Skip to content

api-developer.md

Latest commit

 

History

History
1229 lines (982 loc) · 68 KB

api-developer.md

File metadata and controls

1229 lines (982 loc) · 68 KB
╔═══════════════════════════════════════════════════════════════════════════════════════╗
║                                                                                       ║
║      ██████╗   ██████╗  ██╗    ██╗██████╗ ███████╗██╗   ██╗                         ║
║      ██╔══██╗ ██╔═══██╗ ██║    ██║██╔══██╗██╔════╝██║   ██║                         ║
║      ██████╔╝ ██║   ██║ ██║ █╗ ██║██████╔╝█████╗  ██║   ██║                         ║
║      ██╔═══╝  ██║   ██║ ██║███╗██║██╔══██╗██╔══╝  ╚██╗ ██╔╝                         ║
║      ██║      ╚██████╔╝ ╚███╔███╔╝██║  ██║███████╗ ╚████╔╝                          ║
║      ╚═╝       ╚═════╝   ╚══╝╚══╝ ╚═╝  ╚═╝╚══════╝  ╚═══╝                          ║
║                                                                                       ║
║   ▄████████    ▄███████▄  ▄█     ████████▄   ▄████████  ▄█    █▄                    ║
║   ███    ███   ███    ███ ███     ███   ▀███ ███    ███ ███    ███                   ║
║   ███    ███   ███    ███ ███▌    ███    ███ ███    █▀  ███    ███                   ║
║   ███    ███   ███    ███ ███▌    ███    ███ ███        ███    ███                   ║
║   ███    ███ ▀█████████▀  ███▌    ███    ███ ███       ▀███████████                  ║
║   ███    ███   ███        ███     ███    ███ ███    █▄   ███    ███                  ║
║   ███    ███   ███        ███     ███   ▄███ ███    ███  ███    ███                  ║
║    ▀██████▀   ▄████▀      █▀      ████████▀  ████████   ███    █▀                   ║
║                                                                                       ║
║              R E S O U R C E S  ·  F O R  ·  D E V E L O P E R S                   ║
╚═══════════════════════════════════════════════════════════════════════════════════════╝
Typing SVG

Stars Forks Contributors PRs Welcome License: MIT Last Updated


🌟 The most comprehensive, community-driven collection of API development resources on the internet. Curated with love for developers, by developers. 1500+ resources across 22 categories.


━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
   📚 Learn  →  🏗️ Build  →  🔐 Secure  →  🚀 Ship
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📋 Table of Contents

# Category Resources # Category Resources
01 🎓 Learning 70+ 12 ⚡ Performance 65+
02 🔧 API Fundamentals 60+ 13 🔐 Security 70+
03 🌐 REST APIs 80+ 14 📊 Monitoring 60+
04 🔷 GraphQL 75+ 15 🚦 Rate Limiting 50+
05 ⚙️ gRPC 55+ 16 💾 Caching 55+
06 🎨 API Design 65+ 17 🔀 API Gateways 60+
07 🔑 Authentication 70+ 18 🛠️ DevOps 65+
08 🛡️ Authorization 55+ 19 🧰 Tools 80+
09 📝 Documentation 60+ 20 🌍 Open Source 70+
10 🧪 Testing 65+ 21 👥 Communities 50+
11 🔢 Versioning 45+ 22 💡 Project Ideas 55+

🎓 01 - Learning & Getting Started

Start your API journey here. From absolute beginner to production-ready engineer.

📚 Free Online Courses

Resource Platform Level Language Rating
APIs for Beginners freeCodeCamp 🟢 Beginner English ⭐⭐⭐⭐⭐
API Development Full Course YouTube 🟢 Beginner English ⭐⭐⭐⭐⭐
REST API Design Best Practices Coursera 🟡 Intermediate English ⭐⭐⭐⭐
API Design and Fundamentals Udemy 🟡 Intermediate English ⭐⭐⭐⭐
Postman API Fundamentals Postman Academy 🟢 Beginner English ⭐⭐⭐⭐⭐
API Testing Foundations LinkedIn Learning 🟢 Beginner English ⭐⭐⭐⭐
Designing RESTful APIs Udacity 🟡 Intermediate English ⭐⭐⭐⭐
API Security Fundamentals APISecurity.io 🟡 Intermediate English ⭐⭐⭐⭐⭐
The Web Developer Bootcamp Udemy 🟢 Beginner English ⭐⭐⭐⭐⭐
CS50 Web Programming Harvard/edX 🟡 Intermediate English ⭐⭐⭐⭐⭐

📖 Essential Books

Book Author Year Level Free?
RESTful Web APIs Leonard Richardson 2013 🟡 Intermediate
API Design Patterns JJ Geewax 2021 🔴 Advanced
Designing Web APIs Brenda Jin 2018 🟡 Intermediate
The Design of Web APIs Arnaud Lauret 2019 🟡 Intermediate
GraphQL in Action Samer Buna 2021 🟡 Intermediate
gRPC: Up and Running Kasun Indrasiri 2020 🟡 Intermediate
Web API Design: Crafting Interfaces That Developers Love Brian Mulloy 2012 🟢 Beginner
HTTP: The Definitive Guide Gourley & Totty 2002 🟡 Intermediate
Mastering API Architecture James Gough 2022 🔴 Advanced
API Marketplace Engineering Rennick & Tollman 2021 🔴 Advanced

