Preparation for deploying API services to the cloud (continued...)

This is a continuation of the previous post. 

18. Conditional modifications –ETags: full response is avoided by the server if the content has not changed.  

19. 
    

20. Absolute Redirects – useful for delegation and automatically enabling client to fulfill their request elsewhere  

20. 
    

21. Link headers or discoverable with links in response content – enables callers to discover as they make the calls and reduces trials and errors.  

21. 
    

22. Canonical URLs – enables consistency and resolution which also works out great for pattern matching 

22. 
    

23. Chunked transfer encoding becomes the only way to request the chunked transfer in HTTP 1 

23. 
    

24. X-HTTP-Method-Override very useful to get past firewall since it is relatively easy to modify parameters 

24. 
    

25. URL less than 2000 characters longer URLs are not only an eye-sore, they are difficult to spot typos  

25. 
    

26. Statelessness  frees the client to maintain state and enables retries 

26. 
    

27. ?format=json the content might be the same, but the format guides the integration with other systems. For example, virtual data warehouses prefer JSON  

27. URI Templates determines patterns that can be exploited 

28. 
    

29. Semantic interpretation to resources: also helps with Semantic search which goes beyond the syntax 

29. 
    

30. Versioning: features usually span releases. Versioning informs breaks a d and adds discoverable information in logs 

30. 
    

31. Authorization: the privilege granted is easy to map to response codes 

31. 
    

32. Bulk operations: reduces individual calls, while gaining the opportunity to the server to handle them differently  

32. 
    

33. Query parameter for limit and offset standardize listing behavior across resources  

33. 
    

34. No Unicode in URLs: enables searchability while reducing errors.  

34. 
    

35. Error logging: this alone reduces costs for the organization in terms of Maintenance 

35. 
    

36. Timestamp. Critical for correlation and establishing order among events.  

36. 
    

37. SSL encryption is a necessity and uses to turn on or off when not at the request level  

37. 
    

38. Retry-After ensures server health while providing a clear directive to the caller.  

38. 
    

39. Prevent DoS security measures help improve the uptime and availability of server 

39. 
    

40. CSRF: prevents forgery and enables compliance with security standards  

40. 
    

41. Testing: browser-based testing is one of the most popular modes of testing 

41. 
    

42. Documentation: one of the must-haves to endear to the developer audience  

42. 
    

43. Logs: All local logs drain via Syslog but the option to use a log index is reserved for large deployments. That instance can be shared across service and application deployments with the separation of indexes, and an investment in a dedicated log index software product will reduce the cost of the operation. 

43. 
    

44. Metrics: Metrics don’t just look good on the operations dashboard. They look good even from the programmability standpoint. This is easy to achieve with a dedicated Grafana, InfluxDB, and SQL stack. Just like a solution for log indexes, a solution for metrics will lower reporting and manageability costs of operations. 

44. Events: Earlier events used to be analyzed exclusively via message brokers. This is now overcome with stream processors with the help of beautiful event processing languages such as Flink and Spark from Apache foundation. Storage and analytics platforms are also savvy about offering an integrated solution for events. 

45. 
    

46. Notifications: No one should try to manually watch the dashboard for breaches in thresholds. That is left to the automation of notifications from events. Notifications can be generated from solutions catering to logs, events, and metrics and this is a one-time cost. 

(...to be continued)