From 08b985806b49f2a4c9e9265fa2874cf584c851d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Barrado=20Gonz=C3=A1lez?= Date: Wed, 19 Oct 2022 16:41:35 +0200 Subject: [PATCH 1/4] Update API-design-guidelines.md - Added versioning control of rest parts involved in Apification projects. - X-Correlator architecture header changed to optional from required --- .../Working/API-design-guidelines.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Commonalities/documentation/Working/API-design-guidelines.md b/Commonalities/documentation/Working/API-design-guidelines.md index 870285a5..fe990878 100644 --- a/Commonalities/documentation/Working/API-design-guidelines.md +++ b/Commonalities/documentation/Working/API-design-guidelines.md @@ -475,7 +475,20 @@ API implementation versioning will follow semantic versioning. Given a `MAJOR.MI 1) The `MAJOR` version when you make an incompatible API change. 2) The `MINOR` version when you add functionality that is backwards compatible. 3) The `PATCH` version when you fix backward compatible bugs. -As a recommendation tags for pre-release and final software are available as extensions to the `MAJOR.MINOR.PATCH` format. (Ex. 1.0.0.RELEASE, 1.0.1.SNAPSHOT) + +Related to the versioning of rest parts involved in Apification projects, best practises are detailed below: + +SHARED CODE ON REPOSITORIES + +1) MAJOR - Major of API Contract +2) MINOR - Minor of API Contract +3) PATCH - New Updates / Contributions of shared code + +MICROSERVICE DEPLOYMENTS (NOT MANDATORY BUT RECOMMENDED) + +1) MAJOR - Major of API Contract +2) MINOR - Minor of API Contract +3) PATCH - New Microservice Deployments ### 5.2 Backwards and Forward Compatibility @@ -690,7 +703,7 @@ With the aim of standardizing the request observability and traceability process | Name | Description | Type | Pattern | Longitude | Required | Example | |---|---|---|---|---|---|---| | `X-Version` | Service version indentificator | String| N/A | | No | | -| `X-Correlator`| Service correlator to make observability| String | UUID (8-4-4-4-12) | Max 36 | Yes | b4333c46-49c0-4f62-80d7-f0ef930f1c46 | +| `X-Correlator`| Service correlator to make observability| String | UUID (8-4-4-4-12) | Max 36 | No | b4333c46-49c0-4f62-80d7-f0ef930f1c46 | | `Authorization` | Contains Access token |String | JWT| N/A | Yes | Bearer eyJhbGciOiJIUzI1NiIsIn... | | `Content-Language` | Describe the language(s) intended for the audience | String | ISO 639-1 | | No | es | | `Accept-Language` | Indicates the natural language and locale that the client prefers | String | N/A | | No | | From 7e89e704d92d7acc54745c49aa589ba0b150bfd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Barrado=20Gonz=C3=A1lez?= Date: Thu, 10 Nov 2022 11:47:13 +0100 Subject: [PATCH 2/4] Update API-design-guidelines.md According to VF comments, we update Guidelines in next titles: 6 - Versioning 8.3 - Filtering --- .../Working/API-design-guidelines.md | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/Commonalities/documentation/Working/API-design-guidelines.md b/Commonalities/documentation/Working/API-design-guidelines.md index fe990878..cc133ee7 100644 --- a/Commonalities/documentation/Working/API-design-guidelines.md +++ b/Commonalities/documentation/Working/API-design-guidelines.md @@ -546,6 +546,7 @@ Tho ensure this compatibility, the following must be followed. In order to guarantee interoperability, one of the most important points is to carry out error management aimed at strictly complying with the error codes defined in the HTTP protocol. An error representation must not be different from the representation of any resource. A main error message is defined, with JSON structure with the following fields: +- A field "`status`", which can be identified in the response as a standard code from list of Hypertext Transfer Protocol (HTTP) response status codes. - A unique error "`code`", which can be identified and traced for more details. It must be human readable; therefore, it must not be a numeric code. In turn, to achieve a better location of the error, you can reference the value or field that is causing it, and include it in the message. - A detailed description of "`message`" @@ -553,6 +554,7 @@ A JSON error structure is proposed below: ```json { + "status": "400", "code": "INVALID_ARGUMENT", "message": "A human readable description of what the event represent" } @@ -667,18 +669,20 @@ Next, it is specified how it should be used according to the filtering based on | **Operation** | Text | Numbers | Dates | | ----- | ----- | ----- | ----- | | Equal | `GET .../?name=Juan` | `GET .../?amount=807.24` | `GET .../?executionDate=2018-30-05` | -| Greater or equal | N/A | `GET .../?fromAmount=807.24` | `GET.../?fromExecutionDate=2018-30-05` | -| smaller or equal | N/A | `GET .../?toAmount=807.24` | `GET.../?toExecutionDate=2018-30-05` | +| Greater or equal | N/A | `GET .../?amount.gte=807.24` | `GET.../?execution_date.gte=2018-30-05` | +| Strictly greater | N/A | `GET .../?amount.gt=807.24` | `GET.../?execution_date.gt=2018-30-05` | +| smaller or equal | N/A | `GET .../?amount.lte=807.24` | `GET.../?execution_date.lte=2018-30-05` | +| Strictly smaller | N/A | `GET .../?amount.lt=807.24` | `GET.../?execution_date.lt=2018-30-05` | |Contains | `GET .../?name=~Juan` |N/A | N/A | **Additional rules**: - The operator "`&`" is evaluated as an AND between different attributes. - A Query Param (attribute) can contain 1 or n values separated by "`,`". -- For operations on numeric, date or enumerated fields, the use of the prefixes “from” and “to” will be allowed, which will act as comparators for “greater than or equal to” and “less than or equal to”. +- For operations on numeric, date or enumerated fields, the use of the suffixes `.(gte|gt|lte|lt)$` will be allowed, which will act as comparators for “greater - equal to, greater than, smaller - equal to, smaller than”. **Examples**: -- Equals: to search for users with first name "david" and last name "munoz": +- Equals: to search users with first name "david" and last name "munoz": - `GET /users?name=david&surname=munoz` - `GET /users?name=David,Noelia` - Search for several values separating them by "`,`". @@ -687,12 +691,12 @@ Next, it is specified how it should be used according to the filtering based on - Search for the exact name "dav" - `GET /users?name=~dav` - Look for names that include "dav" -- Greater than / less than: new attribute will be created and it will be preceded with a "from" and a "to". - - `GET /users?fromCreatrionDate=2021-01-01T00:00:00` +- Greater than / less than: new attribute will be created and it will be preceded with the suffixes .(gte|gt|lte|lt)$. + - `GET /users?creation_date.gte=2021-01-01T00:00:00` - Find users with creation Date greater than 2021 - - `GET /users?toCreationDate=2021-11-31T23:59:59` + - `GET /users?creation_date.gt=2021-11-31T23:59:59` - Find users with creationDate less than 2022 - - `GET /users?fromCreationDate=2020-01-01T00:00:00&toCreationDate=2021-11-31T23:59:59` + - `GET /users?creation_date.gte=2020-01-01T00:00:00&creation_date.lte=2021-11-31T23:59:59` - Search for users created between 2020 and 2021 From 8421d50bb6c80898e16a5948c6e8f48ced2b1b87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Barrado=20Gonz=C3=A1lez?= Date: Thu, 10 Nov 2022 16:02:44 +0100 Subject: [PATCH 3/4] Update API-design-guidelines.md Added 206 and 503 https codes --- Commonalities/documentation/Working/API-design-guidelines.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Commonalities/documentation/Working/API-design-guidelines.md b/Commonalities/documentation/Working/API-design-guidelines.md index cc133ee7..7ebc7e62 100644 --- a/Commonalities/documentation/Working/API-design-guidelines.md +++ b/Commonalities/documentation/Working/API-design-guidelines.md @@ -268,6 +268,7 @@ Common errors are captured in the table below. | 202 | 202 (Accepted) code indicated that the request has been accepted to be processed, but it has not ended.
Usually, when a `DELETE` is requested but the server cannot make the action immediately. It should applies to async processes. | | 203 | 203 (Unathourized information) code indicated that the request has been successfully, but the attached payload was modified from the 200 (OK) response from the origin server using a transformation proxy.
It is used when data sent in the request could be modified as a third data subset.| | 204 | 204 (No Content) indicated that the server has ended successfully the request and there are nothing to return in the body response.