🎬 YouTube Channels

Channel Focus Subscribers Language
Fireship Web Dev & APIs 2M+ English
Traversy Media Full-Stack & APIs 2M+ English
The Net Ninja Node.js & REST 1M+ English
Academind Web Dev 1M+ English
Hussein Nasser Backend Engineering 300K+ English
ByteByteGo System Design 700K+ English
Web Dev Simplified Beginner-Friendly 1M+ English
Postman API Testing 200K+ English

🏫 Interactive Platforms

Platform Description Free Tier Focus
Codecademy Interactive API courses REST, APIs
freeCodeCamp Full curriculum ✅ Free All
Scrimba Interactive coding ✅ Partial Frontend
Replit Online IDE & tutorials ✅ Partial All
Katacoda Browser-based labs ✅ Free DevOps, APIs
Exercism Coding exercises ✅ Free Programming
LeetCode Coding challenges ✅ Partial Algorithms

📰 Top Blogs & Articles

Blog Focus Quality
Martin Fowler's Blog Architecture & APIs ⭐⭐⭐⭐⭐
Nordic APIs Blog API Industry ⭐⭐⭐⭐⭐
API Evangelist API Strategy ⭐⭐⭐⭐
Stoplight Blog API Design ⭐⭐⭐⭐
Swagger Blog OpenAPI & Tools ⭐⭐⭐⭐
Postman Blog API Testing & Dev ⭐⭐⭐⭐⭐
Smashing Magazine Web Dev ⭐⭐⭐⭐
Dev.to API Tag Community Posts ⭐⭐⭐⭐

🔧 02 - API Fundamentals

Understand the core concepts that underpin all APIs.

📡 HTTP & Web Protocols

Resource Type Description
MDN HTTP Guide 📄 Docs Complete HTTP reference
HTTP/2 Explained 📖 Book Free HTTP/2 deep-dive
HTTP/3 Explained 📖 Book Free HTTP/3 guide
HTTPS Everywhere 🔐 Tool Secure connections
RFC 7230 - HTTP/1.1 📋 RFC Official HTTP spec
RFC 7540 - HTTP/2 📋 RFC HTTP/2 specification
RFC 9114 - HTTP/3 📋 RFC HTTP/3 specification
Curl Cookbook 📄 Guide curl command mastery

🌐 API Paradigms Overview

Paradigm Description Best For Complexity
REST Representational State Transfer Web APIs, CRUD 🟢 Low
GraphQL Query language for APIs Flexible data fetching 🟡 Medium
gRPC Google Remote Procedure Call Microservices 🔴 High
SOAP Simple Object Access Protocol Enterprise, legacy 🔴 High
WebSockets Full-duplex communication Real-time apps 🟡 Medium
SSE Server-Sent Events One-way streaming 🟢 Low
Webhooks HTTP callbacks Event-driven systems 🟢 Low
MQTT Message Queue Telemetry IoT, messaging 🟡 Medium
AMQP Advanced Message Queuing Enterprise messaging 🔴 High
JSON-RPC Remote Procedure Call over JSON Lightweight RPC 🟢 Low

📦 Data Formats

Format MIME Type Best For Human Readable
JSON application/json Web APIs ✅ Yes
XML application/xml SOAP, legacy ✅ Yes
Protocol Buffers application/protobuf gRPC, efficiency ❌ No
MessagePack application/msgpack Binary JSON alt ❌ No
YAML application/yaml Config, OpenAPI ✅ Yes
CBOR application/cbor IoT, constrained ❌ No
Avro application/avro Big data, Kafka ❌ No
CSV text/csv Tabular data ✅ Yes
FlatBuffers application/flatbuffers Games, performance ❌ No
Thrift application/thrift Facebook services ❌ No

🔍 Status Codes Reference

Range Category Common Codes
1xx 🔵 Informational 100 Continue, 101 Switching
2xx 🟢 Success 200 OK, 201 Created, 204 No Content
3xx 🟡 Redirection 301 Moved, 302 Found, 304 Not Modified
4xx 🔴 Client Error 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 429 Too Many
5xx ⚫ Server Error 500 Internal Error, 502 Bad Gateway, 503 Unavailable

🌐 03 - REST APIs

The backbone of the modern web. Master RESTful design principles.

📐 Design Principles & Standards

Resource Author Description Stars
JSON:API Specification Standard for JSON APIs 🌟🌟🌟🌟🌟
REST API Tutorial Todd Fredrich Comprehensive REST guide 🌟🌟🌟🌟
Google API Design Guide Google Google's REST standards 🌟🌟🌟🌟🌟
Microsoft REST API Guidelines Microsoft Enterprise API standards 🌟🌟🌟🌟🌟
Zalando RESTful API Guidelines Zalando Production-grade guidance 🌟🌟🌟🌟🌟
PayPal API Standards PayPal Fintech REST patterns 🌟🌟🌟🌟
Heroku Platform API Heroku PaaS API reference 🌟🌟🌟🌟
Stripe API Reference Stripe Best-in-class API design 🌟🌟🌟🌟🌟
GitHub REST API Docs GitHub Industry-standard example 🌟🌟🌟🌟🌟
Twilio API Docs Twilio Communications API model 🌟🌟🌟🌟

🛠️ REST Frameworks by Language

Language Framework GitHub Stars Best For
Node.js Express.js 60k+ Fast APIs
Node.js Fastify 28k+ High performance
Node.js NestJS 60k+ Enterprise
Python FastAPI 72k+ Modern Python
Python Flask 65k+ Lightweight
Python Django REST 27k+ Full-featured
Go Gin 76k+ Speed
Go Echo 28k+ Minimalist
Java Spring Boot 72k+ Enterprise Java
Rust Actix-web 20k+ Ultra performance
PHP Laravel API 75k+ PHP APIs
Ruby Rails API 53k+ Rapid dev

