# Awesome API [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) [![Build Status](https://img.shields.io/travis/Kikobeats/awesome-api/master.svg?style=flat-square)](https://travis-ci.org/Kikobeats/awesome-api) > A curated list of awesome resources for design and implement RESTful APIs. ## Design ### Overview > REST allows us to create services and applications that can be used by any device or client who understands HTTP. * [Best Practices for Designing a Pragmatic RESTful API](http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api) [[spanish version](https://elbauldelprogramador.com/buenas-practicas-para-el-diseno-de-una-api-restful-pragmatica/)]. * [Ideal REST API Design](https://betimdrenica.wordpress.com/2015/03/09/ideal-rest-api-design/). * [StackOverflow best REST API Design](https://stackoverflow.blog/2020/03/02/best-practices-for-rest-api-design/). * [Heroku API Reference](https://devcenter.heroku.com/articles/platform-api-reference). * [API Terms Glossary](https://github.com/Mashape/apiglossary). * [HTTP API Design by Heroku](https://github.com/interagent/http-api-design). * [Learn REST: A RESTful Tutorial](http://www.restapitutorial.com). * [RAPIS: A REST API Standard for the 21th century](https://github.com/lambda2/rapis). * [IBM Watson REST API Guidelines](https://github.com/watson-developer-cloud/api-guidelines). * [Microsoft REST API Guidelines](https://github.com/Microsoft/api-guidelines). * [Zalando RESTful API and Event Scheme Guidelines](http://zalando.github.io/restful-api-guidelines/) * [gov.uk API technical and data standards](https://www.gov.uk/guidance/gds-api-technical-and-data-standards) * [How to (and how not to) design REST APIs](https://github.com/stickfigure/blog/wiki/How-to-%28and-how-not-to%29-design-REST-APIs) ### Status Code > When you are using a REST design you have to provide the HTTP status code that are the more appropriated to respond to the request. * [HTTP Status code table in RESTAPITutorial](http://www.restapitutorial.com/httpstatuscodes.html). * [httpstatuses.com](https://httpstatuses.com/) * [Status code definition in W3C](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html). * [HTTP Status Code Guides](https://tryhexadecimal.com/guides/http/) ### Authentication * [Auth Boss](https://github.com/teesloane/Auth-Boss) – Learn about different authentication methodologies on the web. * [Authentication Cheat Sheet](https://www.owasp.org/index.php/Authentication_Cheat_Sheet). * [The Problem With API Authentication in Express](https://stormpath.com/blog/the-problem-with-api-authentication-in-express/). * [Web Authentication Methods Explained](https://blog.risingstack.com/web-authentication-methods-explained/). #### JWT > JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. * [10 Things You Should Know about Tokens](https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/). * [Cookies vs Tokens](https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/). * [JWT Draft in IETF](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token). * [JWT.io](http://jwt.io/). * [Using JSON Web Tokens as API Keys](https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/). * [Why Meteor doesn't use session cookies](http://info.meteor.com/blog/session-cookies). * [Guide on API authentication and authorization](https://www.moesif.com/blog/technical/restful-apis/Authorization-on-RESTful-APIs/). ### Authorization #### OAuth > An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications * [The OAuth Bible by Mashape](https://github.com/Kong/mashape-oauth/blob/master/FLOWS.md). ## Caching * [Caching best practices & max-age gotchas](https://jakearchibald.com/2016/caching-best-practices/). * [Increasing Application Performance with HTTP Cache Headers](https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers). * [Using Cloudflare with your API](https://support.cloudflare.com/hc/en-us/articles/200504045-Using-Cloudflare-with-your-API). ## Security * [Helmet, help secure Express/Connect apps with various HTTP headers](https://www.npmjs.com/package/helmet). * [APISecurityBestPractices](https://github.com/GitGuardian/APISecurityBestPractices). * [Node Security Project](https://nodesecurity.io/). * [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/). ## Format * [HAL](http://stateless.co/hal_specification.html) – Simple format that gives a consistent and easy way to hyperlink between resources in your API (see: [HATEOAS](#hateoas)). * [Hydra](http://www.hydra-cg.com/) – Vocabulary for Hypermedia-Driven Web APIs (W3C). * [JSend](http://labs.omniti.com/labs/jsend) – Simple specification that lays down some rules for how JSON responses from web servers should be formatted. * [JSON API](http://jsonapi.org/) – Standard for building APIs in JSON. * [JSON-LD](http://json-ld.org/) – Standard for describing Linked Data and hypermedia relations in JSON (W3C). * [OData](http://www.odata.org/) – Open protocol to allow the creation and consumption of queryable and interoperable RESTful APIs. Quite complex. * [RAML](http://raml.org/) – Simple and succinct way to describe RESTful API. * [Schema.org](http://schema.org) – Collection