying implementation 350–353
RFC 5646 Tags for Identifying Languages 151
RFC 5988 Web Linking 159
RFC 6455 The Websocket Protocol 285
RFC 6749 The OAuth 2.0 Authorization Framework 188
RFC 7231 Hypertext Transfer Protocol 153
RFC (Request For Comments) 123, 129, 146
RPC (Remote Procedure Call) 301
scalability 73
Schema Object description, OpenAPI Specification 97
schema property, OpenAPI Specification 93, 318
schemas property, OpenAPI Specification 103
defining with API description format 198–200
Secure Sockets Layer (SSL) 188
partitioning API to facilitate 191–199
envisioning API design from perspective of 189–191
handling sensitive material 203–211
identifying architecture and protocol issues 211–212
security breaches 226, 226–228
security, OpenAPI Specification 199
self relationship 159
semantic versioning 231
sensitive data 204
sensitive material 184
server errors 121
Server-Sent Events (SSE) 284, 303, 305
silent breaking change 221, 226
Siren hypermedia format 159
software architecture influences, avoiding 38–39
viewing API as software’s control panel 21–22
sorting, adaptability of design and 153–155
sort parameter, pagination 155
source (Inputs) column, API goals canvas 32
SSE (Server-Sent Events) 284, 303, 305
SSL (Secure Sockets Layer) 188. See TLS (Transport Layer Security) encryption
standardized HTTP methods 75
standard method 145
stateful flow 136
statelessness 73
string data type 115
success feedback
avoiding breaking changes in 223–225
suffixes 114
summary property, OpenAPI Specification 88, 90
Sunset header 332
Swagger Editor 82
Swagger UI 83
Swagger Viewer extension 82
tags property, OpenAPI Specification 169
text/event-stream media type 283–284
text/plain 240
TLS (Transport Layer Security) encryption 188
tokens 186
Transport Layer Security (TLS) encryption 188
UI (user interface) 4
uniform interfaces 74, 145, 148, 160
usability and straightfowardness 111–136
consistency of design and 146–147
data types and formats 115–116
usage (Output) column, API goals canvas 32
user-friendly scope 197
dynamic documentation 327
overview of common behaviors and principles 327
user interface (UI) 4
users, designing for
designing for users 36
choosing versioning representation 232–234
understanding impact of 238–239
vs. implementation versioning 230–233
virtual goals organization 172
vnd prefix, media type 233, 237, 267–268
Web Concepts website 341
WebDAV server 288
webhook APIs 280
WebSocket APIs 285
WebSub 281
What’s column, API goals canvas 32
Who’s column, API goals canvas 32
x- properties, OpenAPI Specification 330, 332
YAML (YAML Ain’t Markup Language) 80