Who am I? • Was developer/RM at GroupSpaces for 41/2 years • Now DevOps freelancer • Twitter: @dmi • Github: dingram • Way too many projects • Involved in open source, including Phabricator • Occasionally found at London Hackspace
Why am I giving this talk? • I’ve built a number of APIs • Both for GroupSpaces and my own projects • Sadly most are not public (yet!) • I’m also a consumer of many other APIs • Twitter • Foursquare • Tumblr • TfL • Spotify • . . . blah blah blah. . .
Accept The MIME types the client will accept. No need to use file extensions to decide what content type to serve! Accept-Language The languages the client will accept. No need to ask clients or (worse) just assume English responses.
• ETag – A unique tag for the content • If-(None-)Match – Check ETag • If-(Un)Modified-Since – Is it newer? • Cache-Control – Can it be cached? • Expires – How long is it valid? • Vary – Additional caching rules
Then again, the author of OAuth2 has now advised not upgrading from OAuth 1.0a and either using OAuth 1.0a for new sites or staying close to a large provider’s implementation
Useful status codes: 4 5 Method Not Allowed 4 6 Not Acceptable 412 Precondition Failed 428 Precondition Required* 429 Too Many Requests* *New in RFC6585
Thanks! Any questions? Feedback via Twitter: #apirocketsurgery or @dmi Slides: http://www.dmi.me.uk/talks/ Built in L ATEX Inspired by: http://goo.gl/ mT55