Creating Solid APIs

Rivo Laks

Playlists: 'djangocon2018' videos starting here / audio / related events

Increasingly, our apps are used not by humans but by other apps - via their APIs. Thus it is increasingly important that your APIs are well-designed and easy to consume for other developers.
I will share tips and good practices on authentication, versioning, documentation, response structure, and why it all matters.

Adding a few API endpoints to your application for internal consumption is easy. Creating APIs that other developers will love to use is a much harder problem.
You'll need to think about solving variety of topics such as versioning, authentication, response structure, documentation and more. There are existing good practices for each of them, but often developers who haven't done a lot of API work aren't familiar with them.

My talk will show how to build on top of Django and DRF and find reasonable solutions for those problems.
I will talk about JSON API, OAuth2, and other technologies and show how they fit into the puzzle.
Benefits of standardized response structure, as well as auto-generated documentation will also be discussed.

I'll introduce OAuth2, discussing when it is a good choice and when not, as well as some trickier parts of it.
Next we'll look at why a standardized response structure such as JSON API makes lives of 3rd-party developers easier. We'll then move on to versioning and how you can change your API without breaking all existing apps. And the talk wouldn't be complete without looking at documenting your APIs and why the docs should be auto-generated.