Most active commenters
  • JimDabell(5)
  • pixl97(4)
  • andix(3)

←back to thread

Everything I know about good API design

(www.seangoedecke.com)
428 points ahamez | 37 comments | 24 Aug 25 19:10 UTC | HN request time: 1.815s | source | bottom
1. pixl97 ◴[24 Aug 25 21:54 UTC] No.45008158[source]
While the author doesn't seem to like version based APIs very much, I always recommend baking them in from the very start of your application.

You cannot predict the future and chances are there will be some breaking change forced upon you by someone or something out of your control.

replies(7): >>45008436 #>>45008763 #>>45009169 #>>45009423 #>>45009623 #>>45010511 #>>45010673 #
2. claw-el ◴[24 Aug 25 22:36 UTC] No.45008436[source]
If there is a breaking change forced upon in the future, can’t we use a different name for the function?
replies(7): >>45008467 #>>45008545 #>>45008580 #>>45008683 #>>45009012 #>>45009205 #>>45009223 #
3. ◴[24 Aug 25 22:41 UTC] No.45008467[source]
4. soulofmischief ◴[24 Aug 25 22:55 UTC] No.45008545[source]
A versioned API allows for you to ensure a given version has one way to do things and not 5, 4 of which are no longer supported but can't be removed. You can drop old weight without messing up legacy systems.
5. CharlesW ◴[24 Aug 25 23:01 UTC] No.45008580[source]
You could, but it just radically increases complexity in comparison to "version" knob in a URI, media type, or header.
6. Bjartr ◴[24 Aug 25 23:14 UTC] No.45008683[source]
See the many "Ex" variations of many functions in the Win32 API for examples of exactly that!
7. andix ◴[24 Aug 25 23:31 UTC] No.45008763[source]
I don't see any harm in adding versioning later. Let's say your api is /api/posts, then the next version is simply /api/v2/posts.
replies(1): >>45008980 #
8. choult ◴[25 Aug 25 00:07 UTC] No.45008980[source]
It's a problem downstream. Integrators weren't forced to include a version number for v1, so the rework overhead to use v2 will be higher than if it was present in your scheme to begin.
replies(2): >>45009191 #>>45013434 #
9. jahewson ◴[25 Aug 25 00:13 UTC] No.45009012[source]
/api/postsFinalFinalV2Copy1-2025(1)ExtraFixed
10. paulhodge ◴[25 Aug 25 00:47 UTC] No.45009169[source]
I have to agree with the author about not adding "v1" since it's rarely useful.

What actually happens as the API grows-

First, the team extends the existing endpoints as much as possible, adding new fields/options without breaking compatibility.

Then, once they need to have backwards-incompatible operations, it's more likely that they will also want to revisit the endpoint naming too, so they'll just create new endpoints with new names. (instead of naming anything "v2").

Then, if the entire API needs to be reworked, it's more likely that the team will just decide to deprecate the entire service/API, and then launch a new and better service with a different name to replace it.

So in the end, it's really rare that any endpoints ever have "/v2" in the name. I've been in the industry 25 years and only once have I seen a service that had a "/v2" to go with its "/v1".

replies(2): >>45009270 #>>45010497 #
11. pixl97 ◴[25 Aug 25 00:51 UTC] No.45009191{3}[source]
This here, it's way easier to grep a file for /v1/ and show all the api endpoints then ensure you haven't missed something.
replies(2): >>45010335 #>>45013456 #
12. pixl97 ◴[25 Aug 25 00:55 UTC] No.45009205[source]
Discoverability.

/v1/downloadFile

/v2/downloadFile

Is much easier to check for a v3 then

/api/downloadFile

/api/downloadFileOver2gb

/api/downloadSignedFile

Etc. Etc.

replies(2): >>45009539 #>>45009597 #
13. ks2048 ◴[25 Aug 25 00:58 UTC] No.45009223[source]
If you only break one or two functions, it seems ok. But, some change in a core data type could break everything, so adding a prefix "/v2/" would probably be cleaner.
14. ks2048 ◴[25 Aug 25 01:09 UTC] No.45009270[source]
> So in the end, it's really rare that any endpoints ever have "/v2" in the name.

This is an interesting empirical question - take the 100 most used HTTP APIs and see what they do for backward-incompatible changes and see what versions are available. Maybe an LLM could figure this out.

I've been just using the Dropbox API and it is, sure enough, on "v2". (although they save you a character in the URL by prefixing "/2/").

Interesting to see some of the choices in v1->v2,

https://www.dropbox.com/developers/reference/migration-guide

They use a spec language they developed called stone (https://github.com/dropbox/stone).

15. gitremote ◴[25 Aug 25 01:42 UTC] No.45009423[source]
I don't think the author meant they don't include /v1 in the endpoint in the beginning. The point is that you should do everything to avoid having a /v2, because you would have to maintain two versions for every bug fix, which means making the same code change in two places or having extra conditional logic multiplied against any existing or new conditional logic. The code bases that support multiple versions look like spaghetti code, and it usually means that /v1 was not designed with future compatibility in mind.
replies(1): >>45026641 #
16. echelon ◴[25 Aug 25 02:04 UTC] No.45009539{3}[source]
I have only twice seen a service ever make a /v2.

It's typically to declare bankruptcy on the entirety of /v1 and force eventual migration of everyone onto /v2 (if that's even possible).

replies(2): >>45009627 #>>45009660 #
17. claw-el ◴[25 Aug 25 02:18 UTC] No.45009597{3}[source]
Isn’t having the name (e.g. Over2gb) easier to understand than just saying v2? This is in the situation where there is breaking changes forced upon v1/downloadFile.
18. pbreit ◴[25 Aug 25 02:26 UTC] No.45009623[source]
Disagree. Baking versioning in from the start means they will much more likely be used, which is a bad thing.
19. pixl97 ◴[25 Aug 25 02:27 UTC] No.45009627{4}[source]
I work for a company that has an older api so it's defined in the header, but we're up to v6 at this point. Very useful for changes that have happened over the years.
20. bigger_cheese ◴[25 Aug 25 02:35 UTC] No.45009660{4}[source]
A lot of the Unix/Linux Syscall api has a version 2+

For example dup(), dup2(), dup3() and pipe(), pipe2() etc

LWN has an article: https://lwn.net/Articles/585415/

It talks about avoiding this by designing future APIs using a flags bitmask to allow API to be extended in future.

21. cmcconomy ◴[25 Aug 25 04:53 UTC] No.45010335{4}[source]
grep for /* and omit /v2 ?
22. grodriguez100 ◴[25 Aug 25 05:24 UTC] No.45010497[source]
The author does not say that you “should not add v1”. They say that versioning is how you change your API responsibly (so, endorsing versioning), but that you should only do it as a last resort.

So you would add “v1”, to be able to easily bump to v2 later if needed, and do your best to avoid bumping to v2 if at all possible.

23. grodriguez100 ◴[25 Aug 25 05:26 UTC] No.45010511[source]
I would say the author recommends the same actually: they say that versioning is “how you change your API responsibly” (so, endorsing versioning), but that you should only switch to a new version as a last resort.
24. JimDabell ◴[25 Aug 25 05:58 UTC] No.45010673[source]
> While the author doesn't seem to like version based APIs very much, I always recommend baking them in from the very start of your application.

You don’t really need to do that for REST APIs. If clients request application/vnd.foobar then you can always add application/vnd.foo.bar;version=2 later without planning this in advance.

replies(4): >>45011079 #>>45011820 #>>45018380 #>>45018873 #
25. 946789987649 ◴[25 Aug 25 07:01 UTC] No.45011079[source]
If you use something like an OpenAPI generator and want to have different DTOs in your version 2, then you cannot do what you suggested.
replies(2): >>45011742 #>>45024298 #
26. JimDabell ◴[25 Aug 25 08:53 UTC] No.45011742{3}[source]
You can specify multiple media types in OpenAPI.
27. lazyasciiart ◴[25 Aug 25 09:04 UTC] No.45011820[source]
Most REST APIs don’t support that. So you don’t need versioning for APIs that already have a request type specified.
replies(1): >>45012267 #
28. JimDabell ◴[25 Aug 25 10:14 UTC] No.45012267{3}[source]
I’m not sure what you mean in the context of a discussion about how to design APIs. If you are the one designing an API, it’s up to you what you support.
replies(1): >>45029814 #
29. andix ◴[25 Aug 25 13:08 UTC] No.45013434{3}[source]
Switching to an incompatible/breaking API requires some rework anyway. The consumer of an API usually doesn't support multiple versions in parallel.
30. andix ◴[25 Aug 25 13:10 UTC] No.45013456{4}[source]
Edit:

^/api(/(?!v[0-9]).)?$ is v1

^/api/v2(/.)?$ is v2

It's really not an issue in any case, it just itches your brain, because is not as neat as you would like it to be.

31. 9dev ◴[25 Aug 25 20:07 UTC] No.45018380[source]
Actually, there’s nothing stopping you from using a custom "Version: 2" Header in requests and responses
32. spixy ◴[25 Aug 25 20:54 UTC] No.45018873[source]
The problem is with parameters (or headers) you are still stuck with same API schema (you cannot rename it, etc).

But thanks to versions, in my job we renamed old APIs like /v1/oauthApple and /v1/oauthGoogle to /v2/login/oauth/apple and /v2/login/oauth/google, looks so much better.

replies(1): >>45020792 #
33. JimDabell ◴[26 Aug 25 00:19 UTC] No.45020792{3}[source]
> The problem is with parameters (or headers) you are still stuck with same API schema (you cannot rename it, etc).

That doesn’t make sense. The whole point of creating a new version is to change the schema. And what do you mean “rename it”?

> But thanks to versions, in my job we renamed old APIs like /v1/oauthApple and /v1/oauthGoogle to /v2/login/oauth/apple and /v2/login/oauth/google, looks so much better.

Wait, by schema do you mean URL structure?

You’re looking at this backwards. The benefit of using headers is that you can keep the same URL. In a REST API, the URL is the primary key. If Client A holds a copy of /v1/foo/1 and Client B holds a copy of /v2/foo/1 then as far as HTTP and REST are concerned, those are two different resources and the clients cannot interoperate. If Client A holds a copy of /foo/1 in application/vnd.foo;version=1 format and Client B holds a copy of /foo/1 in application/vnd.foo;version=2 format, then those clients have the same resource and can interoperate.

But if you want to change your URL structure, you can do that too. There’s nothing stopping you from moving /oauthApple to /oauth/apple, you don’t even need a new version to do that – just change the link.

34. jamietanna ◴[26 Aug 25 09:40 UTC] No.45024298{3}[source]
I've been using OpenAPI for years with multiple versioning types (header based, content negotiation + media type based) and haven't had issues across Java, Typescript or Go with generating the right code for it
35. account42 ◴[26 Aug 25 13:56 UTC] No.45026641[source]
If you really care about maintaining v1 long-term you'd re-implement it as a small shim above v2.
36. lazyasciiart ◴[26 Aug 25 17:41 UTC] No.45029814{4}[source]
We call that baking them in from the very start of your application, which is what you claimed this didn’t need.
replies(1): >>45061456 #
37. JimDabell ◴[29 Aug 25 08:05 UTC] No.45061456{5}[source]
You don’t need to bake it in from the start.