Hi Community,
I am working on API design for a customer but we seem to got stuck on versioning.
So far we have concentrated on the following options - note that I am not intending to document every single pros and cons here:
Version in URL:
https://api.company.com/v2/collection/id
Pros:
Cons:
Accept header (vendor extensions):
Accept: application/vnd.company.v2+json
Pros:
Cons:
Custom header:
X-API-Version: v2
Pros:
Cons:
Item 2 overrides the meaning of the Accept header to include representation (media type/range) and behavioral versioning. Contrary to that, Item 3 introduces a whole new custom header.
I am interested to hear which option community is leaning towards. Which option are you using to version your APIs?
Cheers
A couple of minor points:
I am becoming more and more fond of versioning in the domain when it affects behaviour - your HTTP resources locations are the same regardless of the domain, therefore looking up https://v1.api.example.com/abc/def/ghi and getting a resource back which points to '/jkl/mno' allows you to look up https://v1.api.example.com/jkl/mno now but also address the same resource later at https://v2.api.example.com/jkl/mno. The SSL overhead is slightly higher but wildcard certificates would deal with that for you.
This solution makes it easy to see/manage/update and still browser compatible without it polluting the resource location itself.
Thanks Mat.
The point about "mandatory versioning" is that URL is the only place that implicitly asserts this. Headers and query parameters are not mandatory - apart from the Host header in HTTP/1.1 but even that isn't mandatory for 1.0. So by default headers and query parameters communicate "optional" to application developers. We would need to document a header/query param being mandatory in API documentation explicitly. On the other hand you can't make a request to the correct API/resource at all if URL is wrong. We can explicitly validate existing of headers/query params of course (as you mentioned) by rejecting it with 400.
Your comment about domains is very cool and we have customers opting for that option. SAN certificates are great for this for TLS. I just don't know how to apply this in microservices where each micro is versioned independently. Perhaps we would need to create a subdomain per each?
Ozan Seymen I read this book from Apigee few days back which has some tips on API versioning .
https://pages.apigee.com/ebook-web-api-design-registration.html
It talks about the 3 approaches you mentioned and few other examples like how twilio , facebook etc designed their APIs too.
Not to side-track this too much, but an important consideration is also whether to version all APIs or version domains of APIs (e.g., /v1/orders or /v1/customers). That's a question for a whole other post with pros/cons for each, but just bringing it up for your consideration.
Another good discussion if you should version or not. https://community.apigee.com/questions/21913/is-rest-apis-versioning-necessary.html
2 years ago i gave a presentation Slides about one of the ways we have done versioning
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |