The 5 Things Every API Must Have

When building a Web API, certain features are commonly needed for a baseline implementation. Sometimes these may be specific features built into the framework or they may need to be manually coded. In this post, I’ve compiled the various Node.js libraries, along with the key features, needed for API development. Regardless of API framework or language, the five functionalities outlined below are commonly an assumed part of the end product of the API service.

1. Error handling

hapijsWhen developing APIs for the Web, the standard approach is to return any errors with a respective HTTP code. These aren’t always codified via a framework, but some frameworks such as hapi.js do have additional handling of errors. Hapi.js has a library it can utilize called boom, maintained by Adam Bretz (@arb).

2. Error logging

Once error handling is in place, errors often need to be logged so they can be reviewed. There are many ways to log errors, from catching them and executing a console.log(“error message here”); to having them written to a log file.

Libraries for error logging include log4js, bunyan, and winston. In some situations logging can be handled by a service such as New Relic to manage incoming error logging messages and view them in the New Relic Errors Dashboard.

3. Validation

Another common need is to validate the data that is coming into the API services being built. A library that I have used lately for object validation is joi. Joi is a validation framework that is part of the hapi.js collection of libraries. It provides a way to validate object schema such as the JSON objects that might be sent to an API. Some libraries exist that validate individual data types like iz or validator.js, or validate, which covers many functional validations.

4. Authentication and authorization

Authentication and authorization happen in a number of different ways these days. It can become a complex process just to decide exactly what is needed. There is standard username and password authentication, identity-based passed token authentication, oauth, openid, http token-based, API key, and many others. There are as many libraries as there are methods of securing API services.

One very well-known library is passport.js. The library works as middleware in express.js, hapi.js, or other frameworks. Passport.js provides an easy way to get a service up and running with a number of authentication strategies, or simply a single one.

5. Testing

Last but not least, one of my favorite functions: testing. In choosing your testing library, you’ll notice they vary greatly in styles, practices, patterns, and focus. But there are a few specific libraries that help out with API end points. One that helps out specifically with testing APIs is SuperTest. This library is great for setting up integration level tests, but for unit tests it is often a bit much. To create tests for mocking up and testing APIs, check out Nock. Most of these libraries are best used with the Mocha library.

Punch List:

Punch list'

Adron Hall is a jovial, proactive, test & code, code & test, get things done well, software architect, engineer, code monkey, coder, and distributed systems advocate. As a coder, Hall plies a polygot language path including C#, Java, JavaScript, and Erlang lately -- as well as Pascal, Basic, Visual Basic, C++, C, COBOL, RPG, CL, and others in the past. He founded with Aaron Gray, Node PDX with Troy Howard, and more startups are in the works. You can read his blog at Composite Code ( View posts by .

Interested in writing for New Relic Blog? Send us a pitch!