You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| **Speed & Size** | Medium / Large (JSON text) | Heavy (verbose XML overhead) | Medium (Client-selected payload) | Extremely fast (packed binary) |
41
43
| **Use Case** | General Web APIs, CRUD | Enterprise integrations, banking | Complex web frontends, mobile | Microservices communication |
42
-
44
+
-
43
45
-# RESTful API Design Principles
44
46
collapsed:: true
45
47
- **REST (Representational State Transfer)** is an architectural style designed by Roy Fielding in 2000. For an API to be considered RESTful, it must adhere to these core constraints:
@@ -50,10 +52,11 @@ displayTitle: API Development
50
52
- 3. **Cacheability**: Responses must declare themselves as cacheable or non-cacheable to improve performance.
51
53
- 4. **Layered System**: The client cannot tell whether it is connected directly to the end server or to an intermediate (e.g., load balancer, gateway).
52
54
- 5. **Uniform Interface**: Resources are identified by URIs. Interaction with resources is performed using standard representations (e.g., JSON) and HTTP methods.
| **`GET`** | Retrieve resource | Yes | Yes | Fetches data from server. Should never modify data. |
@@ -63,6 +66,7 @@ displayTitle: API Development
63
66
| **`DELETE`** | Remove resource | No | Yes | Deletes the specified resource. |
64
67
-
65
68
- ## Standard HTTP Status Codes
69
+
collapsed:: true
66
70
- ### 🟢 2xx Success
67
71
collapsed:: true
68
72
- `200 OK`: Request succeeded. Response body contains the fetched data.
@@ -84,24 +88,26 @@ displayTitle: API Development
84
88
- `500 Internal Server Error`: Generic fallback for unexpected backend crashes.
85
89
- `502 Bad Gateway`: Server acting as a gateway received an invalid response from upstream.
86
90
- `503 Service Unavailable`: Server is overloaded or down for maintenance.
87
-
91
+
-
88
92
-# API Security & Traffic Control
89
93
collapsed:: true
90
94
- ## Authentication & Authorization
95
+
collapsed:: true
91
96
- **API Keys**: Simple tokens sent in request headers or queries. Easy to implement but lack security granularity and expiration dates.
92
97
- **JWT (JSON Web Token)**: Cryptographically signed tokens encoding user details and claims. Stateless, allowing servers to verify identity without database queries.
93
98
- **OAuth 2.0**: The industry-standard authorization framework. Utilizes access tokens, refresh tokens, and authentication servers to grant restricted access to third-party clients.
94
99
-
95
100
- ## Traffic Management
101
+
collapsed:: true
96
102
- **Rate Limiting & Throttling**: Restricting the number of requests a client can make in a given timeframe (e.g., 60 requests/minute). Solves Denial of Service (DoS) attacks and ensures fair usage. Response headers typically include:
97
-
- `X-RateLimit-Limit`: Maximum requests allowed.
98
-
- `X-RateLimit-Remaining`: Remaining request count in current window.
99
-
- `X-RateLimit-Reset`: Time when the limit window resets.
103
+
- `X-RateLimit-Limit`: Maximum requests allowed.
104
+
- `X-RateLimit-Remaining`: Remaining request count in current window.
105
+
- `X-RateLimit-Reset`: Time when the limit window resets.
100
106
- **Caching**: Storing API responses in cache layers (e.g., Redis or CDN) to reduce database load. Managed using HTTP headers:
101
-
- `Cache-Control: max-age=3600`
102
-
- `ETag`: Token identifying the version of the resource.
107
+
- `Cache-Control: max-age=3600`
108
+
- `ETag`: Token identifying the version of the resource.
103
109
- **Webhooks**: Event-driven API patterns where the server pushes real-time data to a client's pre-configured URL endpoint upon event triggers.
0 commit comments