API design: best practices for creating an API and SDK for an inherited application

I have been assigned the task of assuming an inherited application (which has a very poor API in terms of user experience, is largely undocumented and works slowly) and build a new API and SDK to improve the user experience. I have access to the source code of this legacy application and I can only see one endpoint that does everything.

I would like to know the best way to wrap a new API that improves the user experience for an inherited application. These are some of the things I've thought about:

  1. Design the API to follow the REST principles
  2. Document the API using something like RAML / Swagger, etc.
  3. Improve the API user experience so that you can enter query data much more easily, such as specifying it in a JSON payload instead of as query parameters in the URL (as with the legacy application)
  4. Generate tests to check all permutations and exercise as much as possible the underlying legacy service.
  5. Some kind of regression test framework to ensure that the new API does not break the legacy application when working outside its limitations.

One thing that worries me is how to communicate better with the legacy web service. I would have to translate the JSON of my web service to a query that accepts the legacy API. What are the best practices around that?

Any other suggestions that I missed would be appreciated.

php – WordPress REST API does not return public data

I am creating a mobile application for the wooCommerce store, and for that I want people to be able to see my products, without logging in, as they do on my website. But when I make a request to get a list of products. Do not return and respond with an error as follows:

{"code": "woocommerce_rest_cannot_view", "message": "Sorry, you cannot list resources", "data": {"status": 401}}

Even though my products are visible on my site to anyone. That I have to do ? here is the call to the API with which I am trying


The exact same query returns the data perfectly when authentication is added in the request headers.

The page I need help with: http://qmajd.com

I just want to know if it is not possible to obtain public data without authentication, what are the other solutions for me. Thanks in advance.

Java: better way to structure several different API calls with backlinks?

I am currently working on creating something with the following general structure. I want to call 4 different APIs in sequential order (the results of one are necessary for the next). If an exception is thrown, undo the efforts of the previous APIs with their sister removal APIs.

Currently my structure / control flow looks like this:

boolean A = false;
boolean B = false;
boolean C = false;
boolean D = false;
string response = StringUtils.EMPTY

try {
   A = true;
catch (A's Exceptions {
    A = false;

if (A == false){
    response == "failed"

try {
   B = true;
catch (B's Exceptions {
    B = false;

if (B == false){
   return response;

Basically, this was repeated 2 times and if all 4 were successful, my response would be successful. I was wondering if there was a cleaner way to address this.

I think I will use Optional to make each API call, but I was wondering if I need to write 4 different rollback functions.

api: problems with the .Net Core relationship

I am studying .NET Core API and I have problems with relationships, where I get the error every time I try to list all the "calibrations" of the "equipment".

JsonException: A possible object cycle was detected which is not supported. This can either be due to a cycle or if the object depth is larger than the maximum allowed depth of 32.

System.Text.Json.ThrowHelper.ThrowInvalidOperationException_SerializerCycleDetected(int maxDepth)

It is certainly something I am doing wrong, but the documentation has not helped me.

The result I hope is to obtain all the calibrations (Calibration and Validity) for each equipment.

public class Equipamento
        public int Id { get; set; }
        public string Nome { get; set; }
        public int TipoEquipamentoId { get; set; }
        public TipoEquipamento TipoEquipamento { get; set; }
        public decimal Valor { get; set; }
        public string NotaFiscal { get; set; }
        public DateTime Entrada { get; set; }
        public List Calibracao { get; set; }

public class Calibracao
        public int Id { get; set; }
        public int EquipamentoId { get; set; }
        public Equipamento Equipamento { get; set; }
        public DateTime Calibrado { get; set; }
        public DateTime Validade { get; set; }

public class TesteContext : DbContext
        public TesteContext(DbContextOptions options)
            : base(options)

        protected override void OnModelCreating(ModelBuilder modelBuilder)
                .HasOne(p => p.Equipamento)
                .WithMany(b => b.Calibracao);

        public DbSet Equipamentos { get; set; }
        public DbSet TiposEquipamento { get; set; }
        public DbSet Calibracoes { get; set; }

// GET: api/Equipamento
        public async Task>> GetEquipamentos()
            return await _context.Equipamentos
                .Include(t => t.TipoEquipamento)
                .Include(c => c.Calibracao)

When I delete: ".Include (c => c. Calibration)"from the control, I get the json with null" calibration. "Can anyone help me?

insert image description here

design patterns: how can I decouple my container API from its underlying SOAP implementation?

In our current architecture, a user has multiple ways in which he can change an address (as an example). They can do it through an online portal, through our central processor directly or through a series of applications that communicate with the central processor. I want to design a solution that has a place for all those users to channel, and a place for business logic, instead of half a dozen. I am writing a container API (RESTful) that abstracts the SOAP API from our core processor for ease of use. The reason for the abstraction is because we use a primitive proprietary programming language that does not generate XML as easily as you can simply call a URL.

I am evaluating third-party proxy layers like Mulesoft for this, but I am also investigating solutions that allow business logic to be placed in the RESTful API before I call the core processor. We also want to plan the possibility of the central processor eventually changing, and the SOAP API could be replaced by something else. What design pattern (if any) would you use to decouple the API interface of the underlying SOAP API and the core processor so that if we need to change the backup API to a completely different API that provides similar data and maybe use a mechanism different transport, the external API would not have to change?

