Upgrade to Pro — share decks privately, control downloads, hide ads and more …

12 Reasons Your API Sucks

12 Reasons Your API Sucks

New version: https://speakerdeck.com/caseysoftware/12-reasons-your-api-sucks-2017-rev

Those first moments of using an API are pivotal. There’s nothing like downloading this week’s PDF of the documentation, setting up a SOAP client, reconfiguring all your URLs, and decoding the latest binary payloads. It makes your heart sing and your blood pressure rise.

Just like there are code smells through the rest of your project, there are API smells that make them hard to design, hard to launch, and hard to maintain. We’ll use this time to explore a few common APIs to highlight those issues and demonstrate strategies to fix the issues before they become problems.

Keith Casey

August 12, 2014
Tweet

More Decks by Keith Casey

Other Decks in Technology

Transcript

  1. Assumptions APIs are an important part of your job Use

    them on a regular basis Potentially build them too Sometimes public, sometimes private
  2. “I set aside an hour…” Not really, but you really

    tried… phone calls, emails, IM, Slack, etc, etc “Do you have a minute?” TPS reports
  3. 5. SOAP as the Interface REST is borrowing $10 from

    a friend SOAP is getting a mortgage
  4. 6b. Illogical/Inconsistencies 201, Location header ??? 201, Location header 201,

    Location header 201, Location header POST -d {data} /api/v1/accounts /api/v1/contacts /api/v1/contact_histories /api/v1/users/current.json /api/v1/contact/:id/groupings
  5. 6b. Illogical/Inconsistencies 201, Location header 200, Resource 201, Location header

    201, Location header 201, Location header POST -d {data} /api/v1/accounts /api/v1/contacts /api/v1/contact_histories /api/v1/users/current.json /api/v1/contact/:id/groupings
  6. 7. Poor Workflow/Modeling Affordances What is the API producer’s goal?

    What problems/tasks does it makes simple? What do you want to do?
  7. 7. Poor Workflow/Modeling Who is the API for? Is this

    an internal API made public? Is this specifically designed for external use? Where does the API fit in their business? aka - Bolted on or part of their company?
  8. 9. Authentication Don’t roll your own “new” methods Don’t roll

    your own “encryption” scheme Please. No, seriously.
  9. 10. Your sh.. stuff is broken What does your uptime

    look like? Is the API deterministic? (No, seriously..) Are the docs up to date?
  10. Building Logical & Consistent aka Predictable Designed Workflows vs random

    junk The One True Way Consistent Payloads Authentication