mirror of
				https://github.com/adidas/api-guidelines.git
				synced 2025-10-25 15:19:19 +00:00 
			
		
		
		
	GitBook: [master] 102 pages and one asset modified
This commit is contained in:
		
							
								
								
									
										4
									
								
								rest-api-guidelines/quality/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								rest-api-guidelines/quality/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| # Quality | ||||
|  | ||||
|  | ||||
|  | ||||
							
								
								
									
										4
									
								
								rest-api-guidelines/quality/evolution/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								rest-api-guidelines/quality/evolution/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| # Evolution | ||||
|  | ||||
| Evolution qualities, such as testability, maintainability, extensibility, and scalability. | ||||
|  | ||||
							
								
								
									
										132
									
								
								rest-api-guidelines/quality/evolution/naming-conventions.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										132
									
								
								rest-api-guidelines/quality/evolution/naming-conventions.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,132 @@ | ||||
| # Naming Conventions | ||||
|  | ||||
| ## General Naming Rules | ||||
|  | ||||
| * Use American English | ||||
| * Don't use acronyms | ||||
| * Use `camelCase` unless stated otherwise | ||||
| * Reconcile terms with adidas CDM | ||||
|  | ||||
| Every identifier **MUST** be in American English and written in `lowercase`. An identifier **SHOULD NOT** contain acronyms. CamelCase \(`camelCase`\) **MUST** be used to delimit combined words. | ||||
|  | ||||
| ## URI | ||||
|  | ||||
| Every URI **MUST** follow the General Rules except for the `camelCase` rule. Instead, a hyphen \(`-`\) **SHOULD** be used to delimit combined words \(kebab-case\). Besides, a URI **MUST NOT** end with a trailing slash \(`/`\). | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| A well-formed URI: | ||||
|  | ||||
| ```text | ||||
| /system-orders/1234/author | ||||
| ``` | ||||
|  | ||||
| ### Query Parameters and Path Fragments | ||||
|  | ||||
| Every URI query parameter or fragment **MUST** follow the General Rules. Also, they **MUST NOT** clash with the [reserved query parameter names](https://tools.adidas-group.com/confluence/display/EA/API+Interaction#APIInteraction-Query_Parameters). | ||||
|  | ||||
| ### URI Template Variables | ||||
|  | ||||
| In addition to General Naming Rules, URI Template Variable names **MUST** follow the [RFC6570](https://tools.ietf.org/html/rfc6570#section-2.3). That is, the variable names can consist only from `ALPHA / DIGIT / "_" / pct-encoded`. | ||||
|  | ||||
| > NOTE: Per RFC6570 Hyphen \(`-`\) is NOT legal URI Template variable name character. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| A well-formed URI Template Variable: | ||||
|  | ||||
| ```text | ||||
| /system-orders/{orderId}/author | ||||
| ``` | ||||
|  | ||||
| ## Representation Format Fields | ||||
|  | ||||
| Every representation format field **MUST** conform to the General Naming Rules. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| A well-formed resource representation: | ||||
|  | ||||
| ```javascript | ||||
| { | ||||
|   "_links": { | ||||
|     "self": { | ||||
|       "href": "/orders/1234" | ||||
|     }, | ||||
|     "author": { | ||||
|       "href": "/users/john" | ||||
|     } | ||||
|   }, | ||||
|   "orderNumber": 1234, | ||||
|   "itemCount": 42, | ||||
|   "status": "pending" | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## Relation Type Identifier | ||||
|  | ||||
| Every custom [relation identifier](https://github.com/for-GET/know-your-http-well/blob/master/relations.md) **MUST** be in `lowercase` with words separated by the hyphen \(`-`\). | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| A well-formed resource representation with custom relation `fulfillment-provider`: | ||||
|  | ||||
| ```javascript | ||||
| { | ||||
|   "_links": { | ||||
|     "fulfillment-provider": { | ||||
|       "href": "/users/natalie" | ||||
|     } | ||||
|   } | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## HTTP Headers | ||||
|  | ||||
| Every HTTP Header should use `Hyphenated-Pascal-Case`. A custom HTTP Header **SHOULD NOT** start with `X-` \([RFC6648](https://tools.ietf.org/html/rfc6648)\). | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| ```text | ||||
| Order-Metadata-Header: 42 | ||||
| ``` | ||||
|  | ||||
| ## API Description | ||||
|  | ||||
| Naming conventions within API Description document. | ||||
|  | ||||
| ### API Name | ||||
|  | ||||
| Every API Description API name **MUST** start with API domain enclosed in square brackets \(e.g. `[API Domain] My API`\). Words **MUST** be separated by space. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| ```yaml | ||||
| swagger: '2.0' | ||||
| info: | ||||
|   version: '1.0.0' | ||||
|   title: '[Demo] Orders API' | ||||
| ``` | ||||
|  | ||||
| ### Resource Name | ||||
|  | ||||
| Every resource **MUST** have a name \(defined by `x-summary` field\). Resource name **MUST** be in `Title Case`. Words **MUST** be separated by a space. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| ```yaml | ||||
| /orders: | ||||
|   x-summary: List of Orders | ||||
| ``` | ||||
|  | ||||
| ### Action Name | ||||
|  | ||||
| Every action \(operation\) **MUST** have a name \(defined by `summary` field\). Action name **MUST** be in `Title Case`. Words **MUST** be separated by a space. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| ```yaml | ||||
| get: | ||||
|   summary: Retrieve List of Orders | ||||
| ``` | ||||
|  | ||||
| @@ -0,0 +1,16 @@ | ||||
| # Reserved Identifiers | ||||
|  | ||||
| The list of all reserved identifiers or identifiers with special meaning. | ||||
|  | ||||
| ## Representation Format Fields | ||||
|  | ||||
| * `_links` - [HAL](https://adidas-group.gitbooks.io/api-guidelines/content/message/hal.html) | ||||
| * `_embedded` - [HAL](https://adidas-group.gitbooks.io/api-guidelines/content/message/hal.html) | ||||
|  | ||||
| ## Query Parameters | ||||
|  | ||||
| * `fields`- [Choosing Fields & Embedded Resources](https://adidas-group.gitbooks.io/api-guidelines/content/execution/choosing-fields-and-embedded-resoruces.html) | ||||
| * `embedded` - [Choosing Fields & Embedded Resources](https://adidas-group.gitbooks.io/api-guidelines/content/execution/choosing-fields-and-embedded-resoruces.html) | ||||
| * `offset` - [Pagination](reserved-identifiers.md)  | ||||
| * `limit`- [Pagination](reserved-identifiers.md) | ||||
|  | ||||
| @@ -0,0 +1,4 @@ | ||||
| # Testing Enviroments | ||||
|  | ||||
| Every API implementation **SHOULD** aim to provide a consistent, seamless way to create **test accounts** and access **test fixtures** to facilitate the development of API client applications. | ||||
|  | ||||
							
