by escot on 1/15/24, 4:29 PM with 2 comments
by illuminant on 1/15/24, 6:37 PM
- single entry point (/api/) which delegates dynamically to named resources in a components (or "plugin") folder. (So /api/user/... Is delegated to (app/plugins/user.ext) which may subroute.
- Do not follow full CRUD. Instead only support GET and POST. Use POST to upsert. If no GUID (0), it's new. Delete is a flag (never actually remove records, instead set a delete flag and use that in queries.) (Note: not universally popular yet practical)
- Use ULIDs or UUIDv7+ (serialized, timecoded, good entropy.) If you want to be hard core (best index performance), save in db as binary and convert to conventional format for front end usage.
- do not return a raw data set result, instead return an envelope containing the data set { status, message, data }. Set proper HTTP response headers.
- generate a single use session token on authorization (set in the HTTP request header), use that to track sessions.
- dont use redundant names (/api/user/user_profile) just use /api/user/profile. Seems obvious and yet ...
Hope you find this helpful! Let me know if I haven't addressed something (or to argue about that CRUD COMMENT ;)