At the planning and early coding stage, I write my first full-fledged API for a large-scale application. I have used several APIs over the years, but this is the first time I have been asked to build something that will allow programmatic interaction at this level.
I have done a lot of research that is looking for best practices and such, and I determined that I THINK, offer a fairly flexible response system.
My questions:
Is this what you expect to see as interacting with the API?
Did I miss something important?
API explanation:
I am going to use HTTP Type 1 protocol for communication and a unique API key for authentication.
I expect this to happen through CURL requests over an SSL connection.
Example of a successful response (200 OK) XML (speed limit request):
<?xml version="1.0" encoding="UTF-8"?>
<node>
<short_message>Request Complete</short_message>
<long_message>Rate Limit Status Response</long_message>
<response_data>
<rate_limit>40</rate_limit>
<rate_used>31</rate_used>
</response_data>
</node>
An example of an unsuccessful XML response (will be sent under the corresponding 400/500 heading);
<?xml version="1.0" encoding="UTF-8"?>
<node>
<error_code>1201</error_code>
<short_message>API Error</short_message>
<long_message>The requested API version (1.5) is invalid</long_message>
</node>
In addition, I set up error codes that will be used in search documentation to ease migraines of other developers. Pass / Fail of request will be provided through the corresponding HTTP codes - Success (200), failed requests (400), method not found (404), authentication failed (403), etc.
I also use version-based endpoints, so any code changes do not require external code changes.
Finally, developers will be able to request all responses in arrays of XML, JSON or PHP.
. POST (, CURL ), API. API , , .
API " " - " , ".
, ?