## **Resources**

[How_To_Design_Complete_API](https://www.youtube.com/watch?v=7iHl71nt49o)


## **API Design**

<hr>

### **Three Most Common API Style**

<img src='./Notes_Images/types.png'>

### **Difference Between REST and GraphQL**

<img src='./Notes_Images/vs.png'>

<hr>


## **Design Principles of API**

<img src='./Notes_Images/principle.png'>

<img src='./Notes_Images/prin2.png'>

<hr>

### **1. Consistency**

Consistency in API design means using the same conventions and patterns throughout the API. This includes naming conventions, response formats, and error handling. Consistent APIs are easier to understand and use.

### **2. Simplicity**

Simplicity is about making the API easy to use and understand. This can be achieved by reducing the number of endpoints, using clear and concise naming, and providing comprehensive documentation.

### **3. Security**

Security is a critical aspect of API design. This includes implementing authentication and authorization, validating input data, and protecting against common vulnerabilities such as SQL injection and cross-site scripting (XSS).

It is also important to add rate limiting and logging to detect and respond to potential security threats.

### **4. Performance**

Performance is about ensuring that the API responds quickly and can handle a large number of requests. This can be achieved by optimizing database queries, using caching, and minimizing the size of responses.


<hr>


## **API Protocols**

The choice of API protocol can have a significant impact on the performance, scalability, and security of an application. Some common API protocols include:

1. **HTTP/HTTPS**: The most widely used protocol for RESTful APIs. It is simple, stateless, and works well with web technologies.

2. **WebSocket**: A protocol for full-duplex communication channels over a single TCP connection. It is useful for real-time applications like chat and gaming.

3. **GraphQL**: A query language for APIs that allows clients to request only the data they need. It can reduce over-fetching and under-fetching of data.

4. **gRPC**: A high-performance, open-source RPC framework that uses HTTP/2 for transport and Protocol Buffers for serialization. It is suitable for microservices architectures.

5. **SOAP**: A protocol for exchanging structured information in web services. It is more rigid and complex than REST but provides strong security and transaction support.

<hr>

## **API Design Process**

It all starts with understanding the requirements of the application and the needs of the users. This involves gathering input from stakeholders, defining use cases, and identifying the data and functionality that the API must provide.

Once the requirements are clear, the next step is to design the API endpoints, including the request and response formats, authentication mechanisms, and error handling strategies. This design should be documented and reviewed with stakeholders to ensure it meets their needs.

<hr>

**1. Identify the core use cases and user stories**

- Gather input from stakeholders to understand their needs and expectations.

- Define user stories that describe how different users will interact with the API.

- Prioritize use cases based on their importance and impact on the application.

**2. Define Scope and Boundaries**

- Clearly outline the API's scope, including the resources it will expose and the operations it will support.

- Define the boundaries of the API, including any limitations or constraints that may impact its design and implementation.

**3. Determine Performance and Scalability Requirements**

- Identify the expected load on the API, including the number of users and the frequency of requests.

- Define performance metrics, such as response time and throughput, that the API must meet.

- Consider scalability requirements, including the ability to handle increased load and the potential need for horizontal scaling.

**Consider Security and Compliance Requirements**

- Identify any security requirements, such as authentication and authorization mechanisms, that the API must implement.

- Consider compliance requirements, such as data protection regulations, that may impact the API's design and implementation.

<hr>

## **Design Approaches**

There are couple of design approaches to consider when building an API:

**1. Top-down Design**: This approach starts with defining the high-level API endpoints and their interactions before diving into the details of the implementation. It is useful for ensuring that the API design aligns with the overall application architecture and user needs.

**2. Bottom-up Design**: In this approach, developers start by implementing the underlying data models and services before exposing them through API endpoints. This can be beneficial for leveraging existing functionality and ensuring that the API is built on a solid foundation.

**3. API-first Design**: This approach emphasizes designing the API contract (e.g., using OpenAPI specifications) before any implementation occurs. It encourages collaboration between frontend and backend teams and helps ensure that the API meets user needs from the outset.

**4. Event-driven Design**: In this approach, the API is designed around events and asynchronous communication. This can be useful for building reactive applications and microservices architectures.

**5. Versioned Design**: This approach involves designing the API with versioning in mind from the beginning. It allows for backward compatibility and smoother transitions when introducing breaking changes.
