API Header best practices











up vote
1
down vote

favorite












I have recently started my journey with API designing.
We are designing RESTful APIs. Have few questions related to API header, best practices for API Header, Query parameters, GET Vs POST?



What are the best practices to keep a clean and simple header? According to me have classified header as below:



• Standard header Parameters : Accept, Accept-Language, Accept-Charset, etc..
○ Request Header
○ Response Header
• Security Header Parameters - Parameter names/values related to security
• Custom Header Parameters - Parameter names/values related to application specific
• On demand Header Parameters - For e.g., Parameter names/values related to CORS,Cache, etc..


Is custom header() is a good idea to use ?
Versioning - is a good to keep in URL or header ?
While using GET, if the parameters are contains sensitive/secured information it is not safe to pass through URL, especially in this case is it good to use POST instead of GET, and all the parameters can be passed through body instead of header.? Do we have any disadvantages here ?



We have few REST services (exposed to presentation layer) are integrated with SOAP services and the responses are converting from SOAP to REST (while displaying to UI layer) and all the custom header parameters are in SOAP, is it safe to keep in part of URL. Or is it better to keep a custom header in REST and do the SOAP REST transformation ?



I'm looking for your guidance/response.



Thanks in advance !!










share|improve this question


























    up vote
    1
    down vote

    favorite












    I have recently started my journey with API designing.
    We are designing RESTful APIs. Have few questions related to API header, best practices for API Header, Query parameters, GET Vs POST?



    What are the best practices to keep a clean and simple header? According to me have classified header as below:



    • Standard header Parameters : Accept, Accept-Language, Accept-Charset, etc..
    ○ Request Header
    ○ Response Header
    • Security Header Parameters - Parameter names/values related to security
    • Custom Header Parameters - Parameter names/values related to application specific
    • On demand Header Parameters - For e.g., Parameter names/values related to CORS,Cache, etc..


    Is custom header() is a good idea to use ?
    Versioning - is a good to keep in URL or header ?
    While using GET, if the parameters are contains sensitive/secured information it is not safe to pass through URL, especially in this case is it good to use POST instead of GET, and all the parameters can be passed through body instead of header.? Do we have any disadvantages here ?



    We have few REST services (exposed to presentation layer) are integrated with SOAP services and the responses are converting from SOAP to REST (while displaying to UI layer) and all the custom header parameters are in SOAP, is it safe to keep in part of URL. Or is it better to keep a custom header in REST and do the SOAP REST transformation ?



    I'm looking for your guidance/response.



    Thanks in advance !!










    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I have recently started my journey with API designing.
      We are designing RESTful APIs. Have few questions related to API header, best practices for API Header, Query parameters, GET Vs POST?



      What are the best practices to keep a clean and simple header? According to me have classified header as below:



      • Standard header Parameters : Accept, Accept-Language, Accept-Charset, etc..
      ○ Request Header
      ○ Response Header
      • Security Header Parameters - Parameter names/values related to security
      • Custom Header Parameters - Parameter names/values related to application specific
      • On demand Header Parameters - For e.g., Parameter names/values related to CORS,Cache, etc..


      Is custom header() is a good idea to use ?
      Versioning - is a good to keep in URL or header ?
      While using GET, if the parameters are contains sensitive/secured information it is not safe to pass through URL, especially in this case is it good to use POST instead of GET, and all the parameters can be passed through body instead of header.? Do we have any disadvantages here ?



      We have few REST services (exposed to presentation layer) are integrated with SOAP services and the responses are converting from SOAP to REST (while displaying to UI layer) and all the custom header parameters are in SOAP, is it safe to keep in part of URL. Or is it better to keep a custom header in REST and do the SOAP REST transformation ?



      I'm looking for your guidance/response.



      Thanks in advance !!










      share|improve this question













      I have recently started my journey with API designing.
      We are designing RESTful APIs. Have few questions related to API header, best practices for API Header, Query parameters, GET Vs POST?



      What are the best practices to keep a clean and simple header? According to me have classified header as below:



      • Standard header Parameters : Accept, Accept-Language, Accept-Charset, etc..
      ○ Request Header
      ○ Response Header
      • Security Header Parameters - Parameter names/values related to security
      • Custom Header Parameters - Parameter names/values related to application specific
      • On demand Header Parameters - For e.g., Parameter names/values related to CORS,Cache, etc..


      Is custom header() is a good idea to use ?
      Versioning - is a good to keep in URL or header ?
      While using GET, if the parameters are contains sensitive/secured information it is not safe to pass through URL, especially in this case is it good to use POST instead of GET, and all the parameters can be passed through body instead of header.? Do we have any disadvantages here ?



      We have few REST services (exposed to presentation layer) are integrated with SOAP services and the responses are converting from SOAP to REST (while displaying to UI layer) and all the custom header parameters are in SOAP, is it safe to keep in part of URL. Or is it better to keep a custom header in REST and do the SOAP REST transformation ?



      I'm looking for your guidance/response.



      Thanks in advance !!







      api






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 12 at 10:59









      bkr

      62




      62





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53260713%2fapi-header-best-practices%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53260713%2fapi-header-best-practices%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Guess what letter conforming each word

          Port of Spain

          Run scheduled task as local user group (not BUILTIN)