🌍 Public REST APIs for Practice

API Category Auth Rate Limit
JSONPlaceholder 🧪 Testing None None
OpenWeatherMap 🌤️ Weather API Key 60/min
GitHub API 👨‍💻 Dev Tools OAuth 5000/hr
REST Countries 🌍 Geography None None
PokéAPI 🎮 Gaming None 100/min
Open Library 📚 Books None None
The Movie DB 🎬 Movies API Key 40/10s
NASA APIs 🚀 Space API Key 1000/hr
CoinGecko 💰 Crypto None 50/min
NewsAPI 📰 News API Key 100/day

🔷 04 - GraphQL

Query exactly what you need. Nothing more, nothing less.

🏗️ Core Resources

Resource Type Description Level
GraphQL Official Docs 📄 Docs Official specification 🟢 Beginner
How to GraphQL 🎓 Course Free full-stack tutorial 🟢 Beginner
GraphQL Foundation 🌐 Website Official foundation All
Apollo GraphQL Docs 📄 Docs Industry-standard client 🟡 Intermediate
The Guild 🌐 Website OSS tools & articles 🟡 Intermediate
GraphQL Over HTTP 📋 Spec Transport specification 🔴 Advanced
GraphQL Scalars 🛠️ Library Custom scalar types 🟡 Intermediate
Principled GraphQL 📄 Guide Apollo best practices 🔴 Advanced

⚙️ GraphQL Servers

Server Language Stars Production Ready
Apollo Server Node.js 13k+
GraphQL Yoga Node.js 8k+
Hasura Go 30k+
Strawberry Python 3.5k+
Ariadne Python 2k+
graphql-go Go 4.5k+
Juniper Rust 5k+
graphql-ruby Ruby 5k+
Hot Chocolate .NET 4.5k+
Lighthouse PHP 3k+

📦 GraphQL Clients

Client Language Stars Features
Apollo Client JS/React 18k+ Caching, state
URQL JS 8k+ Lightweight
Relay React 18k+ Facebook's client
graphql-request JS 5.5k+ Minimal
Strawberry Client Python Type-safe
gqt Python 500+ Terminal UI

🔧 GraphQL Tools & Utilities

Tool Purpose Free?
GraphiQL In-browser IDE
Altair GraphQL Desktop client
GraphQL Playground IDE
GraphQL Inspector Schema checking
GraphQL Code Generator Type generation
graphql-voyager Schema visualization
GraphQL Faker Mock data
Stellate CDN for GraphQL

⚙️ 05 - gRPC

High-performance RPC framework by Google. Built for microservices.

📚 Learning Resources

Resource Type Description Level
gRPC Official Docs 📄 Docs Official documentation All
Protocol Buffers Guide 📄 Docs Google's protobuf 🟡 Intermediate
gRPC: Up and Running 📖 Book Comprehensive guide 🟡 Intermediate
gRPC Crash Course 🎬 Video Hussein Nasser 🟢 Beginner
gRPC Concepts 📄 Docs Core concepts 🟢 Beginner
awesome-grpc 📋 List Curated resources All

🛠️ gRPC Implementations

Language Library Stars Maintained
Go grpc-go 20k+
Python grpcio
Java grpc-java 11k+
Node.js @grpc/grpc-js 4k+
C++ grpc 40k+
Rust tonic 9k+
.NET Grpc.Net
Swift grpc-swift 1.8k+

🔧 gRPC Tools

Tool Purpose Platform
grpcurl CLI client All
BloomRPC GUI client Desktop
grpc-gateway REST proxy Go
evans Interactive client CLI
Kreya gRPC GUI Desktop
Buf Protobuf toolchain All
protoc Proto compiler All
grpc-health-probe Health checking All

🎨 06 - API Design

Good APIs are products. Design them with the same care.

📐 Design Principles

Principle Description Resource
REST Constraints Stateless, uniform interface REST Dissertation
HATEOAS Hypermedia as engine of app state HATEOAS Guide
KISS Keep It Simple, Stupid Timeless
Least Surprise APIs should behave as expected Design principle
Consistency Uniform naming & structure Style guides
Versioning Strategy Plan for breaking changes Semver
Idempotency Same result on repeat calls RFC 7231
Pagination Cursor vs offset vs keyset Best practices

🏗️ API Design Tools

Tool Purpose Free Tier Stars
Swagger Editor OpenAPI editing
Stoplight Studio API design platform ✅ Partial 3k+
Apicurio Studio OpenAPI designer 1k+
Insomnia Designer API design ✅ Partial 30k+
Postman API platform ✅ Partial
Readme.io Docs + Design
Apiary Design + Docs ✅ Partial
Miro API diagramming ✅ Partial

📋 OpenAPI / Swagger Ecosystem

Resource Type Description
OpenAPI Specification 📋 Spec Official OAS 3.x spec
Swagger UI 🛠️ Tool Interactive API docs
Swagger Codegen 🛠️ Tool Client/server generation
OpenAPI Generator 🛠️ Tool 50+ language generators
Redoc 🛠️ Tool Beautiful API docs
swagger-parser 📦 Library Parse & validate specs
spectral 🛠️ Linter OpenAPI linting
oasdiff 🛠️ Tool API diff comparison

🎯 Design Patterns

Pattern Description When to Use
Resource Naming Nouns, not verbs Always
Nested Resources /users/{id}/posts Parent-child relations
PATCH vs PUT Partial vs full update Depends on use case
Batch Operations Multiple records at once Performance
Cursor Pagination Token-based navigation Large datasets
Sparse Fieldsets ?fields=id,name Bandwidth optimization
Filtering ?status=active&role=admin Data querying
Sorting ?sort=created_at&order=desc Data ordering
Envelope Pattern Wrap responses in metadata Consistency
Error Objects Structured error responses Developer UX

🔑 07 - Authentication

Who are you? Prove it. The gateway to every secured API.

