HTTP APIs
Problem Description
Applications frequently need access to data, processes, etc. An HTTP API can be an effective and familiar way to safely expose and share functionality to one or more clients.
Solution
There are many forms an HTTP API can take. This document deliberately avoids defining exactly what an HTTP API should look like.
However, as a guide, an Ebury HTTP API:
- SHOULD receive and send JSON bodies.
- SHOULD be well-designed, e.g. status codes, headers, methods, endpoints, body schema, etc.
- SHOULD be documented, ideally using a common specification, e.g. OpenAPI.
Alternatives
There are many ways to call a remote system. HTTP APIs are so common that it's an obvious option to allow at Ebury.
Security Impact
Any service providing remote access MUST be sufficiently secure by design, see Service-to-Service Authentication and Authorisation.
Based on RFC Template Version 1.1