Public/system-design-101
1
0
Fork 0
mirror of https://github.com/ByteByteGoHq/system-design-101.git synced 2026-04-01 16:57:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee4b7305a2ccd6aa13688559d345e8a6647774de
system-design-101/data/guides/a-cheat-sheet-for-api-designs.md
Kamran Ahmed ee4b7305a2 Adds ByteByteGo guides and links (#106) 
This PR adds all the guides from [Visual
Guides](https://bytebytego.com/guides/) section on bytebytego to the
repository with proper links.

- [x] Markdown files for guides and categories are placed inside
`data/guides` and `data/categories`
- [x] Guide links in readme are auto-generated using
`scripts/readme.ts`. Everytime you run the script `npm run
update-readme`, it reads the categories and guides from the above
mentioned folders, generate production links for guides and categories
and populate the table of content in the readme. This ensures that any
future guides and categories will automatically get added to the readme.
- [x] Sorting inside the readme matches the actual category and guides
sorting on production
2025-03-31 22:16:44 -07:00

1.8 KiB
Raw Blame History

title, description, image, createdAt, draft, categories, tags
title description image createdAt draft categories tags
A cheat sheet for API designs A handy cheat sheet for designing secure and efficient APIs. https://assets.bytebytego.com/diagrams/0137-cheat-sheet-for-api-design.png 2024-02-14 false
api-web-development
API Design
Security

APIs expose business logic and data to external systems, so designing them securely and efficiently is important.

API key generation

We normally generate one unique app ID for each client and generate different pairs of public key (access key) and private key (secret key) to cater to different authorizations. For example, we can generate one pair of keys for read-only access and another pair for read-write access.

Signature generation

Signatures are used to verify the authenticity and integrity of API requests. They are generated using the secret key and typically involve the following steps:

  • Collect parameters
  • Create a string to sign
  • Hash the string: Use a cryptographic hash function, like HMAC (Hash-based Message Authentication Code) in combination with SHA-256, to hash the string using the secret key.
  • Send the requests

When designing an API, deciding what should be included in HTTP request parameters is crucial. Include the following in the request parameters:

  • Authentication Credentials
  • Timestamp: To prevent replay attacks.
  • Request-specific Data: Necessary to process the request, such as user IDs, transaction details, or search queries.
  • Nonces: Randomly generated strings included in each request to ensure that each request is unique and to prevent replay attacks.

Security guidelines

To safeguard APIs against common vulnerabilities and threats, adhere to these security guidelines.

Reference in New Issue View Git Blame Copy Permalink