🔐 Authentication Methods

Method Security Level Use Case Complexity
API Keys 🟡 Medium Server-to-server 🟢 Low
Basic Auth 🔴 Low Legacy, internal 🟢 Low
Bearer Tokens 🟢 High Modern APIs 🟡 Medium
JWT 🟢 High Stateless auth 🟡 Medium
OAuth 2.0 🟢 High Third-party access 🔴 High
OpenID Connect 🟢 High Identity layer 🔴 High
SAML 2.0 🟢 High Enterprise SSO 🔴 High
mTLS ⭐ Very High Service-to-service 🔴 High
Hawk Auth 🟢 High Signed requests 🔴 High
PASETO ⭐ Very High Modern JWT alt 🟡 Medium

🔑 JWT Resources

Resource Type Description
JWT.io 🌐 Tool JWT debugger & libraries
RFC 7519 - JWT 📋 RFC JWT specification
JOSE Working Group 📋 Spec JSON object signing
jwt-go 📦 Library Go JWT library
jsonwebtoken 📦 Library Node.js JWT
PyJWT 📦 Library Python JWT
nimbus-jose-jwt 📦 Library Java JWT

🔒 OAuth 2.0 Resources

Resource Type Description
OAuth 2.0 Spec 📋 Spec Official OAuth 2.0
OAuth 2.0 Simplified 📄 Guide Easy explanation
OAuth Security Best Practices 📋 IETF Security guidance
Auth0 Docs 📄 Docs Auth-as-a-Service
Okta Developer 📄 Docs Identity platform
Keycloak 🛠️ Tool Open-source IAM
ory/hydra 🛠️ Tool OAuth server
oauth2-proxy 🛠️ Tool Reverse proxy auth

🏢 Auth Providers

Provider Free Tier MAU Free Best For
Auth0 7,500 SaaS apps
Okta 100 Enterprise
Firebase Auth Unlimited Mobile
AWS Cognito 50,000 AWS apps
Supabase Auth 50,000 Open-source
Clerk 10,000 Next.js apps
Stytch 25,000 Passwordless

🛡️ 08 - Authorization

You're in. But what can you do? Control access with precision.

🏗️ Authorization Models

Model Description Best For Complexity
RBAC Role-Based Access Control Most apps 🟢 Low
ABAC Attribute-Based Access Control Fine-grained 🔴 High
ACL Access Control Lists File systems 🟡 Medium
PBAC Policy-Based Access Control Enterprises 🔴 High
ReBAC Relationship-Based Social graphs 🔴 High
IBAC Identity-Based Cloud IAM 🟡 Medium

🔐 Authorization Frameworks

Framework Language Stars Model
Casbin Multi 16k+ RBAC/ABAC/ACL
OPA (Open Policy Agent) Go 8k+ PBAC
Zanzibar (Google) ReBAC
OpenFGA Go 2k+ ReBAC
Ory Keto Go 4.5k+ ReBAC
Permit.io Multi-model
Cerbos Go 2k+ ABAC
SpiceDB Go 4.5k+ ReBAC

📋 Standards & Protocols

Standard Description Resource
SCIM Cross-domain identity management RFC 7644
XACML XML access control markup language OASIS Spec
UMA 2.0 User-managed access Spec

📝 09 - Documentation

Great APIs deserve great documentation. Your docs are your product.

🛠️ Documentation Tools

Tool Type Free? GitHub Stars
Swagger UI Interactive Docs 25k+
Redoc Static Docs 21k+
Slate Docs Generator 35k+
Docusaurus Site Generator 52k+
Mintlify Modern Docs ✅ Partial 2k+
ReadMe Dev Hub
GitBook Documentation ✅ Partial
Stoplight API Docs Platform ✅ Partial
Apidog All-in-one ✅ Partial
Bump.sh API Change Mgmt

✍️ Documentation Standards

Standard Description Resource
OpenAPI 3.x Industry-standard spec format spec.openapis.org
AsyncAPI Event-driven API docs asyncapi.com
RAML RESTful API modeling language raml.org
API Blueprint Markdown-based API docs apiblueprint.org
JSON Schema Document request/response schemas json-schema.org

💎 Best-in-Class API Docs Examples

Company Docs URL What Makes It Great
Stripe stripe.com/docs/api Try in browser, contextual examples
Twilio twilio.com/docs Multi-language code samples
GitHub docs.github.com/en/rest OpenAPI-backed, comprehensive
Spotify developer.spotify.com Console, auth flows
Notion developers.notion.com Clean, modern design
Linear linear.app/docs/graphql GraphQL explorer built-in
Plaid plaid.com/docs Step-by-step guides
Shopify shopify.dev Multi-platform, versioned

🧪 10 - Testing

Test early. Test often. Test everything. Your API is only as good as your tests.

