
Ask HN: How do you prefer to structure web APIs? - osrec
I&#x27;ve seen people use the full suite of HTTP verbs and headers, and follow REST principles down to a tee. I&#x27;ve seen others send everything as a Post request (to prevent caching) with a JSON payload that contains all the needed info to execute the request, including in some cases, an authorisation token as well.<p>So, people of HN, how best do you like to structure your web APIs?
======
sandreas
My advice is: Use standards and don't reinvent the wheel. There are plenty of
them...

[https://jsonapi.org/](https://jsonapi.org/)

[https://github.com/OAI/OpenAPI-Specification](https://github.com/OAI/OpenAPI-
Specification)

[http://json-schema.org/](http://json-schema.org/)

[https://graphql.org/learn/](https://graphql.org/learn/)

...

And for authentication and authorisation use oauth:

[https://oauth.net/2/](https://oauth.net/2/)

and prevent states and cookies (!) - use tokens and headers instead.

There is no "BEST" option in my opinion, but [https://api-
platform.com/](https://api-platform.com/) is a good place to start for getting
things done... and perhaps search for HATEOAS libs in the programming language
of your choice.