								
								
									
										10
									
								
								rest-api-guidelines/quality/evolution/uri-structure.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								rest-api-guidelines/quality/evolution/uri-structure.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| # URI Structure | ||||
|  | ||||
| URI is meant to express a **identity of a resource**. URI is an identifier and it **MUST NOT** convey any other information. | ||||
|  | ||||
| The API design process **MUST NOT** start with the design of URIs. Contrary, the URI **SHOULD** be amongst the last few things added to the API design. | ||||
|  | ||||
| At adidas, URIs are subject to [naming conventions](https://adidas-group.gitbooks.io/api-guidelines/content/evolution/naming-conventions.html). | ||||
|  | ||||
| To read more about the problematics refer to [RFC 7320: URI Design and Ownership](https://tools.ietf.org/html/rfc7320). | ||||
|  | ||||
							
								
								
									
										100
									
								
								rest-api-guidelines/quality/evolution/versioning.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								rest-api-guidelines/quality/evolution/versioning.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | ||||
| # Changes and Versioning | ||||
|  | ||||
| > _The fundamental principle is that you can’t break existing clients, because you don’t know what they implement, and you don’t control them. In doing so, you need to turn a backwards-incompatible change into a compatible one._ | ||||
| > | ||||
| > _–_ [_Mark Nottingham_](https://www.mnot.net/blog/2011/10/25/web_api_versioning_smackdown) | ||||
|  | ||||
| Any change to an API **MUST NOT** break existing clients. | ||||
|  | ||||
| Any change to:   | ||||
| 1. **Resource identifier** \(resource name / URI\) including any **query parameters** and their semantics   | ||||
| 1. **Resource metadata** \(e.g. HTTP headers\)   | ||||
| 1. **Action** the resource affords \(e.g. available HTTP Methods\)   | ||||
| 1. **Relation** with other resources \(e.g Links\)   | ||||
| 1. **Representation format** \(e.g. HTTP request and response bodies\) | ||||
|  | ||||
| **MUST** follow the [**Rules for Extending**](https://adidas-group.gitbooks.io/api-guidelines/content/core-principles/rules-for-extending.html). | ||||
|  | ||||
| ## Identifier Stability \(No URI Versioning\) | ||||
|  | ||||
| A change **MUST NOT** affect **existing** resource identifiers \(name / URI\). Furthermore, a resource identifier **MUST NOT** contain a semantic version to convey a version of resource or its representation format. | ||||
|  | ||||
| > _The reason to make a real REST API is to get evolvability … a "v1" is a .... to your API customers, indicating RPC/HTTP \(not REST\)_ | ||||
| > | ||||
| > _–_ [_Roy T. Fielding_](https://twitter.com/fielding/status/376835835670167552) | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| Adding a new action to existing resource with identifier `/greeting` doesn't change its identifier to `/v2/greeting` \(or `/greeting-with-new-action` etc.\). | ||||
|  | ||||
| ## Backward-incompatible Changes | ||||
|  | ||||
| A change to _resource identifier_, _resource metadata_, _resource actions_ and _resource relations_ that can't follow the [Rules for Extending](https://adidas-group.gitbooks.io/api-guidelines/content/core-principles/rules-for-extending.html) **MUST** result into a **new resource variant**. Existing resource variant **MUST** be preserved. | ||||
|  | ||||
| A change to _representation format_ **SHOULD NOT** result into a new resource variant. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| Currently, optional URI Query Parameter `first` on an existing resource `/greeting?first=John&last=Appleseed` needs to be made required. Since this change violates the 3rd rule of extending and could break existing clients a new variant of the resource is created with different URI `/named-greeting?first=John&last=Appleseed`. | ||||
