Advice for Operating a Public-Facing API #Software @JCS
joshua stein has been operating Pushover’s public-facing API for over a decade now and thought to pass on advice for those creating a new API.
Pushover’s API might be unusual in that it is used by a wide range of devices (embedded IoT things, legacy servers, security cameras, etc.) and HTTP libraries, rather than mostly being accessed from JavaScript in the latest web browsers. It also doesn’t process sensitive financial information, so the advice given here may not be applicable to something operating like Stripe’s API.
Serve your API at api.example.com, never at example.com/api. As your API’s usage grows, it will expand beyond your website/dashboard server and need to move to a separate server or many separate servers. You’ll want to be able to move things around by just pointing its IP somewhere else rather than trying to proxy things from your dashboard server.
Accepting a slightly non-conforming API request today from someone’s ESP8266 buried in a forest might mean you’ll have to keep accepting those same non-conforming requests being made years later, often at the cost of having to implement workarounds in your web framework or server code as it gets upgraded.
Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat and our Discord!
Python for Microcontrollers – Adafruit Daily — Python on Microcontrollers Newsletter: A New Arduino MicroPython Package Manager, How-Tos and Much More! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi
EYE on NPI – Adafruit Daily — EYE on NPI Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey
