Versions Compared

Version Old Version 7 New Version Current
Changes made by

Satwinder Singh

Alan Crosswell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: more jsonapi

...

Note that the above definitions have reserved use the following query parameter names:

  • filter

  • sortBy

  • sortOrdersort

  • fields

Please use these as shown in the example. Additional query parameters can of course be usedFor more complete details, see the JSON API Architecture Pattern.

API Pattern Example

Basic Operation APIs are shown with examples (for the directory app, version 1):

...

The following metadata and special resources should be available for every application:

Enterprise Metadata Resources (DRAFT)

A top-level Columbia University enterprise metadata directory will contain the list of available types (schemas) and resource types (item, collection, etc.) that are used by the various applications:

SSL Everywhere

Always use SSL, no exceptions. This is enforced at the f5 load balancer (https://<domain-app>.api.columbia.edu) which terminates SSL sessions.

...

Always provide good API documentation. The document should be easy to find and publicly accessible to the consumers. Documentation should consist of:

  • RAML 1OpenAPI Specification (OAS) 3.0 API definition that documents the API in general, the specific resources and the methods that operate on them, Meanings of OAuth 2.0 scopes, etc.

  • An API Notebook example An example walkthrough of using the API.References to the schemas and logical data model underlying the API. This should be in the RAML. See also API Metadata, above, perhaps using a Jupyter Notebook.

JSON only responses

At Columbia JSON responses are preferred responses from API

...

For APIs which returns large number of records, link headers links should be used for pagination into the previous and next pages. For example:

{

...

"links": {
    "first": "https://app.api

...

.columbia.edu/v1

...

/things/?page

...

[number]=1",
    "last": "https://app.api.columbia.edu/v1/things/?page[number]=448",
    "next": "https://app.api.columbia.edu/v1

...

/things/?page

...

[number]=2",
    "prev": null
  },
  "data": [ ... ]
}

Rate Limiting

It is good practice to add rate limiting to an API, use HTTP status code 429 Too Many Requests

...

An API should provide a useful error message in a known consumable format like JSON. The error message should contain its own set of fields, for example:

{
    "errors": [
        {
            "

...

detail": "

...

Authentication credentials were not provided.",

...

     "status":

...

"401",
            "source": {

...

      "pointer":

...

"/data"
            },
            "code": "not_authenticated"
        }
    ]
}

N.B. See JSON API error objects. There is more discussion needed around a recommended standard error response.

HTTP Codes

API should return HTTP defined status codes, which helps consumer of API route their responses accordingly, see below for the list (HTTP Status code)

...