|  | ||||
| ### Representation Format Changes | ||||
|  | ||||
| > A representation format is the serialization format \(media type\) used in request and response bodies, and typically it represents a resource or its part, possibly with additional hypermedia controls. | ||||
|  | ||||
| If a change can't follow the Rules for Extending the representation format media type **MUST** be changed. If the media type has been changed the previous media type, **MUST** be available via [Content Negotiation](https://adidas-group.gitbooks.io/api-guidelines/content/message/content-negotiation.html). | ||||
|  | ||||
| If the media type conveys the version parameter, the version parameter **SHOULD** follow [Semantic versioning](http://semver.org/). | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| Media type _before_ a breaking change: | ||||
|  | ||||
| ```text | ||||
| application/vnd.example.resource+json; version=2 | ||||
| ``` | ||||
|  | ||||
| Media type _after_ a breaking change: | ||||
|  | ||||
| ```text | ||||
| application/vnd.example.resource+json; version=3 | ||||
| ``` | ||||
|  | ||||
| > NOTE: In the case of technical limitations with semi-colon separated HTTP header values, the semantic version MAY be incorporated in the media type identifier, for example: `application/vnd.example.resource.v2+json` However, the use of semicolon-separated version information is preferred. | ||||
|  | ||||
| ## API Description Versioning | ||||
|  | ||||
| API Description in the OpenAPI specification format **MUST** have the `version` field. The `version` field **MUST** follow [Semantic versioning](http://semver.org/): | ||||
|  | ||||
| > Given a version number MAJOR.MINOR.PATCH, increment the: | ||||
| > | ||||
| > * MAJOR version when you make **incompatible** API changes, | ||||
| > * MINOR version when you add functionality in a **backwards-compatible** manner | ||||
| > * PATCH version when you make **backwards-compatible bug fixes** | ||||
|  | ||||
| The API Description version **SHOULD** be updated accordingly to API design change. | ||||
|  | ||||
| #### Example | ||||
|  | ||||
| Following API Description | ||||
|  | ||||
| ```yaml | ||||
| swagger: '2.0' | ||||
| info: | ||||
|   version: '2.1.3' | ||||
|   title: '[Demo] Inventory API' | ||||
|   description: 'Inventory service API' | ||||
| ``` | ||||
|  | ||||
| Has MAJOR version 2, MINOR version 1 and PATCH version 3. | ||||
|  | ||||
| #### Demo | ||||
|  | ||||
| API description \(OAS2\) files demonstrating a proposal of an backward-incompatible change turned into a backward compatible change are available at [Bitbucket \(diff\) ](https://bitbucket.org/apidesigner/demo-versioning-api/pull-requests/1/add-name-parameter/diff)and documented in Apiary: | ||||
|  | ||||
| * [Production version](https://demoversioningproduction.docs.apiary.io/#) as being consumed by clients | ||||
| * [Development version](https://demoversioningdevelopment.docs.apiary.io/#) proposing a backward incompatible change | ||||
|  | ||||
| #### Recommended Reading | ||||
|  | ||||
| * [Evolving HTTP APIs](https://www.mnot.net/blog/2012/12/04/api-evolution) | ||||
|  | ||||
							
								
								
									
										4
									
								
								rest-api-guidelines/quality/execution/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								rest-api-guidelines/quality/execution/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| # Execution | ||||
|  | ||||
| Performance qualities, such as security and usability, which are observable at run time. | ||||
|  | ||||
							
