API Basics
Data Tools
Browser Bot
HTML Clean
URL Info
Security and Networking
Legacy APIs

API Clients - Best Practice Guide

The following best practices will help ensure you have a reliable and secure integration with any external API.

Protecting Keys

Securing your API keys properly will reduce the likelihood of your credentials being hijacked.


Often overlooked is setting an appropriate timeout value on your HTTP client. The default value for many platforms is often higher than 60 seconds which for many scenarios is far too high. You should set your HTTP and TCP timeouts to appropriate values for the given API characteristics. Doing so will ensure the API fails quickly in the event of a network outage or other kind of connectivity issue.


If an API request does fail should you retry the request? This will largely depend on how critical the response is to you, if it's important then retrying the requests at least one more time is usually a good idea. You will need to think about how many times you should retry and what delay to use between retries.

Defensive Programming

This is a general approach to software design but applies well to API clients. Try to write your API implementation in such a way that your application can continue to function even if the API fails or returns unexpected data. Consider the various states the API could possibly respond with like various HTTP status codes and handle these gracefully. It's also a good idea to incorporate a good error reporting/alerting system too.

Connection Pooling

Finally, if your going to be making loads of API requests then connection pooling or connection reuse will be significantly more efficient than opening up new HTTP connections for every single request. This is usually a feature of your HTTP client which you can configure and enable, most mature HTTP client libraries provide this functionality out of the box.