🔬 Testing Types

Type Description Tools
Unit Testing Test individual functions Jest, pytest, JUnit
Integration Testing Test component interaction Supertest, RestAssured
Contract Testing Consumer-driven contracts Pact
E2E Testing Full user-flow testing Cypress, Playwright
Load Testing Performance under load k6, Locust, JMeter
Chaos Testing Fault injection Chaos Monkey
Fuzzing Random input testing RESTler, Schemathesis
Security Testing Vulnerability scanning OWASP ZAP, Burp Suite

🛠️ API Testing Tools

Tool Type Free? Best For
Postman GUI + Automation ✅ Partial All-in-one
Insomnia GUI ✅ Partial REST/GraphQL
Bruno GUI Git-friendly
HTTPie CLI/GUI Simple testing
curl CLI Quick testing
Hoppscotch Web Browser-based
Paw macOS Mac users
SoapUI Desktop ✅ Partial SOAP/REST
k6 Performance Load testing
Locust Performance Load testing
JMeter Performance Load testing
Newman CLI Postman CI/CD
Karate DSL BDD Java/API testing
Dredd Contract OpenAPI testing

📦 Testing Libraries by Language

Language Library Purpose Stars
Node.js supertest HTTP testing 12k+
Node.js nock HTTP mocking 12k+
Python pytest Test framework 11k+
Python responses Requests mock 4k+
Python httpretty HTTP mock 2k+
Go httptest HTTP testing Built-in
Java REST-assured REST testing 6.5k+
Ruby VCR Record HTTP 5.5k+

🔄 Contract Testing

Tool Approach Stars
Pact Consumer-driven 3.5k+
Spring Cloud Contract Producer-driven
Dredd OpenAPI-based 4k+
Schemathesis Property-based 2k+

🔢 11 - Versioning

APIs evolve. Plan for change before it breaks your users.

📋 Versioning Strategies

Strategy Example Pros Cons
URI Path /v1/users Simple, visible URL pollution
Query Param /users?version=1 Easy to test Cacheable issues
Header API-Version: 1 Clean URLs Less discoverable
Content Negotiation Accept: application/vnd.api+json;v=1 HTTP standard Complex clients
Subdomain v1.api.example.com Total separation Infrastructure
No Versioning Continuous evolution Simplicity Breaking changes

📚 Versioning Resources

Resource Type Description
SemVer 📄 Spec Semantic versioning
API Evolution vs Versioning 📝 Article Mark Nottingham
Stripe API Versioning 📝 Blog Real-world example
Zalando Versioning 📄 Guide Enterprise approach
APIs You Won't Hate - Versioning 📝 Blog Phil Sturgeon

⚡ 12 - Performance & Optimization

Fast APIs are happy APIs. Users notice milliseconds.

🚀 Performance Techniques

Technique Impact Complexity Description
HTTP/2 🟢 High 🟢 Low Multiplexing, server push
HTTP/3/QUIC 🟢 High 🟡 Medium UDP-based, faster handshakes
Compression (gzip/br) 🟢 High 🟢 Low Reduce payload size
Connection Pooling 🟢 High 🟡 Medium Reuse TCP connections
Response Caching ⭐ Very High 🟡 Medium Avoid duplicate processing
Database Indexing ⭐ Very High 🟡 Medium Faster queries
Async Processing 🟢 High 🔴 High Non-blocking I/O
CDN 🟢 High 🟢 Low Geographic distribution
Payload Minimization 🟡 Medium 🟢 Low Return only needed fields
Batching 🟢 High 🟡 Medium Combine multiple requests

📊 Performance Testing Tools

Tool Type Free? Protocol
k6 Load HTTP
Apache JMeter Load HTTP, JDBC
Locust Load HTTP
Gatling Load ✅ Partial HTTP
wrk Benchmark HTTP
hey Benchmark HTTP
autocannon Benchmark HTTP
Artillery Load ✅ Partial HTTP, WS
Vegeta Load HTTP
Drill Load HTTP

🔐 13 - Security

Security is not optional. Build it in from day one.

⚠️ OWASP API Security Top 10

Rank Risk Description Mitigation
1 Broken Object Level Auth Access others' resources Validate ownership
2 Broken Authentication Weak auth mechanisms Use OAuth/JWT properly
3 Broken Object Property Auth Expose hidden fields Allowlist properties
4 Unrestricted Resource Consumption DoS via large payloads Rate limit, pagination
5 Broken Function Level Auth Access admin endpoints Role checks
6 Unrestricted Access to Sensitive Flows Abuse business logic Flow validation
7 SSRF Server-side request forgery Validate URLs
8 Security Misconfiguration Default credentials, CORS Harden config
9 Improper Inventory Management Shadow APIs Document all endpoints
10 Unsafe Consumption of APIs Trust 3rd-party blindly Validate external data

🛡️ Security Tools

Tool Purpose Free? Category
OWASP ZAP DAST scanning Security scan
Burp Suite Pen testing ✅ Partial Pen test
Semgrep SAST ✅ Partial Code scan
42Crunch API security API specific
Traceable API security Runtime
Salt Security API security Runtime
Noname Security API security Runtime
Wallarm WAF + API sec WAF
Coraza Open-source WAF WAF

📋 Security Standards & Compliance

Standard Description Relevant For
OWASP API Top 10 API vulnerabilities All APIs
NIST SP 800-204 Microservices security Enterprise
SOC 2 Security compliance SaaS
PCI DSS Payment card security Fintech
ISO 27001 Information security Enterprise

📊 14 - Monitoring & Observability

You can't fix what you can't see. Instrument everything.

🔭 The Three Pillars

Pillar Description Examples
Metrics Quantitative measurements Request count, latency, error rate
Logs Timestamped records of events Structured logs, access logs
Traces Request path through services Distributed tracing, spans

📈 Monitoring Platforms

Platform Type Free? Best For
Datadog APM + Infra Enterprise
New Relic APM ✅ Partial Full-stack
Grafana Visualization Metrics dashboards
Prometheus Metrics Self-hosted metrics
Jaeger Tracing Distributed traces
Zipkin Tracing Distributed traces
OpenTelemetry Observability Standards-based
Elastic APM APM ELK stack
Honeycomb Observability ✅ Partial Debugging
Lightstep Observability Correlation
Dynatrace APM Enterprise
Uptime Robot Uptime Simple monitoring

📊 Key Metrics (SLIs/SLOs)

Metric Description Target
Latency P50 Median response time < 100ms
Latency P99 99th percentile response < 500ms
Error Rate % of 5xx responses < 0.1%
Availability Uptime percentage > 99.9%
Throughput Requests per second Baseline-dependent
TTFB Time to first byte < 200ms
Apdex Score User satisfaction metric > 0.9

🚦 15 - Rate Limiting

Protect your API from abuse. Fair usage for everyone.

📐 Rate Limiting Algorithms

Algorithm Description Pros Cons
Fixed Window Count in time windows Simple Burst at edges
Sliding Window Rolling time window Smooth More complex
Token Bucket Token-based allowance Burst-friendly Memory usage
Leaky Bucket Queue-based smoothing Uniform rate Queue latency
Concurrency Limit Max concurrent requests Simple Not time-based

🛠️ Rate Limiting Libraries

Library Language Algorithm Stars
express-rate-limit Node.js Multiple 10k+
bottleneck Node.js Token bucket 1.5k+
django-ratelimit Python Fixed window 1k+
slowapi Python/FastAPI Various 800+
golang.org/x/time/rate Go Token bucket Built-in
throttle Go Various 700+
rack-attack Ruby Various 5k+
Spring Rate Limiting Java Bucket4j
resilience4j-ratelimiter Java Various 9k+

📋 Rate Limit Headers (Standards)

Header Description Example
X-RateLimit-Limit Max requests allowed 1000
X-RateLimit-Remaining Requests left in window 985
X-RateLimit-Reset Unix timestamp of reset 1625097600
Retry-After Seconds until retry (RFC 7231) 60
RateLimit-Policy IETF draft header 100;w=3600

💾 16 - Caching

The fastest request is the one you never make. Cache everything you can.

🏗️ Caching Layers

Layer Location Speed Examples
Browser Cache Client ⭐ Fastest Cache-Control headers
CDN Cache Edge nodes ⭐ Fast Cloudflare, Fastly
Reverse Proxy Cache Server-side 🟢 Fast Nginx, Varnish
Application Cache In-memory 🟢 Fast Redis, Memcached
Database Cache Query cache 🟡 Medium Query results

🔧 Caching Technologies

Tool Type Stars Use Case
Redis In-memory DB 60k+ Session, cache
Memcached In-memory 12k+ Simple cache
Varnish HTTP cache 3.5k+ HTTP caching
Nginx Reverse proxy 18k+ Proxy cache
Cloudflare CDN Global cache
Fastly CDN Edge cache
KeyDB Redis-compat 6k+ Faster Redis
Dragonfly Redis-compat 22k+ Modern cache

📋 HTTP Cache Headers

Header Direction Description
Cache-Control Both Caching directives
ETag Response Resource version tag
Last-Modified Response When resource changed
If-None-Match Request Conditional get by ETag
If-Modified-Since Request Conditional get by date
Vary Response Cache varies by header
Pragma Both Legacy HTTP/1.0 cache
Expires Response Absolute expiry date
Age Response Seconds in cache

🔀 17 - API Gateways

Your API's front door. Route, secure, and transform traffic at scale.

🌐 Open-Source Gateways

Gateway Language Stars Key Features
Kong Lua/Go 37k+ Plugins, K8s native
APISIX Lua 13k+ Dynamic routing
Tyk Go 9k+ API management
KrakenD Go 6k+ Performance-first
Traefik Go 47k+ Auto-config, K8s
Envoy C++ 24k+ Service mesh
Nginx C 18k+ Universal proxy
HAProxy C 4k+ Load balancing
Gravitee Java 1.5k+ API management
Gloo Edge Go 4k+ Envoy-based

☁️ Managed Gateway Services

Service Provider Best For
AWS API Gateway Amazon AWS ecosystem
Azure API Management Microsoft Azure ecosystem
Google Cloud Endpoints Google GCP ecosystem
Apigee Google Enterprise
MuleSoft Salesforce Enterprise
Amplify API Management Axway Enterprise

🔧 Gateway Capabilities

Feature Description Importance
Rate Limiting Request throttling ⭐ Critical
Auth/AuthZ JWT, OAuth, API keys ⭐ Critical
SSL Termination Handle HTTPS ⭐ Critical
Load Balancing Distribute traffic ⭐ Critical
Request Transformation Modify requests/responses 🟢 High
Circuit Breaker Failure protection 🟢 High
Caching Response caching 🟢 High
Logging/Tracing Observability 🟢 High
IP Filtering Block/allow IPs 🟡 Medium
Request Routing URL-based routing ⭐ Critical

🛠️ 18 - DevOps & CI/CD

Ship APIs with confidence. Automate the boring stuff.