								
								
									
										28
									
								
								rest-api-guidelines/quality/execution/asynchronous-tasks.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								rest-api-guidelines/quality/execution/asynchronous-tasks.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| # Asynchronous Tasks | ||||
|  | ||||
| If an API operation is asynchronous, but a client could track its progress, the response to such an asynchronous operation **MUST** return, in the case of success, the **202 Accepted** status code together with an `application/hal+json` representation of a new **task-tracking resource**. | ||||
|  | ||||
| ## Task Tracking Resource | ||||
|  | ||||
| The task-tracking resource **SHOULD** convey the information about the status of an asynchronous task. | ||||
|  | ||||
| Retrieval of such a resource using the HTTP GET Request Method **SHOULD** be designed as follows: | ||||
|  | ||||
| 1. Task is Still Processing | ||||
|  | ||||
|    Return **200 OK** and representation of the current status. | ||||
|  | ||||
| 2. Task Successfully Completed | ||||
|  | ||||
|    Return **303 See Other** together with [HTTP Location Header](https://tools.ietf.org/html/rfc7231#section-7.1.2) with URI or a outcome resource. | ||||
|  | ||||
| 3. Task Failed | ||||
|  | ||||
|    Return **200 OK** and `application/problem+json` with the problem detail information on the task has failed. | ||||
|  | ||||
| ## Design Note | ||||
|  | ||||
| The asynchronous operation task-tracking resource can be either **polled** by client or the client might initially provide a **callback** to be executed when the operation finishes. | ||||
|  | ||||
| In the case of callback, the API and its client MUST agree on what HTTP method and request format is used for the callback invitation. If built within adidas, the "client" API is also the subject of the adidas API guidelines. | ||||
|  | ||||
							
								
								
									
										135
									
								
								rest-api-guidelines/quality/execution/batch-operations.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										135
									
								
								rest-api-guidelines/quality/execution/batch-operations.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,135 @@ | ||||
| # Batch Operations | ||||
|  | ||||
| ## Processing Similar Resources | ||||
|  | ||||
| An operation that needs to process several related resources in bulk **SHOULD** use a collection resource with the appropriate HTTP Request Method. When processing existing resource the request message body **MUST** contain the URLs of the respective resources being processed. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| #### Create Multiple Orders at Once | ||||
|  | ||||
| ```text | ||||
| POST /orders | ||||
| Content-Type: application/json | ||||
|  | ||||
| { | ||||
|   "order": [ | ||||
|     { | ||||
|       "itemCount": 42 | ||||
|     }, | ||||
|     { | ||||
|       "itemCount": 2 | ||||
|     } | ||||
|   ] | ||||
| } | ||||
| ``` | ||||
|  | ||||
| #### Update Multiple Orders at Once | ||||
|  | ||||
| > NOTE: The self-link relation identifies the existing resource being edited. | ||||
|  | ||||
| ```text | ||||
| PATCH /orders | ||||
| Content-Type: application/json | ||||
|  | ||||
| { | ||||
|   "order": [ | ||||
|     { | ||||
|       "_links": { | ||||
|         "self": { "href": "/order/1"} | ||||
|       }, | ||||
|       "itemCount": 42 | ||||
|     }, | ||||
|     { | ||||
|       "_links": { | ||||
|         "self": { "href": "/order/2"} | ||||
|       },       | ||||
|       "itemCount": 2 | ||||
|     } | ||||
|   ] | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## Results of Bulk Operation | ||||
