API design guidelines #72
Conversation
This is to update the guidelines, with some modifications on filtering, pagination, headers, error codes, etc. A .MD file has been also generated, to simplify review
This document reports on guidelines for API design in CAMARA. The discussion regarding user consent management is captured in PR#68 |
|
Doc LGTM. Just some points for the versioning section:
For API spec versioning, we could specify what each digit in the version represents:
|
|
Hi shilpa, My comments bellow:
e.g. V1.0.0 of QoD API contract could have 10 diferent deployments and here you have:
|
|
@shilpa-padgaonkar: let us know whether there are further comments from DT side. |
|
@jordonezlucena : After a discussion in last commonalities call with @RubenBG7, he wanted to provide an updated version of some sections of the doc & also check internally about the versioning topic when service implementation is contributed to Camara. |
| | Name | Description | Type | Pattern | Longitude | Required | Example | | ||
| |---|---|---|---|---|---|---| | ||
| | `X-Version` | Service version indentificator | String| N/A | | No | | | ||
| | `X-Correlator`| Service correlator to make observability| String | UUID (8-4-4-4-12) | Max 36 | Yes | b4333c46-49c0-4f62-80d7-f0ef930f1c46 | |
There was a problem hiding this comment.
I disagree with X-Correlator being mandatory, as API consumers often don't care and just set this to a fixed value. If they don't care, far better that they don't set anything, and let the network do that to ensure a unique value for tracing purposes. Rejecting duplicate X-Correlator values is stateful behaviour, and many API providers won't do this if the request is anyway idempotent.
I can see that there may be cases where the request is not idempotent and the only way to tell between two separate transactions and a duplicated transaction might be such an X-Correlator header, In such a case, the X-Correlator header should indeed be mandatory and duplicates detected and rejected, but this should decided on a case by case basis, and not be mandatory for all API paths.
Incidentally - since 2012, RFC 6648 has deprecated the use of the "X-" prefix for custom headers. It might be worth taking this into account for design guidelines being developed in 2022.
|
Regarding to the API, Repository Code and Microservices deployment versioning, from TEF we share the next proposal: API CONTRACT
SHARED CODE ON REPOSITORIES MAJOR - MAJOR OF API CONTRACT MICROSERVICE DEPLOYMENTS (NOT MANDATORY BUT RECOMMENDED) MAJOR - MAJOR OF API CONTRACT |
|
@RubenBG7 : This is an exact match to us. |
|
@shilpa-padgaonkar and @eric-murray , changes related to versioning and correlator header applied in API Guidelines md and pull request created, |
Is this PR therefore to be closed without merging? There are 2 PRs open on API guidelines. |
|
@RubenBG7 : Should this be marked as duplicate and simply closed? |
|
Simply Closed. Thanks Shilpa |
|
Duplicate of #96 |
|
Under section 8.3 , it seems , we don’t have option for strict greater or less than option. As per TM forum , I believe , following would be easy to follow: .gt > (URL Encoded equivalent : %3E) |
|
Hi Team, Under section 8.1 (Pagination), I believe, X-Total-Count header should be optional unless they're strictly needed for pagination requirement. It seems, browsers only access some response headers by default when it comes to CORS request, the default response headers are the ones listed below:
So we need to set the Access-Control-Expose-Headers header on our server so it will be allowed to be read on your client app for other headers. |
This is to update the guidelines, with some modifications on filtering, pagination, headers, error codes, etc. A .MD file has been also generated, to simplify review.
The related issue is #32