![]() Some APIs, like Facebook's Graph API, always return a 200 status code, with the error being included in the response data. They go the extra mile and include links in their responses, so the error message is concise while still providing the developer with more information in case they need it.Īs API consumers, we need to be careful and not assume that an API 200 status code means the request made a successful call and returned the information we want. Twilio is a great example of best practices for status code and error messages. Beyond that, keep your particular developer audience in mind and try to meet their expectations." ![]() 200, 400, 500) and should augment with status codes that have specific, actionable meaning across multiple APIs. Another great advice by Steve is: "Following this pragmatic approach, APIs should probably use at least 3 status codes (e.g. Steve Marx had this to say in " How many HTTP status codes should your API use?": ".developers will have an easier time learning and understanding an API if it follows the same conventions as other APIs they’re familiar with." As an API provider, you don't have to implement 70+ different status codes. Good usage of HTTP status code and clear error messages may not be sexy, but it can be the difference between a developer evangelizing your API and an angry tweet. After an hour banging my head against the wall, I realized I hadn't paid attention to the docs and forgot to include an Authorization header with a base64 encoded string of my application's client_id and client_secret. ![]() The code grant flow would return an error message saying that my request was invalid, but it wouldn't give me any more details. I ran into this issue a couple of weeks ago while trying to retrieve an API's access token. A bad API error message will cause an increase in blood pressure, along with a high number of support tickets and wasted time. Unexpected error codesĪ good API error message will allow developers to quickly find why, and how, they can fix a failed call. If you're unsure why you should do it, or don't think you should because you're not transmitting any sensitive data, I highly recommend reading " Why HTTPS for Everything?" from CIO.gov. The process for getting certificates used to be a hassle, but with solutions like Let's Encrypt and Cloudflare, there's no excuse to not support HTTPS. If you're asking yourself if your API should support HTTPS, then the answer is yes. Another step you can take is to use a tool like Hitch, which lets you follow certain APIs and be notified if anything changes. Good API providers will let users know beforehand via email and any social media channels they have. Node.js `request` module, for example, will follow GET redirects by default, but you have to explicitly set `followAllRedirects` to `true` if you want to follow redirects to POST and other methods.ĪPIs may also stop supporting HTTP, so it's important to stay up-to-date with any changes. For example, some APIs redirect HTTP traffic to their HTTPS counterpart, but not all frameworks will be configured to follow a 302 status code. Some APIs may only support HTTPS, while others may support HTTP for some endpoints and not others.Įven when an API supports both, you might still run into some errors. Using instead of Forgetting a single "s" can get you in a lot of trouble when testing an API. Here's our list of 6 common mistakes that can catch you off guard, why they happen, and how you can avoid them: 1. Working with thousands of developers to resolve their API problems has given us unique insight into issues they often see when integrating and interacting with APIs. Our testing and monitoring tools can help you uncover issues that would otherwise stay hidden by a lack of integration tests, or real-world use case scenarios. We can make false assumptions about how an endpoint should work, not read the docs closely enough, or just not have enough coffee that morning to parse an error message. And we, as developers, sometimes make mistakes. ![]() On the other side of the table, we have developers interacting with these APIs. You need great docs, clear and concise error messages, and to meet developers' expectations of how your API should work. However, building a truly secure, sturdy, hearty API, can take a little more work, just as a chef takes more time when crafting a great meal. Frameworks like Express, Flask, and Sinatra combined with Heroku or zeit's now help any developer have an API up and running in a few minutes. Have you ever used an API that returned an HTML error page instead of the JSON you expected, causing your code to blow up? What about receiving a 200 OK status code with a cryptic error message in your response?īuilding an API can be as quick as serving fast food.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |