Some best practices for web services

These practices are tested by this page.
To test your web service, enter some example URLs in the box below. Use both valid URLs, and URLs that should get a "not found" or other error response. URL:

More best practices for web services

These ones are not tested by this page.
  • If want to allow users to save context from one session to another, then you will need to offer login. Use Digest auth. This is now supported by all browsers, and is secure against password snooping even over HTTP. You also need login if you serve confidential data.
  • If you need to offer login, you also need to design your API to protect against Cross Site Request Forgery attacks.
  • Offer a contact email for support, answer the emails, and when answering them, assume that the user is not stupid.
  • Don't make URLs obsolete - this will impose a cost on all your users.