|  | ||||
| Every bulk operation **MUST** be atomic and treated as any other operation. | ||||
|  | ||||
| > _The server must implement bulk requests as atomic. If the request is for creating ten addresses, the server should create all ten addresses before returning a successful response code. The server should not commit changes partially in the case of failures._ | ||||
|  | ||||
| ## DO NOT USE "POST Tunneling." | ||||
|  | ||||
| Every API **MUST** avoid tunneling multiple HTTP Request using one POST request. Instead, provide an application-specific resource to process the batch request. | ||||
|  | ||||
| ## Non-atomic Bulk Operations | ||||
|  | ||||
| Non-atomic bulk operations are **strongly discouraged** as they bring additional burden and confusion to the client and are difficult to consume, debug, maintain and evolve over the time. | ||||
|  | ||||
| The suggestion is to **split** a non-atomic operation into several atomic operations. The cost of few more calls will be greatly outweighed but the cleaner design, clarity and easier maintainability. | ||||
|  | ||||
| However, in such an operation has to be provided such a non-atomic bulk operation **MUST** conform to the following guidelines. | ||||
|  | ||||
| 1. Non-atomic bulk operation **MUST** return a success status code \(e.g. **200 OK**\) only if every and all sub-operation succeeded. | ||||
| 2. If any single one sub-operation fails the whole non-atomic bulk operation **MUST** return the respective **4xx** or **5xx** status code. | ||||
| 3. In the case of a failure the response **MUST** contain the [problem detail](https://adidas-group.gitbooks.io/api-guidelines/content/message/error-reporting.html) information about every sub-operation that has failed. | ||||
| 4. **The client MUST be aware that the operation is non-atomic and the even the operation might have failed some sub-operations were processed successfully.** | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Non-atomic request for creating four orders: | ||||
|  | ||||
| ```text | ||||
| POST /orders | ||||
| Content-Type: application/json | ||||
|  | ||||
| { | ||||
|   "order": [ | ||||
|     { | ||||
|       "itemCount": 42 | ||||
|     }, | ||||
|     { | ||||
|       "itemCount": -100 | ||||
|     },         | ||||
|     { | ||||
|       "itemCount": 42 | ||||
|     }, | ||||
|     { | ||||
|       "itemCount": 1.3232 | ||||
|     } | ||||
|   ] | ||||
| } | ||||
| ``` | ||||
|  | ||||
| And the error response: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 400 Bad Request | ||||
| Content-Type: application/problem+json | ||||
|  | ||||
| { | ||||
|   "type": "https://example.net/partial_operation_failure", | ||||
|   "title": "Partial Failure", | ||||
|   "detail": "Some orders couldn't be created, other orders were created.", | ||||
|  | ||||
|   "errors": [ | ||||
|     { | ||||
|       "type": "https://example.net/invalid-params", | ||||
|       "instance": "/orders/1", | ||||
|       "title": "Invalid Parameter", | ||||
|       "detail": "itemCount must be a positive integer", | ||||
|       "status": 400 | ||||
|     }, | ||||
|     { | ||||
|       "type": "https://example.net/invalid-params", | ||||
|       "instance": "/orders/3", | ||||
|       "title": "Invalid Parameter", | ||||
|       "detail": "itemCount must be a positive integer", | ||||
|       "status": 400 | ||||
|     } | ||||
|   ], | ||||
|  | ||||
|   "processed": ... | ||||
| } | ||||
| ``` | ||||
|  | ||||
| The `processed` field should contain the result of processed sub-operations as if they were returned in a 200 OK. | ||||
|  | ||||
							