`POST` -> When used to modify a resource and output is not returned.
`PUT`/`PATCH` -> When used to modify a resource and output is not returned.
`DELETE` -> Resource delete action and output is not returned.
_NOTE: This list of levels MAY be extended with new values. The OpenID Provider (Auth Server) and the APIs used by the Relying Parties (client Applications) MUST be ready to support new values in the future._| +| 206 | 206 (Partial Content) The server has fulfilled the partial GET request for the resource. | 400 | 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something perceived as a client error (for example, malformed request syntax, invalid request message structure, or incorrect routing).
This code must be documented in all the operations in which it is necessary to receive data in the request.| | 401 | 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
This code has to be documented in all API operations that require subscription by a client.| | 403 | 403 (Forbidden) status code indicates that the server understood the request, but is refusing to authorize it. A server that wants to make public why the request was prohibited can describe that reason in the response payload (if applicable).
This code is usually documented in the operations. It will be returned when the OAuth token access is invalid or when the user fails operational security.| @@ -279,6 +280,7 @@ Common errors are captured in the table below. | 500 | Status code 500 (Internal Server Error) indicates that the server encountered an unexpected condition that prevented it from fulfilling the request.
This code must always be documented. It should be used as a general system error.| | 501 | Status code 501 (Not Implemented) indicates that the requested method is not supported by the server and cannot be handled. The only methods that servers require support (and therefore should not return this code) are `GET` and HEAD. | | 502 | Status code 502 (Bad Gateway) indicates that the server, while working as a gateway to get a response needed to handle the request, got an invalid response. | +| 503 | Status code 503 (Service Unavailable) status code indicates that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay. | | 504 | Status code 504 (Gateway Timeout) indicates that the server is acting as a gateway and cannot get a response in time. | ### 3.3 Query Parameters Use From 7b91d79c6d452c30780592fa07be89199ed13c4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Barrado=20Gonz=C3=A1lez?= Date: Wed, 16 Nov 2022 16:16:20 +0100 Subject: [PATCH 4/4] Update API-design-guidelines.md text for 403 errors updated to be more specific. --- Commonalities/documentation/Working/API-design-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Commonalities/documentation/Working/API-design-guidelines.md b/Commonalities/documentation/Working/API-design-guidelines.md index 7ebc7e62..52f3d4b0 100644 --- a/Commonalities/documentation/Working/API-design-guidelines.md +++ b/Commonalities/documentation/Working/API-design-guidelines.md @@ -271,7 +271,7 @@ Common errors are captured in the table below. | 206 | 206 (Partial Content) The server has fulfilled the partial GET request for the resource. | 400 | 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something perceived as a client error (for example, malformed request syntax, invalid request message structure, or incorrect routing).
This code must be documented in all the operations in which it is necessary to receive data in the request.| | 401 | 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
This code has to be documented in all API operations that require subscription by a client.| -| 403 | 403 (Forbidden) status code indicates that the server understood the request, but is refusing to authorize it. A server that wants to make public why the request was prohibited can describe that reason in the response payload (if applicable).
This code is usually documented in the operations. It will be returned when the OAuth token access is invalid or when the user fails operational security.| +| 403 | 403 (Forbidden) status code indicates that the server understood the request, but is refusing to authorize it. A server that wants to make public why the request was prohibited can describe that reason in the response payload (if applicable).
This code is usually documented in the operations. It will be returned when the OAuth token access does not have the required scope or when the user fails operational security.| | 404 | 404 (Not Found) status code indicates that the origin server either did not find a current representation for the target resource or is unwilling to reveal that it exists.
This code will occur on `GET` operations when the resource is not available, so it is necessary to document this return in such situations.| | 405 | 405 (Method Not Allowed) status code indicates that the origin server knows about the method received in the request line, but the target resource does not support it.
This code is documented at the API portal level, it should not be documented at the API level.| | 406 | 406 (Not Acceptable) status code indicates that the target resource does not have a current representation that would be acceptable to the user, based on the proactive negotiation header fields received in the request, and the server is unwilling to provide a predetermined representation. It must be reported when there is no response by default, and header fields are reported to carry out the content negotiation (Accept, Accept-Charset, Accept-Encoding, Accept-Language). |