Source: http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api
- Use SSL
- Do not redirect from non-SSL to SSL (encourages clients to keep doing it)
- Version in the URL (At least major)
- Unary attribute (+/-) in sort params to indicate direction of sort
- Provide way for user to specify return fields
- snake_case is easier to read (Even though it is not the standard way to define variables in Javascript: CamelCase)
- pretty print by default (responses are slightly larger). Over-arching concept is that an API should also be human-readable
- Support .gz compression, if not default to it. Much faster API
- Accept json bodies for POST, PATCH, PUT
- Add pagination info to the header (RFF 5988)
- Add rate limit information to the header
- API should be stateless - no cookies or sessions for authentication