Modern software are built on API-first policy. Without APIs your product is isolated in its own boundaries. In this post I disucss essential things you need to engineer your APIs elegantly and build robust systems.


Well-crafted APIs

✨ Check this post on A survival kit to beat APIs interview by Raul Junco. Though this article is written in an β€œinterview prep” way, but it’s a masterpiece on elegant API design and engineering, covering nearly all the important topics.

βœ… CRUD operations and HTTP verb
βœ… HTTP status codes and the ones which are most frequently used
βœ… Stateless APIs
βœ… Different ways you can secure your APIs using AuthN and AuthZ, rate limiting, input validation, HTTPS and encrypting data on storage
βœ… API Keys (for application identification) vs tokens (for user identification)
βœ… Versioning your APIs either by URL based versioning or using custom headers
βœ… Pagination using limit-offset, cursor, page numbers or keysets
βœ… Rate Limiting and why it is important
βœ… Idempotency and ensuring it with an IdempotencyKey added by the client for each request, that violates a unique constraint on the database when executed more than once
βœ… Ways to make your APIs faster using caching on the client, server, or CDN, distributed caching, query optimization, connection pooling, data serialization and compressiong
βœ… Documenting APIs using OpenAPI (Swagger) including endpoint descriptions, req-res examples, query parameters, headers, error codes, etc


Secure your APIs

✨ Next, this post on Siz strategies to build secure APIs by Saurabh Dashora. Must read! Describes six strategies that help you bullet-proof your APIs:

βœ… Using HTTPs
βœ… Rate limiting and throttling
βœ… Validation of inputs
βœ… AuthN and AuthZ
βœ… Role-based access control (RBAC)
βœ… Monitoring and logging


Manage transactions

✨ We can’t imagine a software system that doesn’t use a database.. and with database, comes the responsibility to manage data and transactions. Another article by Raul Junco on Transaction Isolation.

βœ… What transactions are
βœ… Read Write anomalies: Dirty reads, non-repeatable reads, phantom reads and write skew
βœ… Transaction Isolation Levels: Read uncommitted, read committed, repeatable read and serializable.
βœ… Performance trade-offs
βœ… Choosing isolation levels


Well maintained caching

✨ Improving application and API performance need caching. We need to cache data at many levels. This can quickly start becoming an overhead as we cache more and more data. Wisdom says, you cache what is frequently required, and remove anything that’s not required often. However, as scenarios call for it, there could be needs for different strategies. Read on Seven cache eviction strategies by Ashish Pratap Singh.

βœ… Least recently used (LRU)
βœ… Least frequently used (LFU)
βœ… First In, First Out (FIFO)
βœ… Random replacement (RR)
βœ… Most recently used (MRU)
βœ… Time to live (TTL)
βœ… Two-tiered caching


Deal with entropy

✨ Like any other machine, software (an intangible machine with moving parts) quality and maintainability degrade overtime. I asked ChatGPT for a very short summary on Software Entropy:

In software, entropy refers to the increasing disorder, complexity, or unpredictability within a system over time. In software design, high entropy means the code becomes harder to understand, maintain, or extend, often due to quick fixes, poor documentation, or lack of refactoring. This leads to software rot and reduced reliability.

Read on how to Embrace Software Entropy by Petar Ivanov.

βœ… Accept that change is inevitable
βœ… Build for now (very very very important!)
βœ… Stay flexible
βœ… Embrace entropy


The software industry has many people of wisdom who write technical articles like above. Thanks to all the authors. I try to collect such well crafted knowledge articles and document them on this blog.