Introduction

A collection of RFCs and other specifications, useful when designing and implementing HTTP APIs.

Summary

Area Spec
HTTP Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
Links Web Linking
Links URI Template
Links IANA Link Relation registry
Generic Media Types JSON Hypertext Application Language
Generic Media Types Siren
Generic Media Types Collection+JSON
Generic Media Types JSON API
Other Media Types Problem Details for HTTP APIs
Other Media Types Home Documents for HTTP APIs
Semantics The ‘profile’ Link Relation Type
Negotiation Prefer Header for HTTP
Caching HTTP Cache-Control Extensions for Stale Content
Security Hypertext Transfer Protocol (HTTP/1.1): Authentication
Security The OAuth 2.0 Authorization Framework
Security The OAuth 2.0 Authorization Framework: Bearer Token Usage
Security OpenID Connect Core 1.0
Security IANA HTTP Authentication Schemes registry
Syntax Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
Syntax Uniform Resource Identifier (URI): Generic Syntax

Specifications

The HTTP protocol

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

From the abstract

The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.

My primary source of information for the semantics of the HTTP main components, such as request methods, status codes and headers.

Web Linking

From the abstract

This document specifies relation types for Web links, and defines a registry for them. It also defines the use of such links in HTTP headers with the Link header field.

This specification defines:

URI Template

From the abstract

A URI Template is a compact sequence of characters for describing a range of Uniform Resource Identifiers through variable expansion. This specification defines the URI Template syntax and the process for expanding a URI Template into a URI reference, along with guidelines for the use of URI Templates on the Internet.

Defines a standard syntax to represent a URI template, which is a descriptions of a range of Uniform Resource Identifiers through variable expansion. Very useful when the server needs to provide the client with a recipe to build URIs instead of a absolute URI. An template example is https://api.github.com/users/{user}, which produces https://api.github.com/users/pmhsfelix when the varible user is replaced with the value pmhsfelix.

The IANA registry with all the standard link relations. This is the place to go when selecting or creating link relations.

Generic media types

JSON Hypertext Application Language

From the abstract

This document proposes a media type for representing resources and their relations with hyperlinks.

One of the first JSON based media types with hypermedia support. Basic support for links and embedded representations. Used by the Amazon API Gateway configuration API.

Siren

From the introduction

Siren is a hypermedia specification for representing entities. As HTML is used for visually representing documents on a Web site, Siren is a specification for presenting entities via a Web API. Siren offers structures to communicate information about entities, actions for executing state transitions, and links for client navigation.

Another JSON based media type with hypermedia support. Compared with HAL, it introduces the concepts of actions (non safe links) and of classes. Used by the Zetta IoT platform.

Collection+JSON

From the description

Collection+JSON is a JSON-based read/write hypermedia-type designed to support management and querying of simple collections.

A more specialized hypermedia enabled media type, designed specifically to manage collections.

JSON API

From the description

A specification for building apis in json.

A JSON based media type with hypermedia support (links basically).

Media types for specific usages

Problem Details for HTTP APIs

From the abstract

This document defines a “problem detail” as a way to carry machine- readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.

A media type to use when a status code is not enough to represent all the error information. I typically use it to add domain specific information to error HTTP response messages, using the type field.

Home Documents for HTTP APIs

From the abstract

This document proposes a “home document” format for non-browser HTTP clients.

Defines a format for API home documents - the API entry point, containing links to relevant resources. An example of such a document is https://api.github.com, which does not use this specification.

Includes the definition of two concepts that may be used in other contexts, other than a home document:

Semantics

From the abstract

This specification defines the ‘profile’ link relation type that allows resource representations to indicate that they are following one or more profiles. A profile is defined not to alter the semantics of the resource representation itself, but to allow clients to learn about additional semantics (constraints, conventions, extensions) that are associated with the resource representation, in addition to those defined by the media type and possibly other mechanisms.

Useful to communicate the representation semantics beyond what is provided by the media type alone. Avoid the creation of specific media type identifiers.

For instance, the following response informs that the HMTL based representation includes elements that should be interpreted according to the hCard 1.0 format.

HTTP/1.1 200 OK
Content-Type: text/html
Link: <http://microformats.org/profile/hcard>; rel="profile"

The next excerpt includes the tel, type and value HTML classes, which should be interpreted according to the hCard semantics.

<span class="tel">
 <span class="type">home</span>:
 <span class="value">+1.415.555.1212</span>
</span>

Negotiation

Prefer Header for HTTP

From the abstract

This specification defines an HTTP header field that can be used by a client to request that certain behaviors be employed by a server while processing a request.

Define a way for the client to influence how a server handles a request, by stating a set of preferences such as

IANA manages a registry for these preferences.

Caching

HTTP Cache-Control Extensions for Stale Content

From the abstract

This document defines two independent HTTP Cache-Control extensions that allow control over the use of stale responses by caches.

This RFC defines two new cache control directives that allow the use of stale content by caches:

In addition, the Warning header can be used to inform the client that stale content is being returned: https://tools.ietf.org/html/rfc7234#section-5.5.1.

Security

Hypertext Transfer Protocol (HTTP/1.1): Authentication

From the abstract

This document defines the HTTP Authentication framework.

My primary source of information for the HTTP authentication and authorization elements, such as the WWW-Authenticate and Authorization headers as well as the 401 and 403 status codes.

The OAuth 2.0 Authorization Framework

From the abstract

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf

The OAuth 2.0 framework main specification, describing how a client application obtains access tokens to access a HTTP API, using one of the four standard flows: Authorization Code Grant, Implicit, Resource Owner Password Credentials, and Client Credentials.

The OAuth 2.0 Authorization Framework: Bearer Token Usage

From the abstract

This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources

A very short specification defining the proper way to attach a bearer token to a HTTP request message.

OpenID Connect Core 1.0

From the abstract

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol

OpenID Connect extends the OAuth 2.0 protocol to also handle authentication related tasks.

IANA HTTP Authentication Schemes registry

The IANA registry all all the standard authentication/authorization schemes, namely: Basic and Bearer.

Syntax

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

From the abstract

This document provides an overview of HTTP architecture and its associated terminology, defines the “http” and “https” Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations

Useful for understanding syntax aspects, such as header encodings.

Uniform Resource Identifier (URI): Generic Syntax

From the abstract

This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet.

Useful when handling with URI syntax issues, namely reserved characters and encoding.