🔄 CI/CD Platforms

Platform Free Tier Best For Integration
GitHub Actions ✅ 2000 min/mo GitHub projects Native
GitLab CI/CD ✅ 400 min/mo GitLab projects Native
CircleCI ✅ 6000 min/mo Docker workflows Wide
Jenkins ✅ Free Self-hosted Universal
Travis CI Open source GitHub
Drone CI Container-native GitHub/GitLab
Buildkite Scale teams Wide
TeamCity ✅ Partial JetBrains users Wide

🐳 Containerization

Technology Purpose Stars
Docker Containerization 67k+
Kubernetes Orchestration 106k+
Helm K8s package manager 25k+
Docker Compose Multi-container Built-in
Podman Rootless containers 21k+
Skaffold K8s dev tool 14k+
Tilt K8s dev env 7k+

🏗️ Infrastructure as Code

Tool Language Stars Provider
Terraform HCL 41k+ Multi-cloud
Pulumi Multi 20k+ Multi-cloud
AWS CDK Multi 11k+ AWS
Ansible YAML 61k+ Config mgmt
Chef Ruby 7k+ Config mgmt
Crossplane YAML 8k+ K8s-native

🧰 19 - Tools & Utilities

The right tool makes the job effortless.

🖥️ API Clients & GUIs

Tool Platform Free? Protocol Support
Postman All ✅ Partial REST, GraphQL, gRPC
Insomnia All ✅ Partial REST, GraphQL, gRPC
Bruno All REST, GraphQL
Hoppscotch Web REST, WS, GraphQL
HTTPie Desktop All ✅ Partial REST
Paw macOS REST, GraphQL
RapidAPI Web ✅ Partial REST
Testfully Web ✅ Partial REST
Milkman All REST, gRPC
yaak All ✅ Partial REST, GraphQL, gRPC

🔍 Debugging & Inspection

Tool Purpose Free?
Charles Proxy HTTP debugging
Proxyman macOS HTTP proxy ✅ Partial
mitmproxy Man-in-the-middle
Fiddler Web debugger ✅ Partial
Wireshark Network analysis
tcpdump CLI packet capture
Webhook.site Webhook testing
RequestBin HTTP inspection
httpbin HTTP testing service
Beeceptor Mock server ✅ Partial

🔄 Mock Servers

Tool Type Free? Stars
WireMock Java-based 6k+
json-server Node.js 70k+
Mockoon Desktop/CLI 5.5k+
Prism OpenAPI 3.5k+
Mirage JS Browser/Node 5k+
MSW Service Worker 15k+
Mocky Online
Faker.js Data generation 10k+

🧪 API Specification Validators

Tool Spec Support Stars
Spectral OpenAPI, AsyncAPI 2.5k+
swagger-parser OpenAPI 1k+
ibm-openapi-validator OpenAPI 500+
vacuum OpenAPI 500+
optic OpenAPI 1.5k+

🌍 20 - Open-Source Projects

Learn from the best. Contribute to the community.

🏆 Must-Star Repositories

Repository Description Language Stars
public-apis Free APIs list Markdown 300k+
httpie HTTP CLI client Python 32k+
mitmproxy HTTP proxy Python 35k+
fastapi Modern Python API Python 72k+
hoppscotch API client TypeScript 62k+
insomnia API client TypeScript 33k+
json-server Fake REST API JavaScript 70k+
swagger-ui API docs UI JavaScript 25k+
redoc API docs TypeScript 22k+
mockoon Mock server TypeScript 5.5k+
openapi-generator Code generator Java 20k+
prisma ORM TypeScript 37k+
nestjs Node.js framework TypeScript 63k+
gin Go framework Go 76k+
pact-go Contract testing Go 1.5k+

📦 Client SDK Generators

Tool Input Output Stars
OpenAPI Generator OpenAPI 50+ languages 20k+
swagger-codegen OpenAPI 40+ languages 16k+
oapi-codegen OpenAPI Go 5k+
autorest OpenAPI Multiple 4k+
fern OpenAPI SDK 2k+
speakeasy OpenAPI Multiple 1k+

👥 21 - Communities & Forums

You're not alone. Thousands of developers share your journey.

💬 Online Communities

Community Platform Members Focus
r/webdev Reddit 2M+ Web development
r/programming Reddit 6M+ Programming
Dev.to Web 1M+ All dev topics
Hashnode Web 500k+ Dev blogging
Stack Overflow Web 20M+ Q&A
Discord: APIs Discord Various API dev
Postman Community Forum 500k+ API testing
GraphQL Community Discord 10k+ GraphQL
gRPC Community Gitter 5k+ gRPC
OWASP Slack Slack 5k+ API security

🗓️ Conferences & Events

Conference Focus Annual? Location
API World APIs/Microservices San Jose, CA
API Days API Industry Global
GraphQL Summit GraphQL Online/US
KubeCon Cloud Native Global
GopherCon Go APIs US
PyCon Python APIs Global
NodeConf Node.js US

📰 Newsletters

Newsletter Focus Frequency
API Changelog API updates Weekly
Nordic APIs Newsletter API industry Weekly
API Evangelist Newsletter API news Frequent
Bytes JavaScript Weekly
TLDR Tech news Daily
The Pragmatic Engineer Engineering Bi-weekly

💡 22 - Project Ideas

Build something real. The best learning is doing.

