#100 | MUST follow API first principle | :grey_exclamation: | :grey_exclamation: | B |
#101 | MUST provide API specification using OpenAPI | :grey_exclamation: | :grey_exclamation: | A |
#102 | SHOULD provide API user manual | - | - | C |
#103 | MUST write APIs using U.S. English | :grey_exclamation: | :grey_exclamation: | A |
#104 | MUST secure endpoints with OAuth 2.0 | - | - | B |
#105 | MUST define and assign permissions (scopes) | - | - | B |
#106 | MUST not break backward compatibility | - | - | B |
#107 | SHOULD prefer compatible extensions | :grey_exclamation: | :grey_exclamation: | - |
#108 | MUST prepare clients accept compatible API extensions | :grey_exclamation: | :grey_exclamation: | C |
#109 | SHOULD design APIs conservatively | :grey_exclamation: | :grey_exclamation: | - |
#110 | MUST always return JSON objects as top-level data structures | :heavy_check_mark: | :heavy_check_mark: | A |
#111 | MUST treat Open API specification as open for extension by default | :grey_exclamation: | :grey_exclamation: | - |
#112 | SHOULD used open-ended list of values (x-extensible-enum ) for enumerations | :heavy_check_mark: | :heavy_check_mark: | - | - |
#113 | SHOULD avoid versioning | :grey_exclamation: | :grey_exclamation: | B |
#114 | MUST use media type versioning | :grey_exclamation: | :grey_exclamation: | - |
#115 | MUST not use URI versioning | :heavy_check_mark: | - | A |
#115a | CAN use correct URI versioning: ^((?!.*\/v\d+(\/.*)?\/v\d+)\/.*)$ | - | :heavy_check_mark: | A |
#116 | MUST use semantic versioning | :heavy_check_mark: | :heavy_check_mark: | B |
#118 | MUST property names must be ASCII snakecase (and never camelCase): `^[a-z][a-z_0-9]*$` | :heavy_check_mark: | - | A |
#118a | MUST property names must be ASCII camelCase: ^[a-z]+((\d)([A-Z0-9][a-z0-9]+))*([A-Z])?$ | - | :heavy_check_mark: | A |
#120 | SHOULD pluralize array names | - | - | B |
#122 | MUST not use null for boolean properties | :grey_exclamation: | :grey_exclamation: | - |
#123 | MUST use same semantics for null and absent properties | :grey_exclamation: | :grey_exclamation: | - |
#124 | SHOULD not use null for empty arrays | :grey_exclamation: | :grey_exclamation: | - |
#125 | SHOULD represent enumerations as strings | - | - | ? |
#126 | SHOULD define dates properties compliant with RFC 3339 | - | - | ? |
#127 | SHOULD define time durations and intervals properties conform to ISO 8601 | :grey_exclamation: | :grey_exclamation: | - |
#128 | SHOULD use standards for country, language and currency codes | - | - | ? |
#129 | MUST use lowercase separate words with hyphens for path segments | :heavy_check_mark: | :heavy_check_mark: | A |
#130 | MUST use snake_case (never camelCase) for query parameters | :heavy_check_mark: | - | B |
#130a | MUST use camelCase (never snake_case) for query parameters | - | :heavy_check_mark: | B |
#132 | SHOULD prefer hyphenated-pascal-case for HTTP header fields | :heavy_check_mark: | :heavy_check_mark: | B |
#133 | MAY use standardized headers | - | - | - |
#134 | MUST pluralize resource names | - | - | A |
#135 | SHOULD not use /api as base path | :heavy_check_mark: | :heavy_check_mark: | A |
#136 | MUST use normalized paths without empty path segments and trailing slashes | :heavy_check_mark: | :heavy_check_mark: | B |
#137 | MUST stick to conventional query parameters | :grey_exclamation: | :grey_exclamation: | - |
#138 | MUST avoid actions — think about resources | :grey_exclamation: | :grey_exclamation: | A |
#139 | SHOULD model complete business processes | :grey_exclamation: | :grey_exclamation: | - |
#140 | SHOULD define useful resources | :grey_exclamation: | :grey_exclamation: | - |
#141 | MUST keep URLs verb-free | :grey_exclamation: | :grey_exclamation: | A |
#142 | MUST use domain-specific resource names | :grey_exclamation: | :grey_exclamation: | - |
#143 | MUST identify resources and sub-resources via path segments | - | - | - |
#144 | SHOULD only use UUIDs if necessary | :grey_exclamation: | :grey_exclamation: | - |
#145 | MAY consider using (non-)nested URLs | :grey_exclamation: | :grey_exclamation: | - |
