Internet Engineering Task Force K. Smith, Ed. Internet-Draft Vodafone Intended status: Standards Track 2 June 2023 Expires: 4 December 2023 api-catalog: A well-known URI to help discovery of APIs draft-smith-api-catalog-02 Abstract This document defines the "api-catalog" well-known URI. It is intended to facilitate discovery of the APIs published by a Web host. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 4 December 2023. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Smith Expires 4 December 2023 [Page 1] Internet-Draft api-catalog June 2023 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Goals and non-goals . . . . . . . . . . . . . . . . . . . 2 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Using the 'api-catalog' well-known URI . . . . . . . . . . . 3 3. Associated Media type: the api-catalog linkset . . . . . . . 3 4. Link relations . . . . . . . . . . . . . . . . . . . . . . . 4 5. Conformance to RFC8615 . . . . . . . . . . . . . . . . . . . 4 5.1. Path prefix . . . . . . . . . . . . . . . . . . . . . . . 4 5.2. Supported URI schemes . . . . . . . . . . . . . . . . . . 5 5.3. Registration of the api-catalog well-known URI . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 6.1. The api-catalog well-known URI . . . . . . . . . . . . . 5 6.2. The api-catalog link relation . . . . . . . . . . . . . . 5 6.3. The api-bookmarks link relation . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 8.2. Informative References . . . . . . . . . . . . . . . . . 6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction A Web host may publish Application Programming Interfaces (APIs) to encourage requests for interaction from external parties. Such APIs must be discovered before they may be used - i.e., the external party needs to know what APIs a given Web host exposes, including their purpose, any constraints to use, and the endpoints to interact with the APIs. To faciliate discovery of this information, this document proposes a well-known URI, 'api-catalog', as a location where a Web host's API endpoints are listed and described. 1.1. Goals and non-goals The primary goal is to facilitate the discovery of both a Web Host's public API endpoints, and metadata that informs the potential API client of the purpose of each API and any constraints around usage. Non-goals: this document does not mandate paths for API endpoints. i.e., it does not mandate that my_example_api should be available at example.com/.well-known/api-catalog/my_example_api (although it is not forbidden to do so). Smith Expires 4 December 2023 [Page 2] Internet-Draft api-catalog June 2023 1.2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] when, and only when, they appear in all capitals, as shown here. 2. Using the 'api-catalog' well-known URI The api-catalog well-known URI is intended for HTTP(S) servers that publish APIs and wish to facilitate their discovery. Since the purpose of the api-catalog well-known URI is to facilitate API discovery with minimal prior knowledge, it is recommended that /.well-known/api-catalog be hosted at a predictable hostname, i.e. www.example.com . It may also be hosted at other hostnames, e.g. api.example.com, developer.example.com etc. A Web host (example.com) supporting this URI: * SHALL resolve an HTTP(S) GET request to /.well-known/api-catalog and return a linkset * SHOULD resolve an HTTP(S) HEAD request to /.well-known/api-catalog with a response including a Link header with the relation(s) defined in Section 4. 3. Associated Media type: the api-catalog linkset A request to the api-catalog well-known URI SHALL return a linkset [RFC9264] containing an array of links with the link relation "api- bookmarks" and an anchor representing the entity hosting the APIs. Following each link SHOULD return a machine-readable description of the API with sufficient information to decide if, and understand how, to use the API. (Editor's note: we can recommend the format for this machine-readble description, e.g. https://restdesc.org/) Example request: Smith Expires 4 December 2023 [Page 3] Internet-Draft api-catalog June 2023 GET .well-know/api-catalog HTTP/1.1 Host: example.com Accept: application/linkset+json HTTP/1.1 200 OK Date: Mon, 01 Jun 2023 00:00:01 GMT Server: Apache-Coyote/1.1 Content-Type: application/linkset+json { "linkset": [{ "anchor": https://example.com/, "api-bookmarks": [{ "href": https://developer.example.com/apis/foo_api }, { "href": https://developer.example.com/apis/bar_api }, { "href": https://developer.example.com/apis/cantona_api } ] }] } Figure 1: api-catalog linkset example 4. Link relations "api-catalog" . A list of one or more machine-readable API bookmarks published by the Web host. "api-bookmarks" . A collection of API bookmarks. Each bookmatk may be followed to obtain a machine-readable description of each API. (Editor's note: not sure if it's better to have an array of links under "api-bookmarks", or an array of links each with their own anchor, and individual link relation of "api-bookmark") 5. Conformance to RFC8615 The requirements in section 3 of [RFC8615] for defining Well-Known Uniform Resource Identifiers are met as follows: 5.1. Path prefix The api-catalog URI SHALL be appended to the /.well-known/ path- prefix for "well-known locations". Smith Expires 4 December 2023 [Page 4] Internet-Draft api-catalog June 2023 5.2. Supported URI schemes The api-catalog well-known URI may be used with the HTTP and HTTPS URI schemes. 5.3. Registration of the api-catalog well-known URI See Section 6 considerations below. 6. IANA Considerations 6.1. The api-catalog well-known URI This specification registers the "api-catalog" well-known URI in the Well-Known URI Registry as defined by [RFC6415] . URI suffix: api-catalog Specification document(s): draft-smith-api-catalog-02 Related information: The "api-catalog" documents obtained from the same host using the HTTP and HTTPS protocols (using default ports) MUST be identical. 6.2. The api-catalog link relation This specification registers the "api-catalog" link relation by following the procedures per section 4.2.2 of [RFC8288] (Editor's note: this is TODO). 6.3. The api-bookmarks link relation This specification registers the "api-bookmarks" link relation by following the procedures per section 4.2.2 of [RFC8288] (Editor's note: this is TODO). 7. Security Considerations TBD 8. References 8.1. Normative References [RFC6415] Hammer-Lahav, E., Ed. and B. Cook, "Web Host Metadata", RFC 6415, DOI 10.17487/RFC6415, October 2011, . Smith Expires 4 December 2023 [Page 5] Internet-Draft api-catalog June 2023 [RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, . [RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, . [RFC9264] Wilde, E. and H. Van de Sompel, "Linkset: Media Types and a Link Relation Type for Link Sets", RFC 9264, DOI 10.17487/RFC9264, July 2022, . 8.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Acknowledgements TODO Author's Address Kevin Smith (editor) Vodafone One Kingdom Street London W2 6BY United Kingdom Email: kevin.smith@vodafone.com URI: www.vodafone.com Smith Expires 4 December 2023 [Page 6]