Designing a web API. Best practices?

[ttocskcaj]

I'm developing a REST API for a website. As far as I know, the rules for RESTfulness are sort of broad. I'm just wondering if there are any good resources with tighter guidelines to developing a good, useable API. What are the common practices etc.

Some of the things I'm unclear on are:

Should it use GET and POST, or just one of them?

From what I've read about HTTP, GET is a "safe method" and shouldn't allow data to be changed on the server. Should we use GET to retrieve data off the server, and POST to save data to the server?

Or is it common practice to use POST for getting and storing data?

 

Should we utilize the HTTP status codes?

Should the HTTP status change when things go wrong? Should it be 400 if something doesn't work properly? Or 404 if the method doesn't exist?

If the request is successful, and there's no data to return, should it be 204 No Data or 200 with JSON/XML that shows it was successful?

[trq]

You should checkout the Slim micro framework. (http://www.slimframework.com) It is specifically designed to build RESTful applications on top of and supports GET, POST and PUT.

[ttocskcaj]

Thanks. I might not use it directly, but I will look at their code for inspiration. It's a very nice website as well haha.

[requinix]

In REST, POST's meaning is a bit more pure than it is for web stuff. POST is for making changes - not retrieving data. Specifically it's supposed to be for creating things. There's also PUT which is like POST but can also be for updating. In reality they're both basically the same thing and I'd treat them the same way.

Besides GET the other common operations are DELETE (which does exactly what it sounds like) and HEAD (which gets information about the resource without actually sending the resource).

 

Status codes are important and have basically the same meaning in REST. You actually get to use more than standard webpages and websites would use.

Read through this list and try to obey the semantics for everything, but you don't have to use everything there. Like it wouldn't be a crime to send a 200 OK even if there's no content.

[ttocskcaj]

The reason I'd want to have content on a 200 status is because some users may be only using the content and ignoring the status codes.

 

I did realize there were PUT and DELETE methods as well, however lots of web apps I've looked at use only GET or only POST, and still claim to be RESTful.

[trq]

I did realize there were PUT and DELETE methods as well, however lots of web apps I've looked at use only GET or only POST, and still claim to be RESTful.

 

This is generally because browser forms don't support PUT or DELETE.

[ttocskcaj]

A browser shouldn't really be accessing an API should it? They generally return JSON or XML and are made for computers to access.

[trq]

Well not really, but they do on occasion. A lot of people access them via Ajax these days, which is fine because that (and most Ajax frameworks) does support PUT and DELETE.

[ttocskcaj]

Yea, it would be used by the AJAX on the actual website as well. Through jQuery most likely.