API Design Best Practices: RESTful dan GraphQL

API (Application Programming Interface) adalah contract antara client dan server. RESTful API menggunakan HTTP methods (GET, POST, PUT, DELETE) dengan resource-based URLs. REST principles: stateless (setiap request independent), cacheable, uniform interface, layered system. Best practices REST: gunakan nouns untuk endpoints (users, products bukan getUsers), proper HTTP status codes (200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500 Internal Server Error), versioning via URL (/api/v1/) atau headers, pagination untuk large datasets (limit, offset atau cursor-based), filtering/sorting/searching via query params, HATEOAS (include links ke related resources), dan comprehensive documentation (OpenAPI/Swagger). GraphQL adalah query language developed by Facebook, client specify exactly what data needed. Advantages: no over-fetching/under-fetching, single endpoint, strongly-typed schema, introspection. Schema defined dengan SDL (Schema Definition Language): types, queries, mutations, subscriptions. Tools: Apollo Server/Client, Relay, GraphQL Yoga. REST vs GraphQL: REST simpler, better caching, stateless; GraphQL flexible, efficient, real-time subscriptions. Security: authentication (JWT, OAuth2), authorization (role-based access), rate limiting, input validation, CORS configuration, HTTPS only, API keys untuk public APIs. Performance: response compression (gzip), CDN untuk static content, database query optimization, caching strategies (Redis, Memcached), async processing untuk heavy tasks. Monitoring: logging requests/responses, error tracking (Sentry), performance metrics (response times), API analytics. Documentation tools: Swagger/OpenAPI, Postman Collections, API Blueprint. Testing: unit tests, integration tests, contract testing, load testing dengan tools seperti JMeter atau K6. Modern alternatives: gRPC untuk microservices (binary protocol, faster), tRPC (end-to-end type-safe), REST hooks untuk webhooks. API-first development approach: design API before implementation, enables parallel frontend/backend development.