API Design Best Practices

We recommend the following best practices when you are designing your APIs in :
lac53
We recommend the following best practices when you are designing your APIs in 
Layer7 Live API Creator
:
  • After you have created your API in API Creator, ensure that your API uses a short and meaningful URL fragment. This URL fragment is part of the URL for your API that API users call. For more information about how to define the URL fragment for your API, see API Properties.
  • Specify your logic in API Creator instead of coding logic in your client. This approach centralizes your logic for re-use, including for non-UI clients, such as other systems. It also improves the performance by reducing the amount of data that 
    Layer7 Live API Creator
     must send to the client.
  • Define your logic in event rules or event handlers. For more information:
    • About how to create event rules, see Event Rule Types
    • About how to create event handlers (request and response event handlers), see Event Handlers.
  • By default, API users cannot access your data using regular filters and sorts (regular filters and sorts are turned off and not allowed). To minimize the possibility of SQL injections, when designing resources, consider disallowing API users to use regular filters and sorts and require that requests to your data use named filters and sort. For more information about:
  • If your API does not require that API users specify their authentication token as a URL parameter, clear the 
    Permit Authorization parameter in URL
     checkbox (API setting). By default, API users can specify their authentication token as a URL parameter.
  • Use the 
    .properties
     file for environment-specific configurations in your API instead of hard-coding environment values in your JavaScript code. For more information, see Access Java System Properties from JavaScript Code.
  • Do not hard-code the API version into the URL in your JavaScript code.
  • Wrap table-based resources and named filters within functions. Functions provide you with the flexibility on defining a function endpoint and the parameters. For example, you can call functions by way of GET operations.
  • Define only those JavaScript libraries that your API references as available. There is cost in CPU and memory associated with each library you make available. For more information, see Logic Libraries.
If you are connecting to an application database that has a large schema, do the following:
  • Define schema filters that limit the scan to only those tables, views, stored procedures, and functions that your API requires. Filtering the schema reduces the time that 
    Layer7 Live API Creator
     needs to scan the database metadata and update its cache. For more information about how to define schema filters, see Define Schema Filters.
  • Create your API using the 
    Code-first
     approach to creating APIs, which creates an empty API. Then add a data source by specifying the database connection credentials and schema filters. This approach to creating your API reduces the time that it takes 
    Layer7 Live API Creator
     to scan a database with a large schema. For more information about how to create an API using the 
    Code-first
     approach to creating APIs, see Creating APIs.
For a list of all best practices, see Best Practices.