of schemas describing common data models. ## Discover > Need a API for your projects? ### Curated list * [Awesome APIs Directory](https://github.com/Abhishaker17/Awesome-APIs) – A public list of APIs from round the web. * [public apis](https://github.com/toddmotto/public-apis) – A collective list of public JSON APIs for use in web development. ### Directory * [apis.io](http://apis.io) – API Search service to help discover APIs on the web. * [ProgrammableWeb](https://www.programmableweb.com/apis/directory). ## Testing ### Querying * [Firecamp](https://firecamp.io) – Protocol agnostic API testing client which help you test and manage RestAPIs, GraphQL, Websocket and many more. * [httpie](https://github.com/jkbrzt/httpie) – Command line HTTP client, far more dev-friendly than `curl`. * [HttpMaster](http://www.httpmaster.net) – GUI tool for testing REST APIs and services. Windows OS only. * [jq](https://github.com/stedolan/jq) – Command line JSON processor, to use in combination with a command-line HTTP client like cURL. * [Insomina](https://insomnia.rest/) – A Fancy HTTP REST Client. * [resty](https://github.com/micha/resty) – Little command line REST client that you can use in pipelines (bash or zsh). * [TestMace](https://testmace.com) – A modern powerful crossplatform tool for working with API and creating automated API tests. ### Mocking * [Beeceptor](https://beeceptor.com) - Beeceptor helps intercepting API calls and mocking them selectively. Creates an endpoint for wrapping original API and routes requests. * [FakeRest](https://github.com/marmelab/FakeRest) – Patch XMLHttpRequest to fake a REST API client-side. * [JSON Placeholder](http://jsonplaceholder.typicode.com/) – Free online REST service that you can use whenever you need some fake data. * [json-server](https://github.com/typicode/json-server) – Get a full fake REST API with zero coding in less than 30 seconds. * [Mocky.io](http://www.mocky.io/) – Free online service to create fake HTTP responses. * [FakeQL](https://fakeql.com/) – Mainly focused on GraphQL, but can mock RESTful APIs, as well. * [PIPL API](https://pipl.ir) – Free and public API that generates random and fake people's data in JSON * [API Mocha](https://apimocha.com) - Free online service providing fake REST API endpoints, create customizable responses and download rules as a Postman collection. ### Response * [httpstat.us](https://httpstat.us) – A super simple service for generating different HTTP codes. * [httpbin](https://httpbin.org) – httpbin(1): HTTP Request & Response Service. * [badssl](https://badssl.com) – Testing clients against bad SSL configs. ## Documentation > One of the most important part of your API is have a good documentation and updated with the code. ### Free * [docbox](https://github.com/tmcw/docbox). * [slate](https://github.com/tripit/slate). * [whiteboard](https://github.com/mpociot/whiteboard). ### Services * [RapidAPI](https://docs.rapidapi.com/docs). * [Readme.io](https://readme.io/). * [GitBook](https://www.gitbook.com/). ## Logging * [PM2 by keymetrics](https://pm2.keymetrics.io). * [morgan for expressjs](https://github.com/expressjs/morgan). * [Moesif API Analytics](https://www.moesif.com/features/api-logs). Log and Understand API Traffic. ## Modeling and SaaS > Based in DDD (Domain Driven Development). Generates automatically API's in different languages. * [Alteranatives to API Plug](https://www.producthunt.com/alternatives/api-plug) – 9 alternative and related products to api plug. * [Apiary](https://apiary.io/) – Collaborative design, instant API mock, generated documentation, integrated code samples, debugging and automated testing. * [wrapAPI, Build an API on top of any website](https://wrapapi.com). * [import.io, turn web pages into Data](https://www.import.io/). * [RAML, RESTful API Modeling Language](http://raml.org). * [Runscope](https://www.runscope.com/) – Automated API Monitoring & Testing. * [swagger.io](http://swagger.io). ## Libraries > Used it to improve your workflow * [hello.js](http://adodson.com/hello.js/#hellojs) – A client-side Javascript SDK for authenticating with OAuth2. * [nock](https://www.npmjs.com/package/nock) – HTTP Server mocking for Node.js * [node-ratelimiter](https://github.com/tj/node-ratelimiter) – Rate limiter for Node.js backed by Redis. * [node-uuid](https://github.com/broofa/node-uuid) – Simple and fast generation of UUIDS. * [Supertest](https://www.npmjs.com/package/supertest) – Super-agent driven library for testing HTTP servers. ## Frameworks > Designed specifically for building RESTful API's Quickly. * [Loopback](http://loopback.io). * [Sails.js](http://sailsjs.org). * [FastAPI](https://github.com/tiangolo/fastapi). * [rest-hapi](https://resthapi.com). ## Gateways > Manage API infrastructure concerns such as authentication/authorization, rate limiting, scaling, analytics, etc. ### Open Source / Self-hosted * [API Umbrella](http://apiumbrella.io/). * [ApiAxle](http://apiaxle.com). * [KrakenD](http://krakend.io). * [Mashape Kong](https://getkong.org/). * [Tyk](https://tyk.io/). * [WSO2 API Manager](http://wso2.com/api-management/try-it/).