API Design Best Practices
This topic summarizes the best practices when you are designing your APIs in
Layer7 Live API Creator.
We recommend the following best practices when you are designing your APIs in
Layer7 Live API Creator:
- After you have created your API in API Creator, ensure that your API uses a short and meaningful URL fragment. This URL fragment is part of the URL for your API that API users call. For more information about how to define the URL fragment for your API, see API Properties.
- Specify your logic in API Creator instead of coding logic in your client. This approach centralizes your logic for re-use, including for non-UI clients, such as other systems. It also improves the performance by reducing the amount of data thatLayer7 Live API Creatormust send to the client.
- By default, API users cannot access your data using regular filters and sorts (regular filters and sorts are turned off and not allowed). To minimize the possibility of SQL injections, when designing resources, consider disallowing API users to use regular filters and sorts and require that requests to your data use named filters and sort. For more information about:
- If your API does not require that API users specify their authentication token as a URL parameter, clear thePermit Authorization parameter in URLcheckbox (API setting). By default, API users can specify their authentication token as a URL parameter.
- Wrap table-based resources and named filters within functions. Functions provide you with the flexibility on defining a function endpoint and the parameters. For example, you can call functions by way of GET operations.
If you are connecting to an application database that has a large schema, do the following:
- Define schema filters that limit the scan to only those tables, views, stored procedures, and functions that your API requires. Filtering the schema reduces the time thatLayer7 Live API Creatorneeds to scan the database metadata and update its cache. For more information about how to define schema filters, see Define Schema Filters.
- Create your API using theCode-firstapproach to creating APIs, which creates an empty API. Then add a data source by specifying the database connection credentials and schema filters. This approach to creating your API reduces the time that it takesLayer7 Live API Creatorto scan a database with a large schema. For more information about how to create an API using theCode-firstapproach to creating APIs, see Creating APIs.
For a list of all best practices, see Best Practices.