								
								
									
										52
									
								
								rest-api-guidelines/quality/execution/caching.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								rest-api-guidelines/quality/execution/caching.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,52 @@ | ||||
| # Caching | ||||
|  | ||||
| Every API implementation **SHOULD** return both the cache expiry information \([`Cache-Control` HTTP header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control)\) and specific resource version information \([`ETag` HTTP Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag)\). | ||||
|  | ||||
| ## Cache-Control | ||||
|  | ||||
| Every API implementation's response **SHOULD** include information about cache-ability and cache expiration of the response. For HTTP 1.1 this is achieved using the `Cache-Control` header. | ||||
|  | ||||
| ### Common Cache-Control Scenarios | ||||
|  | ||||
| Two, most common scenarios for controlling the cache-ability of a response includes \(1\) Setting expiration and revalidation and \(2\) disabling the caching of a response. Refer to the [Cache-Control Documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control) for additional controls. | ||||
|  | ||||
| #### 1. Cache Expiration & Revalidation | ||||
|  | ||||
| The common scenario to set cache expiration and revalidation policy is to use the `max-age` and `must-revalidate` directives: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Date: Mon, 19 Aug 2017 00:00:00 CEST | ||||
| Last-Modified: Mon, 19 Aug 2017 00:00:00 CEST | ||||
| Cache-Control: max-age=3600,must-revalidate | ||||
| Content-Type: application/hal+json; charset=UTF-8 | ||||
|  | ||||
| ... | ||||
| ``` | ||||
|  | ||||
| #### 2. Disabling Cache | ||||
|  | ||||
| To disable caching completely API implementation **SHOULD** use the `no-cache` and `no-store` directives: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Date: Mon, 19 Aug 2017 00:00:00 CEST | ||||
| Last-Modified: Mon, 19 Aug 2017 00:00:00 CEST | ||||
| Cache-Control: no-cache, no-store, must-revalidate | ||||
| Content-Type: application/hal+json; charset=UTF-8 | ||||
|  | ||||
| ... | ||||
| ``` | ||||
|  | ||||
| ## ETag | ||||
|  | ||||
| Every API implementation's response to a [cacheable request](https://github.com/for-GET/know-your-http-well/blob/master/methods.md#cacheable) **SHOULD** include the [`ETag` HTTP Header](https://tools.ietf.org/html/rfc7232#section-2.3) to identify the specific version of the returned resource. | ||||
|  | ||||
| Every API client **SHOULD** use [`If-None-Match` HTTP header](https://tools.ietf.org/html/rfc7232#section-3.2) whenever it's performing a cacheable request. The value of `If-None-Match` should be the value of the `ETag` header stored from a previous request. The client **MUST** be ready to handle the **304 Not Modified** response from the server to use the legal copy. | ||||
|  | ||||
| #### How ETag works | ||||
|  | ||||
| ETags are unique identifiers for a particular version of a resource found by a URL. They are used for cache validation, to check for modifications quickly. | ||||
|  | ||||
| A client requests a resource from the server at a particular URI. The server responds with the specific ETag value in the HTTP ETag header field. ETag and the resource will be stored locally by the client. Subsequent requests from the client are done with the If-None-Match header, which now contains the ETag value from the previous request. The server now compares the values. If they are the same, it responds with HTTP Status Code 304 Not Modified. If not, the resource is sent. | ||||
|  | ||||
| @@ -0,0 +1,88 @@ | ||||
| # Choosing Fields and Embedded Resources | ||||
|  | ||||
| ## Response Message Fields | ||||
|  | ||||
| Every request that may result in a response with a non-trivial body **SHOULD** implement the `fields` query parameter. If provided, the value of this parameter must be a comma-separated list of top-level response message fields. | ||||
|  | ||||
| Upon receiving such a request, in the event of a 2xx response, the service **SHOULD** respond with a message that includes only top-level fields specified in the `fields` parameter. That includes HAL-specific fields \(`_links` and `_embedded`\). | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Retrieve only some details of an Order resource: | ||||
|  | ||||
| HTTP Request | ||||
|  | ||||
| ```text | ||||
| GET /order/1234?fields=_links,orderNumber,status HTTP/1.1 | ||||
| Accept: application/hal+json | ||||
| ``` | ||||
|  | ||||
| HTTP Response | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Content-Type: application/hal+json | ||||
|  | ||||
| { | ||||
|   "_links": { | ||||
|     "self": { "href": "/orders/1234" }, | ||||
|     "author": { "href": "/users/john" }, | ||||
|     "items": [ ... ] | ||||
|   }, | ||||
|   "orderNumber": 1234, | ||||
|   "status": "pending" | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## Embedded Resources | ||||
|  | ||||
| Similarly to the `fields` query parameter, every request that might result in a response containing related embedded resource representations **SHOULD** implement the `embedded` query parameter. If, provided the value of the `embedded` query parameter **MUST** be a comma-separated list of relation identifiers. | ||||
|  | ||||
| Upon receiving such a request, in the event of a 2xx response, the service **SHOULD** respond with a message that "embeds" \(see HAL `_embedded` field\) only the related resources specified in the `embedded` parameter. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Embed only information about the Author of an Order resource. We are not interested in Items that are in this order. | ||||
|  | ||||
| HTTP Request | ||||
|  | ||||
| ```text | ||||
| GET /order/1234?embed=author HTTP/1.1 | ||||
| Accept: application/hal+json | ||||
| ``` | ||||
|  | ||||
| HTTP Response | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Content-Type: application/hal+json | ||||
|  | ||||
| { | ||||
|   "_links": { | ||||
|     "self": { "href": "/orders/1234" }, | ||||
|     "author": { "href": "/users/john" }, | ||||
|     "items": [ ... ] | ||||
|   }, | ||||
|   "orderNumber": 1234, | ||||
|   "itemCount": 42, | ||||
|   "status": "pending", | ||||
|   "_embedded": { | ||||
|     "author": { | ||||
|       "_links": { "self": "/users/john" }, | ||||
|       "name": "John Appleseed", | ||||
|       "email": "john@apple.com" | ||||
|     } | ||||
|   } | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## Reasonable Defaults | ||||
|  | ||||
| When `fields` and `embedded` parameters are not provided or not implemented the server **SHOULD** return reasonable default field and/or embedded resources. The defaults **MUST** always contain the `_links` field, where available. | ||||
|  | ||||
| ## Resource Variants | ||||
|  | ||||
| The facility of `fields` and `embedded` parameters doesn't impose any restriction of creating new resource variants. | ||||
|  | ||||
| It is OK to create a new resource just as a compound resource only to provide selected fields or blend-embed some existing resources together. | ||||
|  | ||||
							
								
								