#146 | SHOULD limit number of resource types | :heavy_check_mark: | :heavy_check_mark: | B |
#147 | SHOULD limit number of sub-resource levels | :heavy_check_mark: | :heavy_check_mark: | B |
#148 | MUST use HTTP methods correctly | :grey_exclamation: | :grey_exclamation: | A |
#149 | MUST fulfill common method properties | :grey_exclamation: | :grey_exclamation: | - |
#150 | MUST use standard HTTP status codes | :heavy_check_mark: | | - |
#150a | MUST use additional standard HTTP status codes | - | :heavy_check_mark: | - |
#151 | MUST specify success and error responses | :heavy_check_mark: | :heavy_check_mark: | B |
#152 | MUST use code 207 for batch or bulk requests | :grey_exclamation: | :grey_exclamation: | C |
#153 | MUST use code 429 with headers for rate limits | :grey_exclamation: | :grey_exclamation: | C |
#154 | MUST define collection format of header and query parameters | :grey_exclamation: | :grey_exclamation: | - |
#155 | SHOULD reduce bandwidth needs and improve responsiveness | :grey_exclamation: | :grey_exclamation: | - |
#156 | SHOULD use gzip compression | :grey_exclamation: | :grey_exclamation: | - |
#157 | SHOULD support partial responses via filtering | :grey_exclamation: | :grey_exclamation: | - |
#158 | SHOULD allow optional embedding of sub-resources | :grey_exclamation: | :grey_exclamation: | - |
#159 | MUST support pagination | - | - | - |
#160 | SHOULD prefer cursor-based pagination, avoid offset-based pagination | - | - | - |
#161 | SHOULD use pagination links where applicable | - | - | - |
#162 | MUST use REST maturity level 2 | - | - | - |
#163 | MAY use REST maturity level 3 - HATEOAS | - | - | - |
#164 | MUST use common hypertext controls | - | - | - |
#165 | SHOULD use simple hypertext controls for pagination and self-references | - | - | - |
#166 | MUST not use link headers with JSON entities | - | - | - |
#167 | MUST use JSON to encode structured data | - | - | - |
#168 | MAY use non JSON media types for binary data or alternative content representations | :grey_exclamation: | :grey_exclamation: | - |
#169 | MUST use standard date and time formats | :grey_exclamation: | :grey_exclamation: | A |
#170 | SHOULD use standards for country, language and currency codes | - | - | B |
#171 | MUST define format for number and integer types | :heavy_check_mark: | - | - |
#172 | SHOULD prefer standard media type name application/json | :heavy_check_mark: | :heavy_check_mark: | B |
#173 | MUST use the common money object | :grey_exclamation: | :grey_exclamation: | - |
#174 | MUST use common field names and semantics | :grey_exclamation: | :grey_exclamation: | - |
#176 | MUST support problem JSON | :heavy_check_mark: | :heavy_check_mark: | - |
#177 | MUST not expose stack traces | :grey_exclamation: | :grey_exclamation: | - |
#178 | MUST use Content-* headers correctly | :grey_exclamation: | :grey_exclamation: | - |
#179 | MAY use Content-Location header | :grey_exclamation: | :grey_exclamation: | - |
#180 | SHOULD use Location header instead of Content-Location header | - | - | - |
#181 | MAY consider to support Prefer header to handle processing preferences | :grey_exclamation: | :grey_exclamation: | - |
#182 | MAY consider to support ETag together with If-Match /If-None-Match header | :grey_exclamation: | :grey_exclamation: | - |
#183 | SHOULD use only the specified proprietary Zalando headers | - | - | - |
#184 | MUST propagate proprietary headers | - | - | - |
#185 | MUST obtain approval of clients before API shut down | :grey_exclamation: | :grey_exclamation: | - |
#186 | MUST collect external partner consent on deprecation time span | :grey_exclamation: | :grey_exclamation: | - |
#187 | MUST reflect deprecation in API specifications | :grey_exclamation: | :grey_exclamation: | - |
#188 | MUST monitor usage of deprecated API scheduled for sunset | :grey_exclamation: | :grey_exclamation: | - |
#189 | SHOULD add Deprecation and Sunset header to responses | :grey_exclamation: | :grey_exclamation: | - |
#190 | SHOULD add monitoring for Deprecation and Sunset header | :grey_exclamation: | :grey_exclamation: | - |
