20 KiB
20 KiB
Awesome API !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome) !Build Status
(https://img.shields.io/travis/Kikobeats/awesome-api/master.svg?style=flat-square) (https://travis-ci.org/Kikobeats/awesome-api)
▐ A curated list of awesome resources for design and implement RESTful APIs.
Design
Overview
▐ REST allows us to create services and applications that can be used by any device or client who understands HTTP.
⟡ Best Practices for Designing a Pragmatic RESTful API (http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api) spanish version
(https://elbauldelprogramador.com/buenas-practicas-para-el-diseno-de-una-api-restful-pragmatica/) .
⟡ Ideal REST API Design (https://betimdrenica.wordpress.com/2015/03/09/ideal-rest-api-design/).
⟡ StackOverflow best REST API Design (https://stackoverflow.blog/2020/03/02/best-practices-for-rest-api-design/).
⟡ Heroku API Reference (https://devcenter.heroku.com/articles/platform-api-reference).
⟡ API Terms Glossary (https://github.com/Mashape/apiglossary).
⟡ HTTP API Design by Heroku (https://github.com/interagent/http-api-design).
⟡ Learn REST: A RESTful Tutorial (http://www.restapitutorial.com).
⟡ RAPIS: A REST API Standard for the 21th century (https://github.com/lambda2/rapis).
⟡ IBM Watson REST API Guidelines (https://github.com/watson-developer-cloud/api-guidelines).
⟡ Microsoft REST API Guidelines (https://github.com/Microsoft/api-guidelines).
⟡ Zalando RESTful API and Event Scheme Guidelines (http://zalando.github.io/restful-api-guidelines/)
⟡ gov.uk API technical and data standards (https://www.gov.uk/guidance/gds-api-technical-and-data-standards)
⟡ How to (and how not to) design REST APIs (https://github.com/stickfigure/blog/wiki/How-to-%28and-how-not-to%29-design-REST-APIs)
Status Code
▐ When you are using a REST design you have to provide the HTTP status code that are the more appropriated to respond to the request.
⟡ HTTP Status code table in RESTAPITutorial (http://www.restapitutorial.com/httpstatuscodes.html).
⟡ httpstatuses.com (https://httpstatuses.com/)
⟡ Status code definition in W3C (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html).
⟡ HTTP Status Code Guides (https://tryhexadecimal.com/guides/http/)
Authentication
⟡ Auth Boss (https://github.com/teesloane/Auth-Boss) – Learn about different authentication methodologies on the web.
⟡ Authentication Cheat Sheet (https://www.owasp.org/index.php/Authentication_Cheat_Sheet).
⟡ The Problem With API Authentication in Express (https://stormpath.com/blog/the-problem-with-api-authentication-in-express/).
⟡ Web Authentication Methods Explained (https://blog.risingstack.com/web-authentication-methods-explained/).
JWT
▐ JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.
⟡ 10 Things You Should Know about Tokens (https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/).
⟡ Cookies vs Tokens (https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/).
⟡ JWT Draft in IETF (https://tools.ietf.org/html/draft-ietf-oauth-json-web-token).
⟡ JWT.io (http://jwt.io/).
⟡ Using JSON Web Tokens as API Keys (https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/).
⟡ Why Meteor doesn't use session cookies (http://info.meteor.com/blog/session-cookies).
⟡ Guide on API authentication and authorization (https://www.moesif.com/blog/technical/restful-apis/Authorization-on-RESTful-APIs/).
Authorization
OAuth
▐ An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications
⟡ The OAuth Bible by Mashape (https://github.com/Kong/mashape-oauth/blob/master/FLOWS.md).
Caching
⟡ Caching best practices & max-age gotchas (https://jakearchibald.com/2016/caching-best-practices/).
⟡ Increasing Application Performance with HTTP Cache Headers (https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers).
⟡ Using Cloudflare with your API (https://support.cloudflare.com/hc/en-us/articles/200504045-Using-Cloudflare-with-your-API).
Security
⟡ Helmet, help secure Express/Connect apps with various HTTP headers (https://www.npmjs.com/package/helmet).
⟡ APISecurityBestPractices (https://github.com/GitGuardian/APISecurityBestPractices).
⟡ Node Security Project (https://nodesecurity.io/).
⟡ Node.js Security Checklist (https://blog.risingstack.com/node-js-security-checklist/).
Format
⟡ HAL (http://stateless.co/hal_specification.html) – Simple format that gives a consistent and easy way to hyperlink between resources in your API (see: HATEOAS (#hateoas)).
⟡ Hydra (http://www.hydra-cg.com/) – Vocabulary for Hypermedia-Driven Web APIs (W3C).
⟡ JSend (http://labs.omniti.com/labs/jsend) – Simple specification that lays down some rules for how JSON responses from web servers should be formatted.
⟡ JSON API (http://jsonapi.org/) – Standard for building APIs in JSON.
⟡ JSON-LD (http://json-ld.org/) – Standard for describing Linked Data and hypermedia relations in JSON (W3C).
⟡ OData (http://www.odata.org/) – Open protocol to allow the creation and consumption of queryable and interoperable RESTful APIs. Quite complex.
⟡ RAML (http://raml.org/) – Simple and succinct way to describe RESTful API.
⟡ Schema.org (http://schema.org) – Collection of schemas describing common data models.
Discover
▐ Need a API for your projects?
Curated list
⟡ Awesome APIs Directory (https://github.com/Abhishaker17/Awesome-APIs) – A public list of APIs from round the web.
⟡ public apis (https://github.com/toddmotto/public-apis) – A collective list of public JSON APIs for use in web development.
Directory
⟡ apis.io (http://apis.io) – API Search service to help discover APIs on the web.
⟡ ProgrammableWeb (https://www.programmableweb.com/apis/directory).
Testing
Querying
⟡ Firecamp (https://firecamp.io) – Protocol agnostic API testing client which help you test and manage RestAPIs, GraphQL, Websocket and many more.
⟡ httpie (https://github.com/jkbrzt/httpie) – Command line HTTP client, far more dev-friendly than curl.
⟡ HttpMaster (http://www.httpmaster.net) – GUI tool for testing REST APIs and services. Windows OS only.
⟡ jq (https://github.com/stedolan/jq) – Command line JSON processor, to use in combination with a command-line HTTP client like cURL.
⟡ Insomina (https://insomnia.rest/) – A Fancy HTTP REST Client.
⟡ resty (https://github.com/micha/resty) – Little command line REST client that you can use in pipelines (bash or zsh).
⟡ TestMace (https://testmace.com) – A modern powerful crossplatform tool for working with API and creating automated API tests.
Mocking
⟡ Beeceptor (https://beeceptor.com) - Beeceptor helps intercepting API calls and mocking them selectively. Creates an endpoint for wrapping original API and routes requests.
⟡ FakeRest (https://github.com/marmelab/FakeRest) – Patch XMLHttpRequest to fake a REST API client-side.
⟡ JSON Placeholder (http://jsonplaceholder.typicode.com/) – Free online REST service that you can use whenever you need some fake data.
⟡ json-server (https://github.com/typicode/json-server) – Get a full fake REST API with zero coding in less than 30 seconds.
⟡ Mocky.io (http://www.mocky.io/) – Free online service to create fake HTTP responses.
⟡ FakeQL (https://fakeql.com/) – Mainly focused on GraphQL, but can mock RESTful APIs, as well.
⟡ PIPL API (https://pipl.ir) – Free and public API that generates random and fake people's data in JSON
⟡ API Mocha (https://apimocha.com) - Free online service providing fake REST API endpoints, create customizable responses and download rules as a Postman collection.
Response
⟡ httpstat.us (https://httpstat.us) – A super simple service for generating different HTTP codes.
⟡ httpbin (https://httpbin.org) – httpbin(1): HTTP Request & Response Service.
⟡ badssl (https://badssl.com) – Testing clients against bad SSL configs.
Documentation
▐ One of the most important part of your API is have a good documentation and updated with the code.
Free
⟡ docbox (https://github.com/tmcw/docbox).
⟡ slate (https://github.com/tripit/slate).
⟡ whiteboard (https://github.com/mpociot/whiteboard).
Services
⟡ RapidAPI (https://docs.rapidapi.com/docs).
⟡ Readme.io (https://readme.io/).
⟡ GitBook (https://www.gitbook.com/).
Logging
⟡ PM2 by keymetrics (https://pm2.keymetrics.io).
⟡ morgan for expressjs (https://github.com/expressjs/morgan).
⟡ Moesif API Analytics (https://www.moesif.com/features/api-logs). Log and Understand API Traffic.
Modeling and SaaS
▐ Based in DDD (Domain Driven Development). Generates automatically API's in different languages.
⟡ Alteranatives to API Plug (https://www.producthunt.com/alternatives/api-plug) – 9 alternative and related products to api plug.
⟡ Apiary (https://apiary.io/) – Collaborative design, instant API mock, generated documentation, integrated code samples, debugging and automated testing.
⟡ wrapAPI, Build an API on top of any website (https://wrapapi.com).
⟡ import.io, turn web pages into Data (https://www.import.io/).
⟡ RAML, RESTful API Modeling Language (http://raml.org).
⟡ Runscope (https://www.runscope.com/) – Automated API Monitoring & Testing.
⟡ swagger.io (http://swagger.io).
Libraries
▐ Used it to improve your workflow
⟡ hello.js (http://adodson.com/hello.js/#hellojs) – A client-side Javascript SDK for authenticating with OAuth2.
⟡ nock (https://www.npmjs.com/package/nock) – HTTP Server mocking for Node.js
⟡ node-ratelimiter (https://github.com/tj/node-ratelimiter) – Rate limiter for Node.js backed by Redis.
⟡ node-uuid (https://github.com/broofa/node-uuid) – Simple and fast generation of UUIDS.
⟡ Supertest (https://www.npmjs.com/package/supertest) – Super-agent driven library for testing HTTP servers.
Frameworks
▐ Designed specifically for building RESTful API's Quickly.
⟡ Loopback (http://loopback.io).
⟡ Sails.js (http://sailsjs.org).
⟡ FastAPI (https://github.com/tiangolo/fastapi).
⟡ rest-hapi (https://resthapi.com).
Gateways
▐ Manage API infrastructure concerns such as authentication/authorization, rate limiting, scaling, analytics, etc.
Open Source / Self-hosted
⟡ API Umbrella (http://apiumbrella.io/).
⟡ ApiAxle (http://apiaxle.com).
⟡ KrakenD (http://krakend.io).
⟡ Mashape Kong (https://getkong.org/).
⟡ Tyk (https://tyk.io/).
⟡ WSO2 API Manager (http://wso2.com/api-management/try-it/).
(https://img.shields.io/travis/Kikobeats/awesome-api/master.svg?style=flat-square) (https://travis-ci.org/Kikobeats/awesome-api)
▐ A curated list of awesome resources for design and implement RESTful APIs.
Design
Overview
▐ REST allows us to create services and applications that can be used by any device or client who understands HTTP.
⟡ Best Practices for Designing a Pragmatic RESTful API (http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api) spanish version
(https://elbauldelprogramador.com/buenas-practicas-para-el-diseno-de-una-api-restful-pragmatica/) .
⟡ Ideal REST API Design (https://betimdrenica.wordpress.com/2015/03/09/ideal-rest-api-design/).
⟡ StackOverflow best REST API Design (https://stackoverflow.blog/2020/03/02/best-practices-for-rest-api-design/).
⟡ Heroku API Reference (https://devcenter.heroku.com/articles/platform-api-reference).
⟡ API Terms Glossary (https://github.com/Mashape/apiglossary).
⟡ HTTP API Design by Heroku (https://github.com/interagent/http-api-design).
⟡ Learn REST: A RESTful Tutorial (http://www.restapitutorial.com).
⟡ RAPIS: A REST API Standard for the 21th century (https://github.com/lambda2/rapis).
⟡ IBM Watson REST API Guidelines (https://github.com/watson-developer-cloud/api-guidelines).
⟡ Microsoft REST API Guidelines (https://github.com/Microsoft/api-guidelines).
⟡ Zalando RESTful API and Event Scheme Guidelines (http://zalando.github.io/restful-api-guidelines/)
⟡ gov.uk API technical and data standards (https://www.gov.uk/guidance/gds-api-technical-and-data-standards)
⟡ How to (and how not to) design REST APIs (https://github.com/stickfigure/blog/wiki/How-to-%28and-how-not-to%29-design-REST-APIs)
Status Code
▐ When you are using a REST design you have to provide the HTTP status code that are the more appropriated to respond to the request.
⟡ HTTP Status code table in RESTAPITutorial (http://www.restapitutorial.com/httpstatuscodes.html).
⟡ httpstatuses.com (https://httpstatuses.com/)
⟡ Status code definition in W3C (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html).
⟡ HTTP Status Code Guides (https://tryhexadecimal.com/guides/http/)
Authentication
⟡ Auth Boss (https://github.com/teesloane/Auth-Boss) – Learn about different authentication methodologies on the web.
⟡ Authentication Cheat Sheet (https://www.owasp.org/index.php/Authentication_Cheat_Sheet).
⟡ The Problem With API Authentication in Express (https://stormpath.com/blog/the-problem-with-api-authentication-in-express/).
⟡ Web Authentication Methods Explained (https://blog.risingstack.com/web-authentication-methods-explained/).
JWT
▐ JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.
⟡ 10 Things You Should Know about Tokens (https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/).
⟡ Cookies vs Tokens (https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/).
⟡ JWT Draft in IETF (https://tools.ietf.org/html/draft-ietf-oauth-json-web-token).
⟡ JWT.io (http://jwt.io/).
⟡ Using JSON Web Tokens as API Keys (https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/).
⟡ Why Meteor doesn't use session cookies (http://info.meteor.com/blog/session-cookies).
⟡ Guide on API authentication and authorization (https://www.moesif.com/blog/technical/restful-apis/Authorization-on-RESTful-APIs/).
Authorization
OAuth
▐ An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications
⟡ The OAuth Bible by Mashape (https://github.com/Kong/mashape-oauth/blob/master/FLOWS.md).
Caching
⟡ Caching best practices & max-age gotchas (https://jakearchibald.com/2016/caching-best-practices/).
⟡ Increasing Application Performance with HTTP Cache Headers (https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers).
⟡ Using Cloudflare with your API (https://support.cloudflare.com/hc/en-us/articles/200504045-Using-Cloudflare-with-your-API).
Security
⟡ Helmet, help secure Express/Connect apps with various HTTP headers (https://www.npmjs.com/package/helmet).
⟡ APISecurityBestPractices (https://github.com/GitGuardian/APISecurityBestPractices).
⟡ Node Security Project (https://nodesecurity.io/).
⟡ Node.js Security Checklist (https://blog.risingstack.com/node-js-security-checklist/).
Format
⟡ HAL (http://stateless.co/hal_specification.html) – Simple format that gives a consistent and easy way to hyperlink between resources in your API (see: HATEOAS (#hateoas)).
⟡ Hydra (http://www.hydra-cg.com/) – Vocabulary for Hypermedia-Driven Web APIs (W3C).
⟡ JSend (http://labs.omniti.com/labs/jsend) – Simple specification that lays down some rules for how JSON responses from web servers should be formatted.
⟡ JSON API (http://jsonapi.org/) – Standard for building APIs in JSON.
⟡ JSON-LD (http://json-ld.org/) – Standard for describing Linked Data and hypermedia relations in JSON (W3C).
⟡ OData (http://www.odata.org/) – Open protocol to allow the creation and consumption of queryable and interoperable RESTful APIs. Quite complex.
⟡ RAML (http://raml.org/) – Simple and succinct way to describe RESTful API.
⟡ Schema.org (http://schema.org) – Collection of schemas describing common data models.
Discover
▐ Need a API for your projects?
Curated list
⟡ Awesome APIs Directory (https://github.com/Abhishaker17/Awesome-APIs) – A public list of APIs from round the web.
⟡ public apis (https://github.com/toddmotto/public-apis) – A collective list of public JSON APIs for use in web development.
Directory
⟡ apis.io (http://apis.io) – API Search service to help discover APIs on the web.
⟡ ProgrammableWeb (https://www.programmableweb.com/apis/directory).
Testing
Querying
⟡ Firecamp (https://firecamp.io) – Protocol agnostic API testing client which help you test and manage RestAPIs, GraphQL, Websocket and many more.
⟡ httpie (https://github.com/jkbrzt/httpie) – Command line HTTP client, far more dev-friendly than curl.
⟡ HttpMaster (http://www.httpmaster.net) – GUI tool for testing REST APIs and services. Windows OS only.
⟡ jq (https://github.com/stedolan/jq) – Command line JSON processor, to use in combination with a command-line HTTP client like cURL.
⟡ Insomina (https://insomnia.rest/) – A Fancy HTTP REST Client.
⟡ resty (https://github.com/micha/resty) – Little command line REST client that you can use in pipelines (bash or zsh).
