In my previous post , I mentioned the main API versioning approaches. During the talk of the same name, I sometimes get some questions on the subject. In this post, I'll detail each of them. Evolving your APIs I assume readers know the reasons behind versioning, semantic versioning, and product lifecycle. If not, I encourage you to read a bit about these themes; in particular, chapter 24 of the excellent book focuses on them. API Design Patterns I'll summarize the subject in a few words in any case. Generalities Software naturally evolves, because of business needs or changing regulations. In some cases, the said software has no clients but humans, , a monolith with Server-Side Rendering. In all other cases, at least another software component interacts with your software: e.g. A JavaScript front-end consumes the REST API A webservice consumes the REST API etc. Some changes are backward-compatible - you don't need to update the client; others are not. Removing an endpoint is not backward compatible; it's a breaking change. Removing a parameter, adding a required parameter, or changing a parameter type are also breaking changes. When introducing a breaking change in regular software, you must increase its major version if you adhere to semantic versioning. It's the same in the realm of APIs. You let your customers keep using the v1 version while releasing breaking changes in the v2 version. The crux of the problem is now how to use a specific version of the endpoint. Three options are available: Path-based versioning Query-based versioning Header-based versioning Let's detail them in turn. It all boils down to routing; I'll demo the configuration with to implement each versioning approach. Apache APISIX Path-based versioning Path-based versioning is so ubiquitous that it's the approach most people think about when they think about API versioning. The idea is to set the version in the path: /v1/foo /v2/foo Path-based versioning seems easy to implement with Apache APISIX: upstreams:
  - id: 1
    nodes:
      "upstream_1:8080": 1
  - id: 2
    nodes:
      "upstream_2:8080": 1

routes:
  - uri: /v1/*
    upstream_id: 1
  - uri: /v2/*
    upstream_id: 2 The above setup doesn't work, unfortunately: as it stands, we forward to the upstream, whereas it probably can handle only - the path behind the version prefix. We need to remove the version prefix before forwarding to the upstream: /v1/* * routes:
  - uri: /v1/*
    upstream_id: 1
    plugins:
      proxy-rewrite:
        regex_uri: [ "/v1(.*)", "$1" ]        #1
  - uri: /v2/*
    upstream_id: 2
    plugins:
      proxy-rewrite:
        regex_uri: [ "/v2(.*)", "$1" ]        #1 Remove the version path prefix before forwarding Beware if you use other plugins, which may forward the request before the prefix is removed, , . In this case, we must apply . Apache APISIX orders plugins by their default priority, so we need to increase the priority of the former: e.g. proxy-mirror proxy-rewrite before proxy-mirror routes:
  - uri: /v1/*
    upstream_id: 1
    plugins:
      proxy-rewrite:                          #1
        regex_uri: [ "/v1(.*)", "$1" ]
      proxy-mirror:                           #2
        host: "http://api.v2:8080"
        _meta:
          priority: 1000                      #3 default priority is proxy-rewrite 1008 default priority is proxy-mirror 1010 Set it to so that it now applies the rewrite takes place 1000 after Query-based versioning Another way to version is to use query parameters, , . While I've never seen it in the wild, it deserves a mention nonetheless. We can leverage the following Apache APISIX configuration: e.g. ?version=v1 routes:
  - uri: /*                                   #1
    upstream_id: 1
    vars: [[ "arg_version", "==", "v1" ]]     #2
    priority: 2                               #1
  - uri: /*                                   #1
    upstream_id: 2
    vars: [[ "arg_version", "==", "v2" ]]     #2
    priority: 3                               #1
  - uri: /*                                   #1-3
    upstream_id: 1
    priority: 1 Both routes match the same URI, so we must evaluate them in order. That's the role of : Apache APISIX evaluates the highest priority first priority Evaluate the query parameter named version Default route when no is provided. Here, I route to version 1, but you can also return an HTTP status to require a version. version 4xx Header-based versioning The last alternative for versioning is to use HTTP headers. Here's a custom header: GET / HTTP1.1

Version: 1 From an HTTP point of view, asking for a version via a header is the definition of between the client and the server: content negotiation Content negotiation refers to mechanisms defined as a part of HTTP that make it possible to serve different versions of a document (or more generally, representations of a resource) at the same URI, so that user agents can specify which version fits their capabilities the best. -- Content Negotiation on Wikipedia The agreed-upon content type format follows the pattern , where: application/vnd.aaa.bbb.vX+format is a reversed domain name, , aaa.bbb e.g. ch.frankel is the version number, , X e.g. 1 is the accepted format, , format e.g. json Hence, here's a possible request: GET / HTTP1.1

Accept: application/vnd.ch.frankel.myservice.v1+json Theoretically, the client can leverage the of headers to communicate that it can handle different versions. The following request tells that the client prefers version 2 but can handle version 1 if the need be: quality Accept GET / HTTP1.1

Accept: application/vnd.ch.frankel.myservice.v2+json;q=0.8, application/vnd.ch.frankel.myservice.v1+json;q=0.2 In practice, quality requires a high level of maturity, both on the server-side - handling qualities and on the client-side - handling two versions simultaneously. Here's the APISIX configuration for quality-less content negotiation. It's very similar to the one above, the only difference being the Nginx variable in play, instead of . http_X arg_Y routes:
  - uri: /*
    upstream_id: 1
    vars: [[ "http_accept", "==", "vnd.ch.frankel.myservice.v1+json" ]]
    priority: 2
  - uri: /*
    upstream_id: 2
    vars: [[ "http_accept", "==", "vnd.ch.frankel.myservice.v2+json" ]]
    priority: 3
  - uri: /*
    upstream_id: 1
    priority: 1 Conclusion In this short post, we detailed the three options for versioning HTTP APIs: path-based, query-based, and header-based. They don't differ much, each having its little tricky parts. Whatever path you choose, though, make sure it's consistent across all the organization. The complete source code for this post can be found on . GitHub To go further: API deployment strategies Content Negotiation in RFC 9110 Routing in Apache APISIX Originally published at on November 5th, 2023 A Java Geek

Delving Into OpenTelemetry Collector

Calling Rust from Python with pyo3

Read all my posts!

A Comprehensive Guide to API Versioning: Paths, Queries, and Headers

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

16 Best Practices For Securing Your APIs with Apache APISIX - Part 1

100 Days of AI Day 1: From Newsletter to Podcast, Leveraging AI for Audio Transformation

10 Threats to an Open API Ecosystem

10 Indications That You Should Invest in Automation Via APIs

10 Best Practices for Securing Your API

The Noonification: Getting Your API Into Production (10/28/2022)

16 Best Practices For Securing Your APIs with Apache APISIX - Part 1

100 Days of AI Day 1: From Newsletter to Podcast, Leveraging AI for Audio Transformation

10 Threats to an Open API Ecosystem

10 Indications That You Should Invest in Automation Via APIs

10 Best Practices for Securing Your API

The Noonification: Getting Your API Into Production (10/28/2022)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps