Invariants

Invariants specify certain conditions that have to exist to perform an operation. For example, all users must be authenticated, or all responses must be encoded, are examples of invariants. These conditions may exist before or after the operation, but they act as constraints and must be present for the service to render a response.

Okay, that's a good enough start. By taking these principles and applying them to our web APIs we can build solid state APIs that are client aware and more efficiently perform their discrete tasks.

Building a Good API

What we really want, in the end, is a good API. In fact, it needs to be good. Good APIs get used, and used APIs get reused. So to get this ball rolling it is important to design our API and get it right from the beginning.

But how do we make it good? Well, for starters, keep it simple. Simple is good—everyone likes simple. Simple is the difference between:

Person.communicate.translate.languageChoice.english.say("Hello");

and:

say("hello");

Simple is, well, simple. Simple is clean. Simple is easy to learn. Simple is easy to read. Simple is easy to extend. Simple is also usually small.

Small is also good. By concentrating on one thing at a time, we make everything easier, including security. Basically we want the Charles Emerson Winchester III of APIs, "I do one thing, I do it very well, and then I move on." Small also means there is less surface area to protect, so, yeah, simple and small.

By keeping things simple and small, ideally, our ...

Get Securing Ajax Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Securing Ajax Applications by Christopher Wells

Invariants

Building a Good API

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly