Reflection — An Honest Take 8 min

Honest Take — Before You Begin

Honest reflections on building interfaces other developers trust


The REST vs GraphQL debate is usually the wrong debate. Teams spend weeks arguing about which paradigm to use when the real problems are elsewhere: inconsistent response formats, undocumented error codes, authentication flows that require a PhD to understand, versioning strategies that break clients on every deploy. I have seen beautifully RESTful APIs that are miserable to use and "impure" APIs that are a joy.

The paradigm is not the product. The developer experience is the product.

Most API problems are design problems, not technology problems. Choosing the wrong HTTP status codes is not a REST problem -- it is a communication problem. Returning inconsistent error formats is not a serializer problem -- it is a design problem. Requiring seven API calls to render one screen is not a performance problem -- it is a modeling problem. This module focuses on design first because the technology choices follow from good design, not the other way around.

Authentication is where most Rails APIs get messy, and I want to be honest about why: it is because auth is genuinely hard, not because Rails developers are bad at it. Token management, refresh flows, OAuth scopes, JWT expiration, session invalidation -- the surface area is enormous and the security consequences of getting it wrong are severe. Devise and Doorkeeper abstract some of this, but abstraction without understanding is how security vulnerabilities happen.

This module pushes you to understand auth at the protocol level, not just the gem level.

The best APIs are boring, and I mean that as the highest compliment. Predictable URL structures. Consistent response envelopes. Standard error formats. Obvious pagination. No surprises. "Boring" means a developer can guess how your API works before reading the docs. That is an achievement most teams never reach because they are too busy being clever.

Conclusion #

API design is where systems thinking shines naturally. APIs are literally the connection points between systems -- the seams where one domain meets another. The instinct to think about how pieces fit together is exactly the instinct that produces good API design. Cultivate it, refine it, formalize it.

Predictions #

  • You will standardize your API error handling approach and never go back to ad-hoc error responses
  • JSON:API or a similar specification will become your default, not because it is perfect but because consistency beats perfection
  • You will spend more time on API documentation after this module -- not because you should, but because you will want to
  • Authentication will stop feeling like a black box and start feeling like a system you can reason about
  • You will judge APIs you consume more critically, and that critical eye will make the APIs you build significantly better
Learning resources 5

That's the free preview. Sign in to continue this course.

Sign in to continue

New here? Make a desk →