Internet-Draft	api-catalog	September 2023
Smith	Expires 15 March 2024	[Page]

Workgroup:: HTTPAPI
Internet-Draft:: draft-ietf-httpapi-api-catalog-00
Published:: 12 September 2023
Intended Status:: Standards Track
Expires:: 15 March 2024
Author:: K. Smith, Ed.

Vodafone

api-catalog: A well-known URI to help discovery of APIs

Abstract

This document defines the "api-catalog" well-known URI. It is intended to facilitate automated discovery and usage of the APIs published by a Web host.¶

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 15 March 2024.¶

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

▲

1. Introduction

A Web host may publish Application Programming Interfaces (APIs) to encourage requests for interaction from external parties. Such APIs must be discovered before they may be used - i.e., the external party needs to know what APIs a given Web host exposes, their purpose, any policies for usage, and the endpoints to interact with the APIs. To faciliate automated discovery of this information, and automated usage of the APIs, this document proposes a well-known URI, 'api-catalog', as a location where a Web host's API endpoints are described in an API catalog document.¶

1.1. Goals and non-goals

The primary goal is to facilitate the automated discovery of a Web Host's public API endpoints, along with metadata that describes the purpose and usage of each API, by specifying a well-known URI [RFC8615] that returns an API catalog document. The API catalog document is primarily machine-readable to enable automated discovery and usage of APIs, and it may also include links to human-readable documentation.¶

Non-goals: this document does not mandate paths for API endpoints. i.e., it does not mandate that my_example_api should be available at example.com/.well-known/api-catalog/my_example_api (although it is not forbidden to do so). This document does not mandate a specific format for the API catalog document, although it does suggest some existing formats and general guidance regarding the content.¶

1.2. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] when, and only when, they appear in all capitals, as shown here.¶

2. Using the 'api-catalog' well-known URI

The api-catalog well-known URI is intended for HTTP(S) servers that publish APIs and wish to facilitate their discovery and usage. Since the purpose of the api-catalog well-known URI is to facilitate API discovery with minimal prior knowledge, it is recommended that /.well-known/api-catalog be hosted at a predictable hostname, e.g. www.example.com . It may also be hosted at other hostnames, e.g. api.example.com, developer.example.com etc.¶

A Web host (example.com) supporting this URI:¶

SHALL resolve an HTTP(S) GET request to /.well-known/api-catalog and return an API catalog document.¶
SHOULD resolve an HTTP(S) HEAD request to /.well-known/api-catalog with a response including a Link header with the relation(s) defined in Section 4 ¶

3. The API Catalog

There is no mandated format for the API Catalog document. The Web Host is free to choose any format that supports the automated discovery, and machine (and human) usage of their APIs. The Web Host may choose to include useful metadata, including API version information, usage policies etc. - and is recommended to support link relations to support machine discovery and usage of APIs. Some example formats/contents include:¶

A linkset [RFC9264] of API endpoints¶
API bookmarks that represent an API entry-point and may be followed to discover purpose and usage¶
Links to the OpenAPI Specification [OAS] definitions for each API¶
A RESTDesc semantic description for hypermedia APIs [RESTdesc]¶
An APIs.json document [APIs.json]¶
A Hypertext Application Language document [HAL]¶
Any other format decided by the Web Host¶

Appendix A includes some example API Catalog documents based on the linkset and 'bookmark' formats.¶

4. Link relations

"api-catalog" . Refers to an API catalog documenting the Web Host's API.¶

5. Conformance to RFC8615

The requirements in section 3 of [RFC8615] for defining Well-Known Uniform Resource Identifiers are met as follows:¶

5.1. Path prefix

The api-catalog URI SHALL be appended to the /.well-known/ path-prefix for "well-known locations".¶

5.2. Supported URI schemes

The api-catalog well-known URI may be used with the HTTP and HTTPS URI schemes.¶

5.3. Registration of the api-catalog well-known URI

See Section 6 considerations below.¶

6. IANA Considerations

6.1. The api-catalog well-known URI

This specification registers the "api-catalog" well-known URI in the Well-Known URI Registry as defined by [RFC6415] .¶

URI suffix: api-catalog¶

Specification document(s): draft-ietf-httpapi-api-catalog-00¶

Related information: The "api-catalog" documents obtained from the same host using the HTTP and HTTPS protocols (using default ports) MUST be identical.¶

6.2. The api-catalog link relation

This specification registers the "api-catalog" link relation by following the procedures per section 4.2.2 of [RFC8288]¶

Relation Name: api-catalog¶

Description: Identifies a catalog of APIs published by the context Web host.¶

Reference: draft-ietf-httpapi-api-catalog-00¶

7. Security Considerations

TBD¶

8. References

8.1. Normative References

[RFC6415]: Hammer-Lahav, E., Ed. and B. Cook, "Web Host Metadata", RFC 6415, DOI 10.17487/RFC6415, October 2011, <https://www.rfc-editor.org/info/rfc6415>.
[RFC8288]: Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, <https://www.rfc-editor.org/info/rfc8288>.
[RFC8615]: Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, <https://www.rfc-editor.org/info/rfc8615>.
[RFC9264]: Wilde, E. and H. Van de Sompel, "Linkset: Media Types and a Link Relation Type for Link Sets", RFC 9264, DOI 10.17487/RFC9264, July 2022, <https://www.rfc-editor.org/info/rfc9264>.
[RFC8631]: Wilde, E., "Link Relation Types for Web Services", RFC 8631, DOI 10.17487/RFC8631, July 2019, <https://www.rfc-editor.org/info/rfc8631>.

