MyAppAPI

Last reviewed on 4 May 2026.

A reference and guide site on web APIs — REST, GraphQL, WebSockets, security, and the operational practice of running APIs in production. Written for developers who need a concrete answer first and the explanation underneath.

Where to start

If you're new here, three doors in:

You want to understand the basics. Start with How HTTP APIs Work — what's actually happening when your client sends a request, and why HTTP looks the way it does.
You're designing an API. Start with REST API Design for the default style; cross-check with GraphQL and WebSockets for cases where REST doesn't fit.
You're integrating against one. Start with the integration guide — clients, retries, observability, and the patterns that distinguish a robust integration from a fragile one.

Reference pillars

Working references on the core surfaces of web APIs.

REST

Resources, methods, status codes, idempotency, caching, versioning. The decisions that matter and the ones that don't.

GraphQL

Schema design, queries, mutations, the N+1 problem, query complexity, and when GraphQL is the wrong choice.

WebSockets

The handshake, message framing, authentication, scaling, reconnection — and when polling or SSE is the right answer instead.

Authentication

API keys, OAuth 2.0, JWT, mutual TLS. What each is for, where each fails, and how to choose.

Security

Transport, authorization, input validation, rate limiting, secret management, incident response — the layered model that real production APIs need.

SDK design

What separates a useful API client library from a frustrating one.

Recent deep-dives

Long-form articles on subtopics that need more space than a reference page.

Architecture May 2026

API Rate Limiting Strategies

Token bucket, leaky bucket, fixed window, sliding window — what each algorithm gets right and where each one fails.

API design May 2026

Idempotency Keys for APIs

How idempotency keys make API retries safe — the contract, where to store the key, and the corner cases that catch real implementations out.

Architecture May 2026

Webhook Design and Delivery

Designing webhooks that survive contact with the real internet — signing, retries, ordering, replay protection.

API design May 2026

API Pagination Patterns

Offset, cursor, and keyset pagination compared — the failure modes of each, and the API shape that exposes them well.

API design May 2026

API Error Handling Conventions

Status codes, problem-details envelopes (RFC 7807), partial-success patterns, and what separates an actionable error from a useless one.

Best practices Reviewed May 2026

API Design Best Practices

The whole-system view of designing APIs that hold up over years of change — naming, versioning, error shapes, pagination.

All articles

Beyond the references

Three sections that go alongside the working references and the long-form blog.

Tools

Client-side utilities for working with web APIs — JWT decoder, signature verifier, more coming. Everything runs in your browser; no data leaves the page.

The canon

A curated reading list of the essential papers, RFCs, blog posts, talks, and books on web API design. The 40 things worth your time.

Postmortem readings

Analytical readings of publicly-disclosed incidents from major API providers — Stripe, AWS, Cloudflare. What design decisions contributed and what generalizes.

Monthly digest

What changed in the web API world this month. Standards activity, vendor releases, deprecations, notable incidents, pieces worth reading. Curated, opinionated, dated.

About the site

MyAppAPI publishes reference documentation, design guides, and integration walkthroughs aimed at engineers who build, operate, or consume web APIs. We don't run an API service — we write about how to design and use them well. See about for the editorial scope and how content is produced.

Substantive pages carry a "last reviewed" date. Anything that depends on a moving target — versioned behaviour, security baselines — is revisited at least once a year. If you spot something stale, please let us know via the contact page.