API Integration Checklist

We've written a checklist for high-quality API integrations that we're giving away for FREE on our website.

This guide covers everything you'll need to think about before going live with an API integration, including correctness, security, performance, and maintainability concerns, such as:

• Is data normalized to the correct type, especially with regards to number types, and times and timezones?
• How will your system behave if the API slows down significantly, causing background processing to get backed up?
• If the API supports access scopes on API keys, are your access keys scoped to the minimum? Are you sure what scopes are needed?
• Is your webhook verification securely implemented? Aside from correctness, are you using a constant-time byte comparison to prevent timing attacks?
• If you’re storing API data in a database, are you upserting effectively by taking advantage of ‘exclude’ assignments and conditional upserts?
• If you’re upserting data, are you upserting the optimal way (UPSERT, MERGE, COPY, etc)?
• Can you query the API for exactly what you need? If not, how will you get around that?
• Do you have unit and integration tests for your integration? Are unit test fixtures easy to update when the API changes?
• Are webhooks recorded for audit and debugging purposes, and are these logs trimmed as needed?

This guide is distilled from the wisdom we've acquired throughout our careers, and especially creating dozens of in-depth API integrations for WebhookDB.

We hope you'll check it out and let us know what you think.