• This repository has been archived on 03/Mar/2022
  • Stars
    star
    3,081
  • Rank 14,604 (Top 0.3 %)
  • Language
  • Created almost 12 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

White House Web API Standards

Guidelines

This document provides guidelines and examples for White House Web APIs, encouraging consistency, maintainability, and best practices across applications. White House APIs aim to balance a truly RESTful API interface with a positive developer experience (DX).

This document borrows heavily from:

Pragmatic REST

These guidelines aim to support a truly RESTful API. Here are a few exceptions:

RESTful URLs

General guidelines for RESTful URLs

  • A URL identifies a resource.
  • URLs should include nouns, not verbs.
  • Use plural nouns only for consistency (no singular nouns).
  • Use HTTP verbs (GET, POST, PUT, DELETE) to operate on the collections and elements.
  • You shouldn’t need to go deeper than resource/identifier/resource.
  • Put the version number at the base of your URL, for example http://example.com/v1/path/to/resource.
  • URL v. header:
    • If it changes the logic you write to handle the response, put it in the URL.
    • If it doesn’t change the logic for each response, like OAuth info, put it in the header.
  • Specify optional fields in a comma separated list.
  • Formats should be in the form of api/v2/resource/{id}.json

Good URL examples

Bad URL examples

HTTP Verbs

HTTP verbs, or methods, should be used in compliance with their definitions under the HTTP/1.1 standard. The action taken on the representation will be contextual to the media type being worked on and its current state. Here's an example of how HTTP verbs map to create, read, update, delete operations in a particular context:

HTTP METHOD POST GET PUT DELETE
CRUD OP CREATE READ UPDATE DELETE
/dogs Create new dogs List dogs Bulk update Delete all dogs
/dogs/1234 Error Show Bo If exists, update Bo; If not, error Delete Bo

(Example from Web API Design, by Brian Mulloy, Apigee.)

Responses

  • No values in keys
  • No internal-specific names (e.g. "node" and "taxonomy term")
  • Metadata should only contain direct properties of the response set, not properties of the members of the response set

Good examples

No values in keys:

"tags": [
  {"id": "125", "name": "Environment"},
  {"id": "834", "name": "Water Quality"}
],

Bad examples

Values in keys:

"tags": [
  {"125": "Environment"},
  {"834": "Water Quality"}
],

Error handling

Error responses should include a common HTTP status code, message for the developer, message for the end-user (when appropriate), internal error code (corresponding to some specific internally determined ID), links where developers can find more info. For example:

{
  "status" : 400,
  "developerMessage" : "Verbose, plain language description of the problem. Provide developers
   suggestions about how to solve their problems here",
  "userMessage" : "This is a message that can be passed along to end-users, if needed.",
  "errorCode" : "444444",
  "moreInfo" : "http://www.example.gov/developer/path/to/help/for/444444,
   http://drupal.org/node/444444",
}

Use three simple, common response codes indicating (1) success, (2) failure due to client-side problem, (3) failure due to server-side problem:

  • 200 - OK
  • 400 - Bad Request
  • 500 - Internal Server Error

Versions

  • Never release an API without a version number.
  • Versions should be integers, not decimal numbers, prefixed with ‘v’. For example:
    • Good: v1, v2, v3
    • Bad: v-1.1, v1.2, 1.3
  • Maintain APIs at least one version back.

Record limits

  • If no limit is specified, return results with a default limit.
  • To get records 51 through 75 do this:

Information about record limits and total available count should also be included in the response. Example:

{
    "metadata": {
        "resultset": {
            "count": 227,
            "offset": 25,
            "limit": 25
        }
    },
    "results": []
}

Request & Response Examples

API Resources

GET /magazines

Example: http://example.gov/api/v1/magazines.json

Response body:

{
    "metadata": {
        "resultset": {
            "count": 123,
            "offset": 0,
            "limit": 10
        }
    },
    "results": [
        {
            "id": "1234",
            "type": "magazine",
            "title": "Public Water Systems",
            "tags": [
                {"id": "125", "name": "Environment"},
                {"id": "834", "name": "Water Quality"}
            ],
            "created": "1231621302"
        },
        {
            "id": 2351,
            "type": "magazine",
            "title": "Public Schools",
            "tags": [
                {"id": "125", "name": "Elementary"},
                {"id": "834", "name": "Charter Schools"}
            ],
            "created": "126251302"
        }
        {
            "id": 2351,
            "type": "magazine",
            "title": "Public Schools",
            "tags": [
                {"id": "125", "name": "Pre-school"},
            ],
            "created": "126251302"
        }
    ]
}

GET /magazines/[id]

Example: http://example.gov/api/v1/magazines/[id].json

Response body:

{
    "id": "1234",
    "type": "magazine",
    "title": "Public Water Systems",
    "tags": [
        {"id": "125", "name": "Environment"},
        {"id": "834", "name": "Water Quality"}
    ],
    "created": "1231621302"
}

POST /magazines/[id]/articles

Example: Create – POST http://example.gov/api/v1/magazines/[id]/articles

Request body:

