A curated list of awesome resources for design and implement RESTful APIs.
REST allows us to create services and applications that can be used by any device or client who understands HTTP.
- Best Practices for Designing a Pragmatic RESTful API [spanish version].
- Ideal REST API Design.
- StackOverflow best REST API Design.
- Heroku API Reference.
- API Terms Glossary.
- HTTP API Design by Heroku.
- Learn REST: A RESTful Tutorial.
- RAPIS: A REST API Standard for the 21th century.
- IBM Watson REST API Guidelines.
- Microsoft REST API Guidelines.
- Zalando RESTful API and Event Scheme Guidelines
- gov.uk API technical and data standards
When you are using a REST design you have to provide the HTTP status code that are the more appropriated to respond to the request.
- HTTP Status code table in RESTAPITutorial.
- httpstatuses.com
- Status code definition in W3C.
- HTTP Status Code Guides
- Auth Boss – Learn about different authentication methodologies on the web.
- Authentication Cheat Sheet.
- The Problem With API Authentication in Express.
- Web Authentication Methods Explained.
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.
- 10 Things You Should Know about Tokens.
- Cookies vs Tokens.
- JWT Draft in IETF.
- JWT.io.
- Using JSON Web Tokens as API Keys.
- Why Meteor doesn't use session cookies.
- Guide on API authentication and authorization.
An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications
- Caching best practices & max-age gotchas.
- Increasing Application Performance with HTTP Cache Headers.
- Using Cloudflare with your API.
- Helmet, help secure Express/Connect apps with various HTTP headers.
- APISecurityBestPractices.
- Node Security Project.
- Node.js Security Checklist.
- HAL – Simple format that gives a consistent and easy way to hyperlink between resources in your API (see: HATEOAS).
- Hydra – Vocabulary for Hypermedia-Driven Web APIs (W3C).
- JSend – Simple specification that lays down some rules for how JSON responses from web servers should be formatted.
- JSON API – Standard for building APIs in JSON.
- JSON-LD – Standard for describing Linked Data and hypermedia relations in JSON (W3C).
- OData – Open protocol to allow the creation and consumption of queryable and interoperable RESTful APIs. Quite complex.
- RAML – Simple and succinct way to describe RESTful API.
- Schema.org – Collection of schemas describing common data models.
Need a API for your projects?
- Awesome APIs Directory – A public list of APIs from round the web.
- public apis – A collective list of public JSON APIs for use in web development.
- apis.io – API Search service to help discover APIs on the web.
- ProgrammableWeb.
- Firecamp – Protocol agnostic API testing client which help you test and manage RestAPIs, GraphQL, Websocket and many more.
- httpie – Command line HTTP client, far more dev-friendly than curl.
- HttpMaster – GUI tool for testing REST APIs and services. Windows OS only.
- jq – Command line JSON processor, to use in combination with a command-line HTTP client like cURL.
- Insomina – A Fancy HTTP REST Client.
- resty – Little command line REST client that you can use in pipelines (bash or zsh).
- TestMace – A modern powerful crossplatform tool for working with API and creating automated API tests.
- Beeceptor - Beeceptor helps intercepting API calls and mocking them selectively. Creates an endpoint for wrapping original API and routes requests.
- FakeRest – Patch XMLHttpRequest to fake a REST API client-side.
- JSON Placeholder – Free online REST service that you can use whenever you need some fake data.
- json-server – Get a full fake REST API with zero coding in less than 30 seconds.
- Mocky.io – Free online service to create fake HTTP responses.
- FakeQL – Mainly focused on GraphQL, but can mock RESTful APIs, as well.
- PIPL API – Free and public API that generates random and fake people's data in JSON
- API Mocha - Free online service providing fake REST API endpoints, create customizable responses and download rules as a Postman collection.
- httpstat.us – A super simple service for generating different HTTP codes.
- httpbin – httpbin(1): HTTP Request & Response Service.
- badssl – Testing clients against bad SSL configs.
One of the most important part of your API is have a good documentation and updated with the code.
- PM2 by keymetrics.
- morgan for expressjs.
- Moesif API Analytics. Log and Understand API Traffic.
Based in DDD (Domain Driven Development). Generates automatically API's in different languages.
- Alteranatives to API Plug – 9 alternative and related products to api plug.
- Apiary – Collaborative design, instant API mock, generated documentation, integrated code samples, debugging and automated testing.
- wrapAPI, Build an API on top of any website.
- import.io, turn web pages into Data.
- RAML, RESTful API Modeling Language.
- Runscope – Automated API Monitoring & Testing.
- swagger.io.
Used it to improve your workflow
- hello.js – A client-side Javascript SDK for authenticating with OAuth2.
- nock – HTTP Server mocking for Node.js
- node-ratelimiter – Rate limiter for Node.js backed by Redis.
- node-uuid – Simple and fast generation of UUIDS.
- Supertest – Super-agent driven library for testing HTTP servers.
Designed specifically for building RESTful API's Quickly.
Manage API infrastructure concerns such as authentication/authorization, rate limiting, scaling, analytics, etc.