#191 | MUST not start using deprecated APIs | :grey_exclamation: | :grey_exclamation: | B |
#192 | MUST publish Open API specification | :grey_exclamation: | :grey_exclamation: | A |
#193 | SHOULD monitor API usage | :grey_exclamation: | :grey_exclamation: | - |
#194 | MUST treat events as part of the service interface | - | - | - |
#195 | MUST make event schema available for review | - | - | - |
#196 | MUST ensure event schema conforms to Open API schema object | - | - | - |
#197 | MUST ensure that events are registered as event types | - | - | - |
#198 | MUST ensure that events conform to a well-known event category | - | - | - |
#199 | MUST ensure that events define useful business resources | - | - | - |
#200 | MUST ensure that events do not provide sensitive data | - | - | - |
#201 | MUST use the general event category to signal steps and arrival points in business processes | - | - | - |
#202 | MUST use data change events to signal mutations | - | - | - |
#203 | SHOULD provide means for explicit event ordering | - | - | - |
#204 | SHOULD use the hash partition strategy for data change events | - | - | - |
#205 | SHOULD ensure that data change events match the APIs resources | - | - | - |
#207 | MUST indicate ownership of event types | - | - | - |
#208 | MUST define event payloads compliant with overall API guidelines | - | - | - |
#209 | MUST maintain backwards compatibility for events | - | - | - |
#210 | SHOULD avoid additionalProperties in event type definitions | - | - | - |
#211 | MUST use unique event identifiers | - | - | - |
#212 | SHOULD design for idempotent out-of-order processing | - | - | - |
#213 | MUST follow naming convention for event type names | - | - | - |
#214 | MUST prepare event consumers for duplicate events | - | - | - |
#215 | MUST provide API identifiers | :heavy_check_mark: | :heavy_check_mark: | - | - |
#216 | SHOULD define maps using additionalProperties | - | - | - |
#217 | MUST use full, absolute URI | - | - | - |
#218 | MUST contain API meta information | :heavy_check_mark: | :heavy_check_mark: | - | - |
#219 | MUST provide API audience | :heavy_check_mark: | - | - | - |
#219a | MUST provide baloise API audience | - | :heavy_check_mark: | - | - |
#220 | MUST use most specific HTTP status codes | :grey_exclamation: | :grey_exclamation: | - |
#223 | MUST-SHOULD use functional naming schema | :grey_exclamation: | :grey_exclamation: | - |
#224 | MUST follow naming convention for hostnames | :grey_exclamation: | :grey_exclamation: | - |
#225 | MUST follow naming convention for permissions (scopes) | :grey_exclamation: | :grey_exclamation: | - |
#226 | MUST document implicit filtering | :grey_exclamation: | :grey_exclamation: | - |
#227 | MUST document cachable GET , HEAD , and POST endpoints | :grey_exclamation: | :grey_exclamation: | - |
#228 | MUST use URL-friendly resource identifiers: [a-zA-Z0-9:._-/]* | :grey_exclamation: | :grey_exclamation: | A |
#229 | SHOULD consider to design POST and PATCH idempotent | :grey_exclamation: | :grey_exclamation: | - |
#230 | MAY consider to support Idempotency-Key header | :grey_exclamation: | :grey_exclamation: | - |
#231 | Should use secondary key for idempotent POST design | :grey_exclamation: | :grey_exclamation: | - |
#233a | MUST request must use b3 tracing headers | - | :heavy_check_mark: | - |
#234 | MUST only use durable and immutable remote references | :grey_exclamation: | :grey_exclamation: | - |
#235 | SHOULD name date/time properties with _at suffix | - | - | - |
#236 | SHOULD design simple query languages using query parameters | :grey_exclamation: | :grey_exclamation: | - |
#237 | SHOULD design complex query languages using JSON | :grey_exclamation: | :grey_exclamation: | - |
#238 | SHOULD use standardized property formats | :grey_exclamation: | :grey_exclamation: | - |
#239 | SHOULD encode embedded binary data in base64url | :grey_exclamation: | :grey_exclamation: | - |
#240 | SHOULD declare enum values using UPPER_SNAKE_CASE format | :heavy_check_mark: | :heavy_check_mark: | - | - |
#241 | MAY expose compound keys as resource identifiers | :grey_exclamation: | :grey_exclamation: | - |