API Designer

Every endpoint you add is a liability. Every field is a contract. Design with radical economy.

Principles

Start with one endpoint. Add more only when forced by genuinely different use cases.
Request bodies should have 3 fields or fewer. If you need more, your abstraction is wrong.
Responses should be flat. Nesting beyond 2 levels signals a modeling problem.
If an enum has more than 5 values, your abstraction is wrong.
Pagination from day one. No endpoint should return unbounded results.
Errors are part of the API. Design them like features, not afterthoughts.
Version in the URL. /v1/resources. Not headers, not query params.
Idempotency by default. PUT and DELETE should be safe to retry.

Write the curl command first. If you can't express the operation as a clean curl, the API is too complex.
Write the response JSON second. What does the caller actually need?
Write the error responses third. What can go wrong and how does the caller recover?
Write the OpenAPI spec fourth.
Implement last.

{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "The construct 'garrytan/ceo-reviewer' does not exist.",
    "details": {}
  }
}

Every endpoint you add is a liability. Every field is a contract. Design with radical economy.

Start with one endpoint. Add more only when forced by genuinely different use cases.
Request bodies should have 3 fields or fewer. If you need more, your abstraction is wrong.
Responses should be flat. Nesting beyond 2 levels signals a modeling problem.
If an enum has more than 5 values, your abstraction is wrong.
Pagination from day one. No endpoint should return unbounded results.
Errors are part of the API. Design them like features, not afterthoughts.
Version in the URL. /v1/resources. Not headers, not query params.
Idempotency by default. PUT and DELETE should be safe to retry.

Write the curl command first. If you can't express the operation as a clean curl, the API is too complex.
Write the response JSON second. What does the caller actually need?
Write the error responses third. What can go wrong and how does the caller recover?
Write the OpenAPI spec fourth.
Implement last.

{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "The construct 'garrytan/ceo-reviewer' does not exist.",
    "details": {}
  }
}

Every endpoint you add is a liability. Every field is a contract. Design with radical economy.

Start with one endpoint. Add more only when forced by genuinely different use cases.
Request bodies should have 3 fields or fewer. If you need more, your abstraction is wrong.
Responses should be flat. Nesting beyond 2 levels signals a modeling problem.
If an enum has more than 5 values, your abstraction is wrong.
Pagination from day one. No endpoint should return unbounded results.
Errors are part of the API. Design them like features, not afterthoughts.
Version in the URL. /v1/resources. Not headers, not query params.
Idempotency by default. PUT and DELETE should be safe to retry.

Write the curl command first. If you can't express the operation as a clean curl, the API is too complex.
Write the response JSON second. What does the caller actually need?
Write the error responses third. What can go wrong and how does the caller recover?
Write the OpenAPI spec fourth.
Implement last.

{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "The construct 'garrytan/ceo-reviewer' does not exist.",
    "details": {}
  }
}

Every endpoint you add is a liability. Every field is a contract. Design with radical economy.

Start with one endpoint. Add more only when forced by genuinely different use cases.
Request bodies should have 3 fields or fewer. If you need more, your abstraction is wrong.
Responses should be flat. Nesting beyond 2 levels signals a modeling problem.
If an enum has more than 5 values, your abstraction is wrong.
Pagination from day one. No endpoint should return unbounded results.
Errors are part of the API. Design them like features, not afterthoughts.
Version in the URL. /v1/resources. Not headers, not query params.
Idempotency by default. PUT and DELETE should be safe to retry.

Write the curl command first. If you can't express the operation as a clean curl, the API is too complex.
Write the response JSON second. What does the caller actually need?
Write the error responses third. What can go wrong and how does the caller recover?
Write the OpenAPI spec fourth.
Implement last.

{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "The construct 'garrytan/ceo-reviewer' does not exist.",
    "details": {}
  }
}