]> Vodafone

One Kingdom Street London W2 6BY GB kevin.smith@vodafone.com www.vodafone.com

Applications and Real-Time HTTPAPI Internet-Draft This document defines the "api-catalog" well-known URI. It is intended to facilitate automated discovery and usage of the APIs published by a Web host.

Introduction A Web host may publish Application Programming Interfaces (APIs) to encourage requests for interaction from external parties. Such APIs must be discovered before they may be used - i.e., the external party needs to know what APIs a given Web host exposes, their purpose, any policies for usage, and the endpoints to interact with the APIs. To faciliate automated discovery of this information, and automated usage of the APIs, this document proposes a well-known URI, 'api-catalog', as a location where a Web host's API endpoints are described in an API catalog document.

Goals and non-goals The primary goal is to facilitate the automated discovery of a Web Host's public API endpoints, along with metadata that describes the purpose and usage of each API, by specifying a well-known URI that returns an API catalog document. The API catalog document is primarily machine-readable to enable automated discovery and usage of APIs, and it may also include links to human-readable documentation. Non-goals: this document does not mandate paths for API endpoints. i.e., it does not mandate that my_example_api should be available at example.com/.well-known/api-catalog/my_example_api (although it is not forbidden to do so). This document does not mandate a specific format for the API catalog document, although it does suggest some existing formats and general guidance regarding the content.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Using the 'api-catalog' well-known URI The api-catalog well-known URI is intended for HTTP(S) servers that publish APIs and wish to facilitate their discovery and usage. Since the purpose of the api-catalog well-known URI is to facilitate API discovery with minimal prior knowledge, it is recommended that /.well-known/api-catalog be hosted at a predictable hostname, e.g. www.example.com . It may also be hosted at other hostnames, e.g. api.example.com, developer.example.com etc. A Web host (example.com) supporting this URI:

• SHALL resolve an HTTP(S) GET request to /.well-known/api-catalog and return an API catalog document.
• SHOULD resolve an HTTP(S) HEAD request to /.well-known/api-catalog with a response including a Link header with the relation(s) defined in

The API Catalog There is no mandated format for the API Catalog document. The Web Host is free to choose any format that supports the automated discovery, and machine (and human) usage of their APIs. The Web Host may choose to include useful metadata, including API version information, usage policies etc. - and is recommended to support link relations to support machine discovery and usage of APIs. Some example formats/contents include:

• A linkset of API endpoints
• API bookmarks that represent an API entry-point and may be followed to discover purpose and usage
• Links to the OpenAPI Specification definitions for each API
• A RESTDesc semantic description for hypermedia APIs
• An APIs.json document
• A Hypertext Application Language document
• Any other format decided by the Web Host

Appendix A includes some example API Catalog documents based on the linkset and 'bookmark' formats.

Link relations "api-catalog" . Refers to an API catalog documenting the Web Host's API.

Conformance to RFC8615 The requirements in section 3 of for defining Well-Known Uniform Resource Identifiers are met as follows:

Path prefix The api-catalog URI SHALL be appended to the /.well-known/ path-prefix for "well-known locations".

Supported URI schemes The api-catalog well-known URI may be used with the HTTP and HTTPS URI schemes.

Registration of the api-catalog well-known URI See considerations below.

IANA Considerations

The api-catalog well-known URI This specification registers the "api-catalog" well-known URI in the Well-Known URI Registry as defined by . URI suffix: api-catalog Specification document(s): draft-ietf-httpapi-api-catalog-00 Related information: The "api-catalog" documents obtained from the same host using the HTTP and HTTPS protocols (using default ports) MUST be identical.

The api-catalog link relation This specification registers the "api-catalog" link relation by following the procedures per section 4.2.2 of Relation Name: api-catalog Description: Identifies a catalog of APIs published by the context Web host. Reference: draft-ietf-httpapi-api-catalog-00

Security Considerations TBD

References Normative References Informative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. stateless.co HAL is a simple format that gives a consistent and easy way to hyperlink between resources in your API. APIs.json is a machine readable specification that API providers can use to describe their API operations. Semantic descriptions for hypermedia APIs.

Example API catalog documents This section is informative, and non-exhaustive. It presents some example API catalog document formats (other formats may be used).

Using Linkset with RFC8615 relations This example uses the linkset format , and the following link relations defined in :

• "service-desc",used to link to a description of the API that is primarily intended for machine consumption.
• "service-doc", used to link to API documentation that is primarily intended for human consumption.
• "service-meta", used to link to additional metadata about the API, and is primarily intended for machine consumption.
• "status", used to link to the API status (e.g.API "health" indication etc.) for machine and/or human consumption.

api-catalog linkset example

Using Linkset with bookmarks This example also uses the linkset format , listing the API endpoints in an array of bookmarks. The intent is that by following a bookmark link, a machine-client can discover the purpose and usage of each API, hence the document targeted by the bookmark link must support this.

api-catalog linkset example

Acknowledgements TODO