									
										41
									
								
								rest-api-guidelines/quality/execution/localization.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								rest-api-guidelines/quality/execution/localization.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| # Localization | ||||
|  | ||||
| ## Language Variants | ||||
|  | ||||
| If a resource has multiple language variants and the difference between variants is only in the language of human-readable fields, then the [`Accept-Language`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language) request HTTP header **SHOULD** be used to select the desired language variant. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| ```text | ||||
| GET /article HTTP/1.1 | ||||
| Accept-Language: en,en-US,fr;q=0.6 | ||||
| ``` | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Content-Type: application/hal+json;charset=UTF-8  | ||||
| Content-Language: en | ||||
| Vary: Accept-Language | ||||
|  | ||||
| ... | ||||
| ``` | ||||
|  | ||||
| ## Language or Country-specific Data Structure | ||||
|  | ||||
| If the difference between language or country specific variants of a resource is bigger than just in the content of human readable strings, for example, the data structure of the resource representation is different, then a query parameter **SHOULD** be used to communicate the requested variant. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| ```text | ||||
| GET /article?market=en_US HTTP/1.1 | ||||
| ``` | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
| Content-Type: application/hal+json;charset=UTF-8  | ||||
| Content-Language: en | ||||
| Vary: Accept-Language | ||||
|  | ||||
| ... | ||||
| ``` | ||||
|  | ||||
							
								
								
									
										29
									
								
								rest-api-guidelines/quality/execution/pagination.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								rest-api-guidelines/quality/execution/pagination.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| # Pagination | ||||
|  | ||||
| A collection resource **SHOULD** provide the [`first`, `last`, `next` and `prev` link](https://tools.ietf.org/html/rfc5988#section-6.2.2)s for navigation within the collection. | ||||
|  | ||||
| ## Example | ||||
|  | ||||
| The Collection of Orders using the collection navigation link and `offset` and `limit` query parameters: | ||||
|  | ||||
| ```javascript | ||||
| { | ||||
|   "_links": { | ||||
|     "self": { "href": "/orders?offset=100&limit=10" }, | ||||
|     "prev": { "href": "/orders?offset=90&limit=10" }, | ||||
|     "next": { "href": "/orders?offset=110&limit=10" }, | ||||
|     "first": { "href": "/orders?limit=10" }, | ||||
|     "last": { "href": "/orders?offset=900&limit=10" } | ||||
|   }, | ||||
|   "total_count": 910, | ||||
|   "_embedded": { | ||||
|     "order": [ | ||||
|       { ... }, | ||||
|       { ... }, | ||||
|  | ||||
|       ...  | ||||
|     ] | ||||
|   } | ||||
| } | ||||
| ``` | ||||
|  | ||||
| @@ -0,0 +1,17 @@ | ||||
| # Query Requests with Large Inputs | ||||
|  | ||||
| While HTTP doesn't impose any limit on the length of a URI, some implementation of server or client might have difficulties handling long URIs \(usually URIs with many or large query parameters\). | ||||
|  | ||||
| Every endpoint with such a URI **MUST** use the HTTP **POST** Request Method and send the query string in HTTP Request Message body using the `application/x-www-form-urlencoded` media type. | ||||
|  | ||||
| ## Example | ||||
|  | ||||
| ```text | ||||
| POST /orders HTTP/1.1 | ||||
| Content-Type: application/x-www-form-urlencoded | ||||
|  | ||||
| search=attributes&color=white&size=56&... | ||||
| ``` | ||||
|  | ||||
| > _NOTE: Since this operation is safe and idempotent, using the POST method violates the HTTP protocol semantics and results in loss of cache-ability._ | ||||
|  | ||||
							
								
								
