Finest practices for CodeIgniter API improvement
Trendy internet functions in-built CodeIgniter require API assist. This text touches on these finest practices for API improvement in CodeIgniter. These are normal tips and maintain true for all variations of CodeIgniter framework.
Use Standing Codes
you need to use standing codes in responses of request. It will helpfull for customers to recognized whether or not the request is successfull or fail. An excellent API ought to all the time return the right HTTP error code that appropriately explains the character of the particular error that has occurred. For instance:
"status_code": "401 Unauthorized", "error": "invalid_token", "error_description": "Entry token expired: fhsgjfgs777868sdf868."
Use nouns as an alternative of verbs
Naming conventation in apis are necessary and may save lots of confusion. Use noun on the finish of api path it is because our HTTP request methodology already has the verb.
DO: http://www.instance.com/prospects/create
DON’T: http://www.instance.com/createcustomers
Use filtering, looking and Pagination
Someday API response knowledge is giant. Then retrieving knowledge from database may be very sluggish. For this objective we use pagination. In filtering use a novel question parameter for retrieve the outcome. Typically primary filters aren’t ample and also you want the facility of full textual content search then use looking in APIs. For instance:
DO: http://localhost:8080/relaxation/api
DON’T: http://localhost:8080/relaxation/api?restrict=20&offset=0
As a substitute of restrict primarily based pagination, Its a finest apply to implement cursor-based pagination. All the great corporations are shifting in direction of cursor-based pagination for giant datasets the place its necessary to not lose any knowledge throughout updates. Verify the hyperlink on the finish of this text to study cursor-based pagination.
Safety
Safety is necessary whenever you construct apis. For API administration and safety use api_key that could be a single token string. Fundamental Authentication that could be a two token string resolution (username and password) Essential to validate the enter fields. Set up trusted identities after which management entry to providers and assets through the use of tokens assigned to these identities. At the least implement the precept of privilege. Folks shouldn’t be capable to entry extra data that they requested. For instance a standard consumer shouldn’t be in a position to entry data of one other consumer. In addition they shouldn’t be in a position to entry knowledge of admins.
Use charge limiting
Setting a threshold/throttling for an api. Different requests might be rejected. For instance 30 requests per minute per account. Throttling can forestall denial of service assaults. A leaky bucket algorithm might be carried out to this impact.
Optimizing for Human Readers
APIs have to be straightforward to know and use. Make the most of clear and simple naming techniques with no abbreviation.
Make the most of nouns moderately than verbs in HTTP strategies. Have straightforward to understood and easy descriptions for error administration together with standardized error codes.
API Documentation
API documentation ought to present details about the authorization, request/response examples, attainable response standing codes, pagination and obtainable limits or throttling. It must be appropriate, up-to-date and simple to know.
Working with Consultants
Lastly, it helps for those who work with individuals who have finished this a couple of dozen time and know the best way to develop CodeIgniter APIs with finest practices in-built. Allow us to make the additional effort for you.