I think it would be the adapter pattern or the bridge pattern, but I don't have much experience in SOLID or design patterns and I'm not sure which one would apply (if applicable). I know that the bridge pattern is for an initial design, while the adapter pattern is later. They seem to me both.

Or is it just a control investment at work?

java – Warning: loading FXML documents with JavaFX API version 10 using JavaFX runtime version 8

I wonder how to get rid of these warning messages. I reinstalled jdk 8, ran the project on NetBeans and received the warning message shown below. Uninstalling jdk 8 and installing java 10 will make the warning go away? The program crashes and there are many javafx runtime messages.

Warning: loading the FXML document with the JavaFX API of version 10 using JavaFX runtime version 8

javascript – Can the fetch () url parameter be a local .json file, or just an internet api?

You see, my program is just to show my database data from xampp in .json format to work with fetch (), and it works fine.

But when, instead of calling my file called json.php (where my text is generated in .json) I call json.json (which I wrote all the bd by hand to verify how it worked) I release this error:
"Fetch API cannot load file: /// C: /Users/Sistemas2/Desktop/Portafolio/practicando-JSON/json.json. URL scheme must be" http "or" https "for CORS request." And I don't know why it is. Thank you.

This is the code.




This is the script

var busqueda = document.getElementById("buscar");
busqueda.addEventListener('click', obtenerDatos);

function obtenerDatos(){
    // fetch('json.php') --- Este fetch si lo lee bien que es cuando estoy corriendo xampp
    .then( res => res.json() )
    .then( datos => {
function pintarTabla(datos){
    contenido.innerHTML = "";
    for (let valor of datos){
        contenido.innerHTML += `


My connection php when I run xampp and when I do the getAll () function to make my json.php url type .json.

        return $link;
class personas{
    private $db;
    private $lista;
        public function __construct(){
        public function traerTabla(){
            $tabla=$this->db->query("SELECT * FROM personas");
            return $this->lista;
        public function obtenerDatos(){
            $query=$this->db->query("SELECT * FROM personas");

            return $query;
        public function getAll(){
            $datosPersonas = new personas();
            $datos = array();
            $res = $datosPersonas->obtenerDatos();
            if ($res){
                while($row = $res->fetch_assoc()){
                    $item = array(
                        'id' => $row('id_Personas'),
                        'nombre' => $row('Nombre'),
                        'pais' => $row('Pais'),
                        'edad' => $row('Edad'),
                        'ocupacion' => $row('OcupaciĆ³n')
                    array_push($datos, $item);
                echo json_encode($datos);
                echo json_encode(array('mensaje' => 'No hay elementos registrados'));

The file that only generates the text in .json (json.php)


This is my file json.json that in the fetch () of the script I want to read but at the moment of running the program I get the error that I mentioned at the beginning.

        "ocupacion":"Ingeniero en sistemas"
        "ocupacion":"Disenadora grafica"
        "ocupacion":"Gerente de operaciones"
        "ocupacion":"Analista de datos"
        "ocupacion":"Desarrollador de software"

API design – JSON API – How to "include" the parent?

I am trying to use the JSON API as the output format of my API. I have the scenario that one or more of my "relationships" are actually a father-son relationship. If the "relationships" only include the child, should the "included" include the child and the parent?

For example:

  "data": [
      "type": "foos",
      "id": "1",
      "relationships": {
        "bars": {
          "data": [
              "type": "bars",
              "id": "200"
  "included": [
      "type": "bars",
      "id": "200",
      "attributes": {
        "parent_id": "100",
        "name": "Foo Bar"
      "links": {
        "self": "/api/bars/200"
      "type": "bars",
      "id": "100",
      "attributes": {
        "parent_id": null,
        "name": "Something Other Than Foo Bar"
      "links": {
        "self": "/api/bars/100"

The JSON is a valid JSON API according to https://jsonapi-validator.herokuapp.com/. However, I still wonder if the second "included" is appropriate.

I hope the JSON example is clear enough. Should I include the second "included"? Or is that information that should only be retrieved if the API consumer invokes the "own" URL of the first "included"?

Microsoft Graph API to verify Active Directory member or group permission for a SharePoint site

I am looking for a Microsoft Graph API to find out if there is an Active Directory group (not an SP group) to which a user is a member who gives them the appropriate rights to access a particular SharePoint site.

Is there any direct way to verify this information? I am trying to find this information from the Microsoft Graph API but I don't get this information.

Is it possible to find if an Active Directory user or group has access to a SharePoint site?

Design – Where is the distinction between a web application and an API?

This question is closely related to this question question. I am asking another question, I am still a little confused on the subject.

The problem I encountered

I currently have a Django web application where users can have a list of their hobbies and can increase a counter every time they do one of their hobbies. My problem is that I want to extend this functionality outside of a front-end experience. In other words, I want users to be able to increase their hobbies using a POST request, say, from the terminal or from your own script or something.

Where am i confused

Do I have to create an API for my web application to add this functionality?

Another way of saying it is: do I have to handle the requests that come from the front end differently from the requests that come from another place? Front-end requests would go to the URL www.hostname.com/hobbies/1 and other requests go to the URL www.hostname.com/api/hobbies/1?

If I enrich the POST requests to the same URL as the requests that come from the front-end (that is, www.hostname.com/hobbies/1), so how does Google have external APIs for Google Maps? It seems that if other web applications are calling the functionality of Google Maps, then Google has separated those instances from its front-end.