⟡ TestMace (https://testmace.com) – A modern powerful crossplatform tool for working with API and creating automated API tests.
Mocking
⟡ Beeceptor (https://beeceptor.com) - Beeceptor helps intercepting API calls and mocking them selectively. Creates an endpoint for wrapping original API and routes requests.
⟡ FakeRest (https://github.com/marmelab/FakeRest) – Patch XMLHttpRequest to fake a REST API client-side.
⟡ JSON Placeholder (http://jsonplaceholder.typicode.com/) – Free online REST service that you can use whenever you need some fake data.
⟡ json-server (https://github.com/typicode/json-server) – Get a full fake REST API with zero coding in less than 30 seconds.
⟡ Mocky.io (http://www.mocky.io/) – Free online service to create fake HTTP responses.
⟡ FakeQL (https://fakeql.com/) – Mainly focused on GraphQL, but can mock RESTful APIs, as well.
⟡ PIPL API (https://pipl.ir) – Free and public API that generates random and fake people's data in JSON
⟡ API Mocha (https://apimocha.com) - Free online service providing fake REST API endpoints, create customizable responses and download rules as a Postman collection.
Response
⟡ httpstat.us (https://httpstat.us) – A super simple service for generating different HTTP codes.
⟡ httpbin (https://httpbin.org) – httpbin(1): HTTP Request & Response Service.
⟡ badssl (https://badssl.com) – Testing clients against bad SSL configs.
Documentation
▐ One of the most important part of your API is have a good documentation and updated with the code.
Free
⟡ docbox (https://github.com/tmcw/docbox).
⟡ slate (https://github.com/tripit/slate).
⟡ whiteboard (https://github.com/mpociot/whiteboard).
Services
⟡ RapidAPI (https://docs.rapidapi.com/docs).
⟡ Readme.io (https://readme.io/).
⟡ GitBook (https://www.gitbook.com/).
Logging
⟡ PM2 by keymetrics (https://pm2.keymetrics.io).
⟡ morgan for expressjs (https://github.com/expressjs/morgan).
⟡ Moesif API Analytics (https://www.moesif.com/features/api-logs). Log and Understand API Traffic.
Modeling and SaaS
▐ Based in DDD (Domain Driven Development). Generates automatically API's in different languages.
⟡ Alteranatives to API Plug (https://www.producthunt.com/alternatives/api-plug) – 9 alternative and related products to api plug.
⟡ Apiary (https://apiary.io/) – Collaborative design, instant API mock, generated documentation, integrated code samples, debugging and automated testing.
⟡ wrapAPI, Build an API on top of any website (https://wrapapi.com).
⟡ import.io, turn web pages into Data (https://www.import.io/).
⟡ RAML, RESTful API Modeling Language (http://raml.org).
⟡ Runscope (https://www.runscope.com/) – Automated API Monitoring & Testing.
⟡ swagger.io (http://swagger.io).
Libraries
▐ Used it to improve your workflow
⟡ hello.js (http://adodson.com/hello.js/#hellojs) – A client-side Javascript SDK for authenticating with OAuth2.
⟡ nock (https://www.npmjs.com/package/nock) – HTTP Server mocking for Node.js
⟡ node-ratelimiter (https://github.com/tj/node-ratelimiter) – Rate limiter for Node.js backed by Redis.
⟡ node-uuid (https://github.com/broofa/node-uuid) – Simple and fast generation of UUIDS.
⟡ Supertest (https://www.npmjs.com/package/supertest) – Super-agent driven library for testing HTTP servers.
Frameworks
▐ Designed specifically for building RESTful API's Quickly.
⟡ Loopback (http://loopback.io).
⟡ Sails.js (http://sailsjs.org).
⟡ FastAPI (https://github.com/tiangolo/fastapi).
⟡ rest-hapi (https://resthapi.com).
Gateways
▐ Manage API infrastructure concerns such as authentication/authorization, rate limiting, scaling, analytics, etc.
Open Source / Self-hosted
⟡ API Umbrella (http://apiumbrella.io/).
⟡ ApiAxle (http://apiaxle.com).
⟡ KrakenD (http://krakend.io).
⟡ Mashape Kong (https://getkong.org/).
⟡ Tyk (https://tyk.io/).
⟡ WSO2 API Manager (http://wso2.com/api-management/try-it/).