Best practices

Here are some guidelines and best practices to get you started if you’re new to using APIs.

API keys management

Every API key should be generated specifically for an individual application:

  • API keys are free to create, and there is no limit to the number you can use. So we encourage you to generate new API keys/secrets for every app you use.
  • However, all versions of an application should use the same API key.

Security

API keys and secrets should never be shared or made public:

  • API secrets should never be used where they could be discovered by other users, such as in client-side files or in local storage for mobile applications. Otherwise, anyone with a little technical knowledge can potentially access them.
  • Similarly, access tokens should be kept private and stored in secured locations.
  • Authentication-related requests should only be done over HTTPS.

Design

These are just a few ways to best use APIs.:

  • Caching is good. :) Data should be cached whenever possible, and then loaded from the cache on as needed.
  • Always assume that the service might not work as expected. Temporary issues and timeouts happen, so create a mechanism to handle errors. Also, be sure the query you make is correct, as an error might come from a unexpected or incorrect parameter.
  • When requesting an access token, only request the scopes you need—nothing more. Requesting more scopes may make your users suspicious about what your application is doing with their data.