Building an application today almost always involves communicating with a server. Whether you are building a mobile app or a microservice, understanding how APIs function is critical. Let’s dive into the 16 must-know concepts for system design and API development.
1. Architectural Styles: REST, GraphQL, & gRPC
These define how the client and server talk to each other.
- REST: The industry standard. It uses standard HTTP methods (GET, POST, PUT, DELETE) and treats everything as a “resource.”
- GraphQL: Instead of the server defining the response, the client asks for exactly what it needs. This prevents “over-fetching” (getting too much data).
- gRPC: Built by Google, it uses Protocol Buffers (binary data) instead of JSON. It’s incredibly fast and perfect for internal microservices.
Example: A REST GET Request
Kotlin (Using Retrofit):
Kotlin
interface ApiService {
@GET("users/{id}")
suspend fun getUser(@Path("id") userId: String): User
}
Dart (Using http):
Dart
Future<User> fetchUser(String userId) async {
final response = await http.get(Uri.parse('https://api.example.com/users/$userId'));
return User.fromJson(jsonDecode(response.body));
}
2. Managing Traffic: API Gateway, Rate Limiting, & Throttling
When your app grows, you need to manage the “flood” of traffic.
- API Gateway: A single entry point that sits in front of your services. it handles routing, authentication, and logging.
- Rate Limiting: Restricts how many requests a user can make in a specific timeframe (e.g., 100 requests per minute).
- Throttling: Similar to rate limiting, but usually used to slow down a user who is hogging resources to maintain system stability.
3. Reliability: Timeouts, Retries, & Idempotency
- Timeouts: Prevents a request from hanging forever. If the server doesn’t respond in say, 5 seconds, the client gives up.
- Idempotency: A fancy word for a simple concept: making the same request multiple times should have the same effect as making it once. (Crucial for payments!)
Example: Idempotency in a POST request
In a payment API, you often send a unique Idempotency-Key in the header. If the network drops and you retry, the server sees the key and knows not to charge the user twice.
4. Security: Authentication vs. Authorization
- Authentication: “Who are you?” (e.g., Logging in with a password or JWT).
- Authorization: “What are you allowed to do?” (e.g., An ‘Admin’ can delete users, but a ‘Guest’ cannot).
Dart (Adding a JWT Bearer Token):
Dart
var headers = {
'Authorization': 'Bearer $your_jwt_token',
'Content-Type': 'application/json',
};
5. Efficiency: Pagination, Caching, & JSON
- Pagination: Don’t load 10,000 items at once. Load page 1, then page 2.
- Caching Headers: Tells the browser/app: “Don’t ask me for this data again for 10 minutes; use what you already have.”
- JSON: The lightweight, human-readable format used to exchange data.
Kotlin (Pagination Logic):
Kotlin
// Requesting page 2 with 20 items per page
val response = apiService.getProducts(page = 2, size = 20)
6. Real-time & Evolution: Webhooks & Versioning
- Webhooks: Instead of the app asking “Is it done yet?” (Polling), the server “pushes” a notification to the app when something happens.
- Versioning: APIs change. By using
/v1/or/v2/in your URL, you ensure that old versions of your app don’t break when you update your server code. - HTTP Status Codes: The “language” of the response.
200 OK: Success.404 Not Found: The resource doesn’t exist.500 Internal Server Error: The server crashed.
Summary Table
| Concept | Purpose |
| gRPC | High-speed, binary communication between services. |
| Webhooks | Real-time “Push” notifications from server to client. |
| Idempotency | Ensuring safe retries without side effects. |
| Rate Limiting | Protecting your server from being overwhelmed. |
Leave a Reply