Integration (Apps)

1. Authentication
   1. OAUTH 1.0a
   2. Session
   3. API Key (Http basic - secret key passed into username, no password)
2. Data Formats
   1. JSON
   2. XML
3. API
   1. Pagination
   2. Error Handling
4. System
   1. Rate limiting
5. Documentation 
   1. Technical Implementation Manual
   2. Dynamic, explorable documentation (http://swagger.io/)
   3. Sample client program
   4. curl examples, atleast REQUEST/RESPONSE examples
6. Integration Points
   1. REST API
   2. SOAP API
   3. Web Interactions using postMessage()?
7. Versioning
   1. changelog for API
   2. version in the URL. 
   3. How to manage change
8. Needed Improvements
   1. More consistent use of HTTP methods
   2. More consistent data modelling
   3. Expanding through extra parameters (relations)
   4. Consistent naming and url structure
9. What to do about SOAP API

Resources:

http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api

https://stripe.com/docs/api#intro

https://docs.box.com/docs/oauth-20

https://www.etsy.com/developers/documentation/getting_started/api_basics