Single Web API endpoint for all entities, good or bad

apiapi-designasp.netweb

Situation

We are currently developing a large web application (Web API 2) – several entities and thus require several endpoints for each. But suddenly, they changed to "one endpoint fits all" approach, something like:

/api/data?entity=entity_name

Then the usual controller for GET, POST, PUT, DELETE. We have something like this:

public class DataController : ApiController
{
    public HttpResponseMessage Get(string entity)
    {
        Type entityType = Type.GetType(entity);
        var query = HelperClass.GenerateGenericGetMethod<entityType>("GetAll").ToList();
        return Response(OK, query);
    }
}

As you can see, we created some Helper to generate a generic method for Get, GetById and same old same old queries, we will then apply another set of helpers for: stripping down properties to return to the client and other custom actions.

Question

Is this going to cause some overhead to the server? Will it be okay if we scale it all up in the future? (And I'm sure we will) Like add token authentication, user roles, mobile access and more. Would like some insights.

Thanks!

EDIT: I am fairly new to web development and would love to hear some suggestions on what approach would fit our situation best.

Best Answer

I sincerely doubt that Web API 2 would have any problem with a single endpoint. There may be considerations of which I am not aware, but it doesn't seem likely to be the limiting factor.

The real problem with this approach is what it does to the comprehensibility and maintainability of the code, as well as making it easier to trace and debug.

For the first problem is that /api/data?entity=widget is less expressive than, say, /api/widget.

The latter form as less noise and communicates the intent more clearly.

Another factor is the growth of your APIs. If you start with a single retrieval for each, the single entry point may not seem bad. But let's say you start needing to do a couple of queries: widget by ID and widget by name. Your URL string starts to look like /api/data?entity=widget&id=123 or /api/data?entity=widget&name=Frobnitz. Little by little, your Get method starts to accumulate more and more checks to figure out which query you mean, especially if we add a Foo entity that also can be looked up by ID.

In general, you would probably be well-served to read up a little on REST web services and applying some of the general principles (some of the heavier stuff is probably overkill for your situation).

Related Solutions

API-Based Websites – Is It a Good Idea?

It sounds like you are talking about a 'single page app'

This term is used to refer to websites where all or most of the actions you take are accomplished via client side javascript AJAX calls, which retrieve json, convert that json to html and update the page

rather than:

Having the browser request a new html page which is returned and shown by the browser, discarding the old page.

Although I agree there are downsides to this approach, it is now the de facto standard architecture for website design. The simple reason being that AJAX gives a clearly better user experience over page loads.

Several javascript frameworks such as react and angular are available to make this approach easy to implement.

So, most 'single page apps' are NOT all done on a single page. Admin pages, Settings etc are in my experience usually split off, in to what is effectively a separate 'single page app'. ie you have a Admin.html which also uses angular or whatever and has a set of apis to do its in page functionality.

This makes it easier to separate out the concerns and address some problems that single page apps tend to have with authentication.

The user experience is not really affected, because changing between these sections of the site is not something they do often and is seen as a 'big step' with the entire page changing.

However, you should consider carefully where this approach is sensible. having some forms submit via standard http and some via your js framework would seem to me not to add any benefit. If you are using a framework, stick to it and use it for everything. If you are doing old skool html, stick to that. combining both approaches will simply mean you get the downsides of both.

API Design – Best Practices for API Endpoints for an Entity

I don't think there is universal agreement on this, but I use the following rules-of-thumb:

If it makes sense to request the complete list of a particular resource (all employees), then there should be a top-level endpoint for that.
If you need to filter on a attribute of a resource, then use a query parameter for that or create a separate endpoint. The choice mostly depends on how common it is to need the filter and if there is a obvious name for the endpoint.
If you need to filter on a relation between two resources, then use a new endpoint below resource you filter on. (For example, the endpoint for the employees that all report to a particular manager could be /managers/<id>/employees/)
To specify that you only want a sub-set of the attributes in the resource representation, use the query string.

This would, for example give the queries

GET /employees
GET /employees?active=true
GET /role/<id>/employees?fields=id,name

Sometimes, it might also make sense to invert the filtering logic, so that GET /employees returns only the active employees and GET /employees?include_inactive gives the list of active and inactive employees.

In the end, try to design your interface such that the common case is easiest to get right for the clients.