Best Practice: API Versioning for HTTP REST Interfaces
The following article has been contributed by our SUSE Customer Center team and edited by Kirill Pimenov.
We at the SUSE Customer Center (SCC) Team — and at SUSE in general — are providing more and more APIs with the wonderful HTTP REST approach. APIs evolve over time, often unexpectedly — so it makes sense to get into some API versioning best practices right from the day 0. We were asked to join Crowbar guys’ discussion to share our SCC experience with versioning APIs. This article is an attempt to formalize our solution and prepare it for a wider audience.
So, imagine you have different API consumers out of your area of control. Some of them definitely will lag behind the latest release. As a back-end server developer, you need to find a way to serve them all with the appropriate API versions.
You’ll have to invent some smart custom solution so you know which API to serve which client, right?
Use HTTP content type negotiation to expose versioning
But how does one use those
application/json to serve the cause?
Use versioned vnd content types
Well, there’s an HTTP RFC 6838 for custom vendor-specific MIME types. It reserves a whole “vendor tree”, with free-form entries looking like type/vnd.producer’s name followed by media type name [+suffix].
Crowbar’s protocol uses
application/json as an underlying data format, so the resulting MIME type will be
application/vnd.crowbar+json. Or, when we add a version number to that type (it was the original intention, wasn’t it?),
Who and when to register a vnd MIME type?
RFC states that “anyone who needs to interchange files associated with some product” can register such a new
vnd entry. Usage of unregistered
vnd types is not frowned upon in the community, so no need to hurry with your registration either. Settle the API, make sure that it works, release it to the public, and only then fill in the form.
So, we ask for
application/vnd.crowbar.v2+json from the second generation of Crowbar clients and that’s it, correct?
Use major.minor versioning scheme
From our experience with SCC-related tools, APIs grow frequently and experience breaking changes infrequently. So we want to add some backwards-compatibility indication to our API versions, as semantic versioning did with software release versions.
Our custom MIME types now look like
application/vnd.crowbar.v2.3+json, and exposes a couple of important properties:
Minor versions are backwards-compatible, update them on every change
A single server handler (running the latest version) can handle all previous minor versions. Your
1.7 server provides every endpoint your
1.3 client ever wants to see. The client’s requests provide enough data and context for server’s handlers. And the server’s responses can have some extra JSON fields — ignore those. Everything is backwards-compatible, YAY!
Major version change indicate breaking change
Every major change requires a separate server handler. Your endpoint now requires some additional data from client — increase the major version. You’ve removed some URLs from API — increase the major version. You’ve finally implemented HTTP status codes for errors, instead of response headers — you know what to do. (Why didn’t you do that from the beginning, by the way?!)
Sometimes it might even be a good idea to branch your code base for a new major API version. Then you can run two separate server instances with two different API versions. Your can route client requests to the right back-end server basing on the
Accept header contents. There’s a basic example of such routing for nginx at the bottom of this article.
Content type negotiation can help with older servers
Imagine you have some not very up-to-date server, which supports API versions
1.3 is in “maintenance mode” and hasn’t been updated for a long time.
2.x branch evolves rapidly, so your shiny brand-new client requires at least
2.4 to get data right.
With properly implemented content type negotiation on both sides, your client will send
Accept: application/vnd.foobar.v2.4+json, application/vnd.foobar.v1.3+json; q=0.1 to the server. The server will be able to serve only the less prioritized API, so the answer will be with
Content-Type: application/vnd.crowbar.v1.3+json. And that’s it! Your API versioning scheme just provided you some (weak) forward-compatibility guarantees in addition to (strong) backward-compatibility ones.
Respond with the (explicitly stated) latest version to “whatever version” requests
Sometimes your clients don’t care about API versions. Maybe they are writing curl commands in their command-line interface. Maybe they’re toying with API in some fancy GUI. Maybe it’s some unimportant code, and breaking the integration won’t cause any tears.
This is not a problem. Just route to the most recent version of API, process the request and state your current API version in the
The main trick here is to specify your version even in case of request failures. Then your client can spot the version change in the reply of the API call which “… was working OK just before now. Well, maybe a week ago. Or two…” Also this will make API version probing trivial: just GET any URL and look at the content-type in the response.
- Be a good webizen, use HTTP built-in content type negotiations for your API versioning
- Create a custom MIME type from vnd tree
- Bump version in your server-side code on every tiniest change
- Indicate version in your responses, especially in error cases
- Being able to handle (and negotiate!) different major versions in parallel is not always easy, but sometimes quite helpful
Bonus: Example of nginx configuration for vnd-dependent routing
You might want to keep your incompatible major versions in different application instances. Then you can route your incoming requests to the right backend (with nginx):