Here are a few tips on building APIs for your web or mobile apps.
For those who are wondering what is an API or what APIs are, it is simply "APPLICATION PROGRAMMING INTERFACE" OR "APPLICATION PROGRAMMING INTERFACEs".
Basically an API is built to handle backend activities for your apps. Example: I want to build a messaging app like WhatsApp, the nicest approach to use is build an API that handles text processing, security checks, data storage and any other logic that is independent of the frontend, device(s) that would view the app. This way I can easily make several versions of the app. I can make a native desktop version, mobile version and even web version. But ultimately they all will use a central processing system that handles all the processing as stated above.
Now to the meat of this discuss.
Ensure your API is properly modularized, that is, break every aspect of the API into bits. Example: Let text processing be handled separately from data storage. Let security checks be separate from message routing and transmission. Let each function be loosely dependent on the other functions.
Always check incoming data and outgoing data to reduce the chances of malicious activities and data format errors.
Reduce the number times you pick data from URLs (query strings), this will also drop the chances of attack and malicious activities on your API.
Finally, never forget data encryption. There are tonnes of pre-built data encryption modules for download and easy to implement. But best practice would be to build your own data encryption module to make it more difficult for attackers to break. The open-source encryption modules usually comes with a documentation and anyone interested would simply read up the documentation which gives the person a head-start on how to cripple your system. Also some open-source/free cryptography modules out there have backdoors that leak data to the owners without your permission.
I hope this helps.
I am always Jay the GREAT 🙂
Your NODEjs Ninja