REST standards

[prayagupa]

1- always respond 4XX on validation failure

400 example,

curl -v --request GET https://api.github.com/search/repositories
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 192.30.255.117...
* TCP_NODELAY set
* Connected to api.github.com (192.30.255.117) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.git.luolix.top
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /search/repositories HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 422 Unprocessable Entity
< Date: Sat, 21 Apr 2018 06:19:45 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 205
< Server: github.com
< Status: 422 Unprocessable Entity
< X-RateLimit-Limit: 10
< X-RateLimit-Remaining: 8
< X-RateLimit-Reset: 1524291605
< Cache-Control: no-cache
< X-GitHub-Media-Type: github.v3; format=json
< Access-Control-Expose-Headers: ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Content-Security-Policy: default-src 'none'
< X-Runtime-rack: 0.007567
< X-GitHub-Request-Id: C47F:623A:3BBBC21:4321413:5ADAD801
< 
{
  "message": "Validation Failed",
  "errors": [
    {
      "resource": "Search",
      "field": "q",
      "code": "missing"
    }
  ],
  "documentation_url": "https://developer.github.com/v3/search"
}
* Connection #0 to host api.github.com left intact

vs 200 example,

curl -v --request GET "https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=1500&type=restaurant&keyword=cruise&key=YOUR_API_KEY"
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 2607:f8b0:400a:800::200a...
* TCP_NODELAY set
* Connected to maps.googleapis.com (2607:f8b0:400a:800::200a) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G3
* Server certificate: GlobalSign
> GET /maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=1500&type=restaurant&keyword=cruise&key=YOUR_API_KEY HTTP/1.1
> Host: maps.googleapis.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Date: Sun, 22 Apr 2018 07:17:20 GMT
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Cache-Control: no-cache, must-revalidate
< Server: scaffolding on HTTPServer2
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
< Accept-Ranges: none
< Vary: Accept-Language,Accept-Encoding
< Transfer-Encoding: chunked
< 
{
   "error_message" : "The provided API key is invalid.",
   "html_attributions" : [],
   "results" : [],
   "status" : "REQUEST_DENIED"
}
* Connection #0 to host maps.googleapis.com left intact

[prayagupa]

https://reflectoring.io/upstream-downstream/

client -> API A -> API B
                    -> API C  -> API C1

downstream -> API A
upstream -> API B, API C