[
    {
        "title": "Raising Revenue",
        "author_first_name": "Jane",
        "author_last_name": "Smith",
        "author_email": "[email protected]",
        "year": "2012",
        "month": "August",
        "day": "18",
        "text": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam eget ante ut augue scelerisque ornare. Aliquam tempus rhoncus quam vel luctus. Sed scelerisque fermentum fringilla. Suspendisse tincidunt nisl a metus feugiat vitae vestibulum enim vulputate. Quisque vehicula dictum elit, vitae cursus libero auctor sed. Vestibulum fermentum elementum nunc. Proin aliquam erat in turpis vehicula sit amet tristique lorem blandit. Nam augue est, bibendum et ultrices non, interdum in est. Quisque gravida orci lobortis... "
    }
]

Mock Responses

It is suggested that each resource accept a 'mock' parameter on the testing server. Passing this parameter should return a mock data response (bypassing the backend).

Implementing this feature early in development ensures that the API will exhibit consistent behavior, supporting a test driven development methodology.

Note: If the mock parameter is included in a request to the production environment, an error should be raised.

JSONP

JSONP is easiest explained with an example. Here's one from StackOverflow:

Say you're on domain abc.com, and you want to make a request to domain xyz.com. To do so, you need to cross domain boundaries, a no-no in most of browserland.

The one item that bypasses this limitation is <script> tags. When you use a script tag, the domain limitation is ignored, but under normal circumstances, you can't really DO anything with the results, the script just gets evaluated.

Enter JSONP. When you make your request to a server that is JSONP enabled, you pass a special parameter that tells the server a little bit about your page. That way, the server is able to nicely wrap up its response in a way that your page can handle.

For example, say the server expects a parameter called "callback" to enable its JSONP capabilities. Then your request would look like:

    http://www.xyz.com/sample.aspx?callback=mycallback

Without JSONP, this might return some basic javascript object, like so:

    { foo: 'bar' }

However, with JSONP, when the server receives the "callback" parameter, it wraps up the result a little differently, returning something like this:

    mycallback({ foo: 'bar' });

As you can see, it will now invoke the method you specified. So, in your page, you define the callback function:

    mycallback = function(data){
        alert(data.foo);
    };

http://stackoverflow.com/questions/2067472/what-is-jsonp-all-about?answertab=votes#tab-top

More Repositories

1

petitions

Drupal installation profile powering We The People at petitions.whitehouse.gov
JavaScript
1,144
star
2

wh-app-ios

Objective-C
671
star
3

fb_messenger_bot

This Drupal module provides a tool to build a chat bot to work on Facebook's Messenger Platform.
PHP
562
star
4

budgetdata

The data behind the President's 2016 Budget
541
star
5

wh-app-android

Java
406
star
6

fortyfour

7.x base theme for White House sites
CSS
336
star
7

source-code-policy

Federal Source Code Policy
CSS
249
star
8

fitara

Management and Oversight of Federal IT Resources
CSS
107
star
9

omb_place

Federal Place-based Initiatives Map
CSS
47
star
10

datacenters

Data Center Optimization Initiative (DCOI) Memo
JavaScript
20
star
11

CIOmanagement

Management and Oversight of Federal Information Technology
SCSS
17
star
12

ndoch-hackathon

15
star
13

education-compliance-reports

Python
13
star
14

buildmanager

Note: This project is in active development. Documentation may not be totally up to date. Stable release (and corresponding documentation) hopefully coming soon.
PHP
12
star
15

drushsubtree

Note: This project is in active development. Documentation may not be totally up to date. Stable release (and corresponding documentation) hopefully coming soon.
9
star
16

heartbleed

PHP
9
star
17

write-api-beta-testing

9
star
18

twitterapi

Drupal module with a simple interface for Twitter's REST API
9
star
19

services_documentation

PHP
8
star
20

cyber-acquisitions

CSS
7
star
21

tweetserver

Drupal install profile to grab tweets and push up to a CDN for redistribution.
PHP
6
star
22

webform_submit_button

The webform_submit_button module for Drupal
6
star
23

shunt

PHP
5
star
24

petitions_thermometer

Sheldon Rampton's project at White House hackathon on 2/22/2013
PHP
5
star
25

choropleth

JavaScript
4
star
26

software-policy

Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing
CSS
4
star
27

logger

Repository for the Drupal Logger module.
PHP
3
star
28

petitions-php-sdk

PHP
3
star
29

petition

This project has been renamed petitionS.
2
star
30

choropleth_dataset

JavaScript
2
star
31

ostp-ai-rfi-responses

Public comments submitted in response to 2016 OSTP RFI on Artificial Intelligence
2
star
32

tweetfetch

Stand-alone version of Tweet Fetch module originally developed for 2014 State of the Union Address as part of Tweet Server, https://github.com/whitehouse/tweetserver.
2
star
33

whrmake

A drush make file for compiling the code necessary to implement much of the functionality of the new responsive whitehouse.gov
1
star
34

ostp-data-portability-rfi-responses

Public comments submitted in response to 2016 OSTP RFI on Data Portability
1
star
35

mobile-policy

Category Management Policy 16-2: Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services
CSS
1
star
36

netstorage

Drupal module to help you sync files up to Akamai NetStorage.
PHP
1
star