Code-Memo

API Design

1. API Fundamentals

  1. What an API is
  2. Client-server communication model
  3. API vs SDK vs library
  4. REST vs RPC vs GraphQL overview

2. REST Principles

  1. What REST means
  2. Statelessness
  3. Resource-based design
  4. Uniform interface concept
  5. Client-server separation

3. Resource Design

  1. What a “resource” is in APIs
  2. Nouns vs verbs in endpoints
  3. Naming conventions (/users, /orders)
  4. Hierarchical resources (/users/{id}/orders)

4. HTTP Methods in APIs

  1. GET (read)
  2. POST (create)
  3. PUT vs PATCH (update differences)
  4. DELETE (remove)
  5. Idempotency concept

5. HTTP Status Codes

  1. 2xx success codes
  2. 3xx redirection basics
  3. 4xx client errors
  4. 5xx server errors
  5. When to use each properly

6. Request & Response Structure

  1. JSON as standard format
  2. Headers
  3. Query params vs path params vs body
  4. Consistent response formats

7. Authentication & Authorization

  1. Authentication vs authorization
  2. API keys
  3. JWT (JSON Web Tokens)
  4. OAuth2 overview
  5. Session-based auth vs token-based auth

8. API Security

  1. Rate limiting
  2. Input validation
  3. CORS (Cross-Origin Resource Sharing)
  4. HTTPS requirement
  5. Preventing common attacks (XSS, injection basics in APIs)

9. API Versioning

  1. Why versioning is needed
  2. URI versioning
  3. Header-based versioning
  4. Backward compatibility strategies

10. Pagination, Filtering, Sorting

  1. Offset vs cursor pagination
  2. Filtering with query params
  3. Sorting design patterns
  4. Performance considerations for large datasets

11. Error Handling

  1. Standard error response structure
  2. Meaningful error messages
  3. Error codes vs HTTP status confusion
  4. Debugging-friendly responses

12. API Documentation

  1. OpenAPI / Swagger concept
  2. Why documentation matters
  3. Examples and schemas
  4. Auto-generated docs

13. API Design Best Practices

  1. Consistency in naming and structure
  2. Avoiding breaking changes
  3. Keeping APIs simple
  4. Separation of concerns
  5. Versioning strategy planning

14. Performance & Scalability

  1. Caching (HTTP caching headers)
  2. ETags and conditional requests
  3. Rate limiting strategies
  4. Bulk operations vs single requests
  5. Payload optimization

15. API Architecture Styles

  1. REST vs GraphQL tradeoffs
  2. gRPC basics
  3. Webhooks (event-driven APIs)
  4. Polling vs push models

16. Idempotency & Reliability

  1. What idempotency means in APIs
  2. Why it matters in retries
  3. Idempotency keys
  4. Safe retries in distributed systems

17. API Gateway Concepts

  1. What an API gateway does
  2. Routing, authentication, rate limiting
  3. Aggregation of services
  4. Examples in cloud architectures

18. Observability for APIs

  1. Logging requests/responses
  2. Metrics (latency, error rate)
  3. Tracing distributed requests
  4. Correlation IDs

19. API Testing

  1. Unit vs integration API tests
  2. Contract testing
  3. Postman / automated testing
  4. Mocking APIs

20. Advanced API Concepts

  1. Event-driven APIs
  2. Webhooks vs APIs
  3. Async APIs
  4. Long polling vs SSE vs WebSockets
  5. API composition in microservices