A time-traveler is passing by 2013 and she opens a browser bookmark to http://mars.gov/blog/**2056**/11/21/news.html. What HTTP status code does she get back from her response? Well, it’s not going to be 200 OK, because it wasn’t OK with the server. The server couldn’t find the article that the client requested,... [Read More]

When you’re building a Web API, you’re likely going to need to figure out how to provide documentation to your end-users. If you didn’t think of that when you started your project, it can be a real deflating moment when it finally comes to mind. Documentation is boring and tedious.... [Read More]

Cross-site request forgery (CSRF) is a type of security exploit where a user’s web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line... [Read More]

Have you ever been stumped how to design a Web API? There are so many different approaches that you can take for even simple things, like paginating API result sets. If you list out your options, it can be easy to end up in analysis paralysis. I like to remind... [Read More]

When it comes to Web API best practices, idempotency is a pretty easy one to explain. An idempotent API operation is an operation that produces the same effect no matter how many times it is executed. Done, right? Now you know how to use that in your API design, how... [Read More]