-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Documenting an API standard #403
base: main
Are you sure you want to change the base?
Conversation
I think there are some things missing here that we might want to think about:
We don't need to have answers to all of those right now, but I think we should bear them in mind. |
We might also want to think about GraphQL. |
We spoke about this in the guild meeting, and some of this we think may be better as a pattern to show how you might want to document something, without been an explicit must. |
To be included:
|
Co-authored-by: Daniel A.C. Martin <daniel-ac-martin@users.noreply.github.com>
Co-authored-by: Jeff Horton <87995501+jeff-horton-ho-sas@users.noreply.github.com>
6398503
to
9154bf2
Compare
|
||
Listing our APIs contributes to the government community as well as other organisations and wider industry. Listing our APIs here will also help inter-departmental data exchanges, as well as sharing best practice in API development. | ||
|
||
If your API is for internal or team use only, then it should be included in the internal API register. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If your API is for internal or team use only, then it should be included in the internal API register. |
- [You MUST document how to raise an issue with your API](#you-must-document-how-to-raise-an-issue-with-your-api) | ||
- [You MUST document information on rate limits](#you-must-document-information-on-rate-limits) | ||
|
||
### You MUST include your API on the relevant registers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### You MUST include your API on the relevant registers | |
### You MUST include your API on the relevant registers if your API is public |
|
||
### You MUST document information on rate limits | ||
|
||
Rate limiting is important to secure your API and consumers may want to query your API often, so documenting the rate limits helps consumers build their software around these limits. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rate limiting is important to secure your API and consumers may want to query your API often, so documenting the rate limits helps consumers build their software around these limits. | |
Rate limiting is important to secure your API and consumers may want to query your API often, so documenting the rate limits helps consumers build their software around these limits. This information may not want to be shared widely if rate limiting is in place for security reasons. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add where appropriate to sharing parts of the documentation more widely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add to opening paragraph.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the rate limit being public is enough to make your application insecure, then it's not an adequate security measure. A malicious user can deterimine the limit through trial and error. Publishing the limit is not the issue, and makes your API harder to use for legitimate consumers.
A project can justify not meeting any part of any standard if their circumstances warrant it. This doesn't need to be a loophole encouraged by the standard.
Code change
I can confirm:
Accessibility considerations
Content change
I can confirm:
e.g. Writing a principle and Writing a standard