1. Fundamentals of Web & APIs
- What is an API?
- HTTP basics (methods, headers, status codes)
- REST principles (Representational State Transfer)
- Difference between REST, SOAP, and GraphQL
2. HTTP Methods & Status Codes
- GET, POST, PUT, PATCH, DELETE
- Idempotent vs Non-idempotent methods
- Common status codes (200, 201, 400, 401, 403, 404, 500, etc.)
3. API Resource Design
- Resource naming conventions (nouns, not verbs)
- Plural vs singular resource names
- Nested resources and relationships
- Query parameters vs path parameters
4. Request & Response Structure
- JSON format and best practices
- Consistent response structure (data, errors, metadata)
- Pagination (limit, offset, cursor-based)
- Filtering, sorting, searching
5. Authentication & Authorization
- API keys
- Basic Auth & Digest Auth
- OAuth 2.0 & OpenID Connect
- JWT (JSON Web Tokens)
- Role-based & permission-based access
6. Validation & Error Handling
- Input validation (body, query, headers)
- Meaningful error responses (error codes, messages)
- Standard error format (problem+json, RFC 7807)
7. Security Best Practices
- HTTPS everywhere
- CORS (Cross-Origin Resource Sharing)
- Rate limiting & throttling
- Avoiding common vulnerabilities (SQL injection, XSS, CSRF)
- API Gateway usage
8. API Versioning & Lifecycle
- URI versioning (/v1, /v2)
- Header-based versioning
- Deprecation strategies
- Backward compatibility
9. Documentation & Discoverability
- OpenAPI/Swagger specification
- API Blueprint, RAML
- Postman collections
- Self-descriptive messages and HATEOAS (optional in REST)
10. Testing & Monitoring
- Unit testing for endpoints
- Integration testing
- Postman / Newman testing
- API monitoring & logging
- Error tracking (Sentry, ELK stack)
- Caching strategies (ETag, Last-Modified, Cache-Control)
- Rate limiting & quotas
- Async processing & webhooks