API Basics
★  Fundamentals
★  Error Codes
★  Examples
★  Batch Processing
★  Specifications
★  Best Practice
★  SDKs
★  Stats
Data Tools
Security and Networking

API Client Best Practice Guide

There are a bunch of things you should consider when you embark on implementing an API client. The following best practices can apply to any type of API however we will mostly be focused on web based APIs here. Following these best practices will help ensure you have a reliable and secure integration with any external API.

Protecting API Keys

Securing your API keys properly will ensure your credentials don't get hijacked and result in unintended usage. The following practices will help protect your API keys:


Often overlooked is setting an appropriate timeout value on your HTTP client. The default value for many platforms is often higher than 60 seconds which for many scenarios is far too high. You should set your HTTP and TCP timeouts to appropriate values for the given API characteristics. Doing so will ensure the API fails quickly if there is ever a network outage or other kind of connectivity issue.


If an API request does fail should you retry the request? This will largely depend on how critical the response is to you, if it's important then retrying the requests at least one more time is usually a good idea. You will need to think about how many times you should retry and what delay you should use between retries too.

Defensive Programming

This is a general approach to software design but applies well to API clients. Try to write your API implementation in such a way that your application can continue to function even if the API fails or returns unexpected data. Consider the various states the API could possibly respond with like various HTTP status codes and handle these gracefully. It's also a good idea to incorporate a good error reporting/alerting system too.

Connection Pooling

Finally, if your going to be making loads of API requests then connection pooling or connection reuse will be significantly more efficient than opening up new HTTP connections for every single request. This is usually a feature of your HTTP client which you can configure and enable, most mature HTTP client libraries provide this functionality out of the box.