🟢 Beginner Projects

Project Description Skills Learned Est. Time
Weather Dashboard Fetch & display weather data REST, JSON parsing 1-2 days
Quote Generator Random quotes from public API HTTP requests, display 1 day
Currency Converter Real-time exchange rates API keys, caching 1-2 days
GitHub Profile Viewer Display GitHub user data REST, OAuth basics 2-3 days
Movie Search App Search movies via TMDB API keys, search 2-3 days
Pokedex Pokemon data display REST, pagination 2-3 days
News Aggregator Collect articles by topic Multiple APIs 3-4 days
URL Shortener Create short links API CRUD, databases 2-3 days

🟡 Intermediate Projects

Project Description Skills Learned Est. Time
REST Blog API Full CRUD blog backend REST, auth, DB 1-2 weeks
GraphQL Social Network User + post queries GraphQL, resolvers 2 weeks
File Upload Service Upload & retrieve files Multipart, S3 1 week
Notification System Push notifications via API Webhooks, WS 1-2 weeks
E-commerce API Products, orders, payments Stripe, auth, DB 2-3 weeks
Realtime Chat API WebSocket-based chat WebSockets, Redis 1-2 weeks
OAuth Provider Build your own OAuth OAuth 2.0, JWT 2-3 weeks
Rate-Limited API Implement rate limiting Redis, middleware 1 week

🔴 Advanced Projects

Project Description Skills Learned Est. Time
API Gateway Build custom gateway Routing, middleware 3-4 weeks
Microservices System Multi-service + gRPC gRPC, service mesh 4-6 weeks
API Marketplace Multi-tenant API platform Tenancy, billing 6-8 weeks
API Monitoring Tool Monitor multiple APIs Metrics, alerting 3-4 weeks
GraphQL Federation Federated graph Subgraphs, gateway 3-4 weeks
SDK Generator Generate client SDKs Codegen, OpenAPI 4-6 weeks
Contract Testing Platform Pact-like tool Contracts, CI/CD 4-6 weeks
API Analytics Engine Request/response analytics Data pipeline, viz 4-6 weeks

📊 Repository Stats

┌─────────────────────────────────────────────────────────────────┐
│                    📈 RESOURCE BREAKDOWN                        │
├─────────────────────────────────────────────────────────────────┤
│  🎓 Learning            ████████████░░░░░  70+  resources       │
│  🌐 REST APIs           ████████████████░  80+  resources       │
│  🔷 GraphQL             ██████████████░░░  75+  resources       │
│  🔐 Security            ████████████░░░░░  70+  resources       │
│  🧪 Testing             ████████████░░░░░  65+  resources       │
│  🧰 Tools               ████████████████░  80+  resources       │
│  ⚙️  gRPC               ███████████░░░░░░  55+  resources       │
│  🎨 API Design          ████████████░░░░░  65+  resources       │
│  ──────────────────────────────────────────────────────────     │
│  📦 TOTAL               ████████████████░ 1500+ resources       │
└─────────────────────────────────────────────────────────────────┘

🤝 Contributing

We welcome contributions from the community! Here's how:

Step Action
1️⃣ Fork this repository
2️⃣ Create a branch: git checkout -b feature/add-resource
3️⃣ Add your resource with description and category
4️⃣ Verify the link is active and relevant
5️⃣ Submit a Pull Request with a clear description

📏 Contribution Guidelines

  • ✅ Resources must be high quality and actively maintained
  • ✅ Include the correct category for your resource
  • ✅ Add a brief description of why it's valuable
  • No paid promotions or affiliate links
  • ✅ Duplicates will be declined

📄 License

MIT License — Free to use, share, and contribute.
© 2025 API-Developer-Resources Contributors

License: MIT

╔══════════════════════════════════════════════════════════════════════╗
║                                                                      ║
║   ██╗  ██╗ █████╗ ██████╗ ██████╗ ██╗   ██╗      ██╗  ██╗ █████╗  ║
║   ██║  ██║██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝      ██║  ██║██╔══██╗ ║
║   ███████║███████║██████╔╝██████╔╝ ╚████╔╝        ███████║███████║ ║
║   ██╔══██║██╔══██║██╔═══╝ ██╔═══╝   ╚██╔╝         ██╔══██║██╔══██║ ║
║   ██║  ██║██║  ██║██║     ██║        ██║    ██╗   ██║  ██║██║  ██║ ║
║   ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝        ╚═╝    ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝ ║
║                                                                      ║
║        ██╗  ██╗ █████╗  ██████╗██╗  ██╗██╗███╗  ██╗ ██████╗       ║
║        ██║  ██║██╔══██╗██╔════╝██║ ██╔╝██║████╗ ██║██╔════╝       ║
║        ███████║███████║██║     █████╔╝ ██║██╔██╗██║██║  ███╗      ║
║        ██╔══██║██╔══██║██║     ██╔═██╗ ██║██║╚████║██║   ██║      ║
║        ██║  ██║██║  ██║╚██████╗██║  ██╗██║██║ ╚███║╚██████╔╝      ║
║        ╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝╚═╝  ╚══╝ ╚═════╝       ║
║                                                                      ║
║           🌟 STAR THIS REPO IF IT HELPED YOU! 🌟                    ║
║                                                                      ║
╚══════════════════════════════════════════════════════════════════════╝

Built with ❤️ for the developer community

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." — Martin Fowler


Made with Markdown Maintained PRs Welcome Open Source Love

Last updated: 2026 · 1500+ resources · 22 categories · Community-curated