This project is for me to test different techniques to use when building an API, to make it more robust and easier to support.
- Secure key management
- Endpoint versioning
- Enforce HTTPS/TLS
- Authentication
- Authorization
Request size limitsAdd CorrelationID to requests, visible downstream, for request/response/error logging- Rate-limiting (to prevent DDoS)
- Logging requests, responses, and exceptions
- Prevent logging sensitive data
- Thorough request data validation and cleansing, with clear error responses
- Error-handling, with clear error responses
Monitoring the service (including having a heartbeat endpoint)- Sending out alerts
- Deployment/installation
- Replaying requests
- Maxing out performance
- Caching
- Scaling
- Containerization
- Load-balancing