									
										69
									
								
								rest-api-guidelines/quality/execution/rate-limiting.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								rest-api-guidelines/quality/execution/rate-limiting.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| # Rate Limiting | ||||
|  | ||||
| The API rate limiting is provided by the selected adidas API management platform – Mashery. | ||||
|  | ||||
| Rate limit information is provided in the for of HTTP headers. There are two types of rate limits: **Quota** and **Throttle**. The quota is a limit enforced per a longer period \(typically a day\). The throttle is the limit of calls per second. | ||||
|  | ||||
| ## Quota Limit | ||||
|  | ||||
| The limit on the number of calls per a period \(day\). The default quota limit is 5000 calls per day. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Example response to a request over the quota limit: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 403 Forbidden | ||||
| Content-Type: application/problem+json | ||||
|  | ||||
| X-Error-Detail-Header: Account Over Rate Limit | ||||
| X-Mashery-Error-Code: ERR_403_DEVELOPER_OVER_RATE | ||||
|  | ||||
| { | ||||
|   "title": "Rate Limit Exceeded", | ||||
|   "detail": "Account Over Rate Limit" | ||||
| } | ||||
| ``` | ||||
|  | ||||
| ## Throttle Limit | ||||
|  | ||||
| The limit on the number of calls per second. The default throttle limit is two calls per second. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Example response to a request over the throttle limit: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 403 Forbidden | ||||
| Content-Type: application/problem+json | ||||
|  | ||||
| Retry-After: 1 | ||||
| X-Error-Detail-Header: Account Over Queries Per Second Limit | ||||
| X-Mashery-Error-Code: ERR_403_DEVELOPER_OVER_QPS | ||||
|  | ||||
| { | ||||
|   "title": "Quota Limit Exceeded", | ||||
|   "detail": "Account Over Queries Per Second Limit" | ||||
| } | ||||
| ``` | ||||
|  | ||||
| > NOTE: The `Retry-After` gives a hint how long before the same request should be repeated \(in seconds\). | ||||
|  | ||||
| ## Detail Information | ||||
|  | ||||
| By default, the headers do not contain details about the current usage and quotas. The default can be changed in the API management. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| A successful response with the details about throttle \(`X-Plan-QPS`\) and quota \(`X-Plan-Quota`\) rate limits: | ||||
|  | ||||
| ```text | ||||
| HTTP/1.1 200 OK | ||||
|  | ||||
| X-Plan-QPS-Allotted: 10 | ||||
| X-Plan-QPS-Current: 1 | ||||
| X-Plan-Quota-Allotted: 1000 | ||||
| X-Plan-Quota-Current: 2 | ||||
| X-Plan-Quota-Reset: Tuesday, June 6, 2017 12:00:00 AM GMT | ||||
| ``` | ||||
|  | ||||
							
								
								
									
										65
									
								
								rest-api-guidelines/quality/execution/search-requests.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										65
									
								
								rest-api-guidelines/quality/execution/search-requests.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,65 @@ | ||||
| # Search Requests | ||||
|  | ||||
| A search \(filter\) operation on a collection resource **SHOULD** be defined as safe, idempotent and cacheable, therefore using the [GET HTTP request method](https://adidas-group.gitbooks.io/api-guidelines/content/protocol/use-appropriate-methods.html). | ||||
|  | ||||
| Every search parameter **SHOULD** be provided in the form of a query parameter. In the case of search parameters being mutually exclusive or require the presence of another parameter, the explanation **MUST** be part of operation's description. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| A collection of orders can be filtered by either article id it includes or by article manufacturer id. The two parameters are mutually exclusive and cannot be used together. The API description for such a design should look as follows: | ||||
|  | ||||
| ```yaml | ||||
| paths: | ||||
|   /orders: | ||||
|     x-summary: Collection of Orders | ||||
|  | ||||
|     get: | ||||
|       summary: Retrieve or Search in the Collection of Orders | ||||
|       description: |  | ||||
|  | ||||
|         This operation allows to retrieve a filtered list of orders based on multiple criteria: | ||||
|  | ||||
|         1. **Filter Orders by Article Id** | ||||
|         2. **Filter Orders by Manufacturer Id** | ||||
|  | ||||
|       parameters: | ||||
|         - name: article_id | ||||
|           in: query | ||||
|           description: |  | ||||
|             Article Id. Denotes the id of an article that must be in the order. | ||||
|  | ||||
|             **Mutually exclusive** with `manufacturer_id`. | ||||
|  | ||||
|           required: false | ||||
|           type: string | ||||
|           x-example: article_id_1 | ||||
|  | ||||
|         - name: manufacturer_id | ||||
|           in: query | ||||
|           description: | | ||||
|             Manufacturer Id. Denotes an id of a manufacturer of an article that must be in the order. | ||||
|  | ||||
|             **Mutually exclusive** with `article_id`. | ||||
|  | ||||
|           required: false | ||||
|           type: string | ||||
|           x-example: manufacturer_id_1 | ||||
| ``` | ||||
|  | ||||
| ## Alternative Design | ||||
|  | ||||
| When it would be beneficial \(e.g. one of the filter queries is more common than another one\) a separate resource for the particular query **SHOULD** be provided. In such a case, the pivotal search parameter **MAY** be in the form of a path variable. | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Building on top of the example mentioned above, we will provide the filtering of orders by article id as a separate resource. | ||||
|  | ||||
| ```yaml | ||||
| paths: | ||||
|   /articles/{article_id}/orders: | ||||
|     x-summary: Collection of Orders for given Article  | ||||
|  | ||||
|     get: | ||||
|       summary: Retrieve the collection of Orders that contain given article. | ||||
| ``` | ||||
|  | ||||
		Reference in New Issue
	
	Block a user