API Design Tips for Students: Advice from the API Handyman

Isaac Atif

December 29, 2022· 6 mins

The Postman Student Programs team gets asked many great questions from student community members across the world who want to learn about APIs and how to design them. That’s why, for the very first time, we called upon an industry expert to help us answer these questions on a special “AMA” (or “Ask Me Anything”) livestream with Postman Open Technology API Governance Lead Arnaud Lauret—who is also known in the wider community as the API Handyman. Here are some key takeaways from that AMA that we think are especially valuable for any student wanting to build or collaborate on APIs. Let’s jump right in and see what Arnaud had to say!

What do you do in your day-to-day job at Postman?

Arnaud Lauret: My day-to-day job is to study the API space from the API governance perspective, including how to ensure all your APIs look and behave the same and how to help people create APIs. I also write about various API-related topics, perform tests on developer tools, and share all of this with the Postman community. I work with Postmanauts who build Postman and help them whenever I can in different areas—like designing APIs and implementing API governance features in Postman. I spent two years writing a book called The Design of Web APIs, which I recommend for anyone that wants to understand what it means to design APIs and how to design them.

I would like to build my first API. Can you talk about the first API you built?

The first API I built was the first French open banking API. It provided banking services to anyone in the world that wanted to use them. It was an interesting project because I learned how to design APIs and how to secure them. I also learned how to provide a public API and how to manage a community. No matter what your first API is, you will learn so much from the experience. Remember that it’s okay to fail and that this is just part of the learning process. You might even learn something new from it. If you get stuck, then ask a developer community for help. Join our Postman Student Community on Discord to connect with other students and beginners learning new things together. We also have a Postman Community Forum where you can request help as you’re using the Postman API Platform for the first time and find plenty of learning resources.

For the beginners out there in our community, can you explain what “backend” and “frontend” mean?

The idea behind “backend” and “frontend development” is to create an optimal API that works for a mobile or web application. Why is this important, especially for mobile apps? The main concern with mobile application development is that you may not have enough bandwidth to support your app. Another concern is that if you send too many API calls over the 5G/4G data on your smartphone, it kills your battery faster.

A solution to this dilemma is to have the bare minimum API calls needed to reduce data usage and get only what is strictly necessary. But this kind of API goes against API governance principles that say a good API is supposed to fit a wide range of use cases. So the solution is: if I’m the developer of a mobile application, then I will create my own backend and my own API that will orchestrate code to the usual business APIs that cover a wide range of use cases. This way I create my own tailor-made API with a template API underneath.

What is API governance?

API governance is helping people maximize value generated by APIs. The idea here is when you create an API you choose what kind of design and security to put in place. When working in a team of people creating different APIs how do you ensure your team creates APIs that all look the same? With the same security? How do you ensure you’re creating the right APIs that will help your organization achieve its goal? After all, these small design decisions have consequences. The answer is API governance. API governance helps people work with your API in a way that follows your guidelines and solves these problems to create the right APIs.

API governance can be practiced with API design reviews similar to code peer reviews. You can leverage automation to analyze how APIs are defined by others in the industry and delegate the task of reviewing APIs to a program. It is also very important to explain to your users why API governance and following your guidelines matters and propose ways they can improve their skills. This can be done by providing API design workshops and training courses. This way you can teach your users how to design APIs the right way and give them key principles they can use to be autonomous.

What is API security? 

When you are dealing with security in APIs, you have to think about different levels. The first level of API security is making sure that only authorized applications have been granted access to your API. This means managing who has access to your API after exposing it to the outside world. If you don’t do this, then anyone can access your APIs and do whatever they want.

The second level of API security is managing what the consumer can do after being granted access to your API. For example: let’s say I’m using my bank’s API as a regular customer. I open my mobile banking application and call my bank’s API to request the list of bank accounts I have. I should not be allowed to retrieve all the bank accounts of every customer at the bank. I’m only supposed to get the bank account that belongs to me. So these are the two levels of security you will have to consider—granting consumer access to your API and managing what the consumer can do with your API.

Watch the full AMA livestream