8.2. Informative References

[RFC2119]: Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[OAS]: Miller, D., Whitlock, J., Gardiner, M., Ralphson, M., Ratovsky, R., and U. Sarid, "OpenAPI Specification", February 2021, <https://spec.openapis.org/oas/latest.html>.
[HAL]: Kelly, M., "Hypertext Application Language", September 2013, <https://stateless.co/hal_specification.html>.
[APIs.json]: Lane, K. and S. Willmott, "APIs.json", September 2020, <http://apisjson.org/format/apisjson_0.16.txt>.
[RESTdesc]: Verborgh, R., Mannens, E., Van de Walle, R., and T. Steiner, "RESTdesc", September 2023, <https://restdesc.org/>.

Appendix A. Example API catalog documents

This section is informative, and non-exhaustive. It presents some example API catalog document formats (other formats may be used).¶

A.1. Using Linkset with RFC8615 relations

This example uses the linkset format [RFC9264], and the following link relations defined in [RFC8631]:¶

"service-desc",used to link to a description of the API that is primarily intended for machine consumption.¶
"service-doc", used to link to API documentation that is primarily intended for human consumption.¶
"service-meta", used to link to additional metadata about the API, and is primarily intended for machine consumption.¶
"status", used to link to the API status (e.g.API "health" indication etc.) for machine and/or human consumption.¶


GET .well-know/api-catalog HTTP/1.1
Host: example.com
Accept: application/linkset+json

HTTP/1.1 200 OK
Date: Mon, 01 Jun 2023 00:00:01 GMT
Server: Apache-Coyote/1.1
Content-Type: application/linkset+json

{
  "linkset": [
    {
      "anchor": "https://developer.example.com/apis/foo_api",
      "service-desc": [
        {
          "href": "https://developer.example.com/apis/foo_api/spec",
          "type": "text/n3"
        }
      ],
      "status": [
        {
          "href": "https://developer.example.com/apis/foo_api/status",
          "type": "application/json"
        }
      ],
      "service-doc": [
        {
          "href": "https://developer.example.com/apis/foo_api/doc",
          "type": "text/html"
        }
      ],
      "service-meta": [
        {
          "href": "https://developer.example.com/apis/foo_api/policies",
          "type": "text/xml"
        }
      ]
    },

    {
      "anchor": "https://developer.example.com/apis/bar_api",
      "service-desc": [
        {
          "href": "https://developer.example.com/apis/bar_api/spec",
          "type": "application/json"
        }
      ],
      "status": [
        {
          "href": "https://developer.example.com/apis/bar_api/status",
          "type": "application/json"
        }
      ],
      "service-doc": [
        {
          "href": "https://developer.example.com/apis/bar_api/doc",
          "type": "text/plain"
        }
      ]
    },
    {
      "anchor": "https://developer.example.com/apis/cantona_api",
      "service-desc": [
        {
          "href": "https://developer.example.com/apis/cantona_api/spec",
          "type": "text/n3"
        }
      ],
      "service-doc": [
        {
          "href": "https://developer.example.com/apis/cantona_api/doc",
          "type": "text/html"
        }
      ]
    }
  ]
}

Figure 1: api-catalog linkset example

A.2. Using Linkset with bookmarks

This example also uses the linkset format [RFC9264], listing the API endpoints in an array of bookmarks. The intent is that by following a bookmark link, a machine-client can discover the purpose and usage of each API, hence the document targeted by the bookmark link must support this.¶


GET .well-know/api-catalog HTTP/1.1
Host: example.com
Accept: application/linkset+json

HTTP/1.1 200 OK
Date: Mon, 01 Jun 2023 00:00:01 GMT
Server: Apache-Coyote/1.1
Content-Type: application/linkset+json

{
"linkset": [{
    "anchor": https://example.com/,
    "api-bookmarks": [{
        "href": https://developer.example.com/apis/foo_api
    }, {
        "href": https://developer.example.com/apis/bar_api
    }, {
        "href": https://developer.example.com/apis/cantona_api
    }
    ]
}]
}

Figure 2: api-catalog linkset example

Acknowledgements

TODO¶

Author's Address

Kevin Smith (editor)

Vodafone

One Kingdom Street

London

W2 6BY

United Kingdom

Email: kevin.smith@vodafone.com

URI: www.vodafone.com

Document	Document type	This is an older version of an Internet-Draft whose latest revision state is "Active".
	Select version	00 01 02 03 04 05 06 07 08
	Compare versions
	Author	Kevin Smith
	RFC stream
	Other formats	txt html xml bibtex bibxml
	Additional resources	Mailing list discussion