]> Vodafone

One Kingdom Street London W2 6BY GB kevin.smith@vodafone.com www.vodafone.com

General Internet Engineering Task Force well-known API This document defines the "api-catalog" well-known URI. It is intended to facilitate discovery of the APIs published by a Web host.

Introduction A Web host may publish Application Programming Interfaces (APIs) to encourage requests for interaction from external parties. Such APIs must be discovered before they may be used - i.e., the external party needs to know what APIs a given Web host exposes, including their purpose, any constraints to use, and the endpoints to interact with the APIs. To faciliate discovery of this information, this document proposes a well-known URI, 'api-catalog', as a location where a Web host's API endpoints are listed and described.

Goals and non-goals The primary goal is to facilitate the discovery of both a Web Host's public API endpoints, and metadata that informs the potential API client of the purpose of each API and any constraints around usage. Non-goals: this document does not mandate paths for API endpoints. i.e., it does not mandate that my_example_api should be available at example.com/.well-known/api-catalog/my_example_api (although it is not forbidden to do so).

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Using the 'api-catalog' well-known URI The api-catalog well-known URI is intended for HTTP(S) servers that publish APIs and wish to facilitate their discovery. Since the purpose of the api-catalog well-known URI is to facilitate API discovery with minimal prior knowledge, it is recommended that /.well-known/api-catalog be hosted at a predictable hostname, i.e. www.example.com . It may also be hosted at other hostnames, e.g. api.example.com, developer.example.com etc. A Web host (example.com) supporting this URI:

• SHALL resolve an HTTP(S) GET request to /.well-known/api-catalog and return a list of public APIs.
• SHOULD resolve an HTTP(S) HEAD request to /.well-known/api-catalog with a response including a Link header with the relation(s) defined in .

Associated Media type: the api-catalog linkset A request to the api-catalog well-known URI is expected to return a set of one or more links, each labelled with a link relation to allow machines and humans to decide if, and understand why, to follow them. The api-catalog is recommended to consist of:

• link(s) to the API gateway(s), or portal(s), of the Web Host, that present a public Web page with details of APIs offered, documentation, Ts & Cs etc.
• links to each API offered by the Web Host. Ideally each of these links will be to an API bookmark, which, if followed, will provide further links with information on API endpoints, operations, versions, documentation etc.

defines the application/linkset+json JSON document format for link sets, and is used for the following example:

api-catalog linkset example

Link relations (Editor's note: TODO. Suggested are: "api-catalog", and also "api-portal" because it seems likely many implementers will have such a portal, hence it makes sense to make that common. The APIs themselves are less likely to be common across implementers and should use extensible link relations, providing a URI to their definition. This also applies if the API being linked to is based on a standard, in which case the standard body in question should declare the URI for the extensible link relation definition, e.g. https://some_standards_org.example.com/relations/some_api , and this can be used by all implementing hosts of that API)

Conformance to RFC8615 The requirements in section 3 of for defining Well-Known Uniform Resource Identifiers are met as follows:

Path prefix The api-catalog URI SHALL be appended to the /.well-known/ path-prefix for "well-known locations".

Supported URI schemes The api-catalog well-known URI may be used with the HTTP and HTTPS URI schemes.

Registration of the api-catalog well-known URI See considerations below.

IANA Considerations

The api-catalog well-known URI This specification registers the "api-catalog" well-known URI in the Well-Known URI Registry as defined by . URI suffix: api-catalog Specification document(s): draft-smith-api-catalog-01 Related information: The "api-catalog" documents obtained from the same host using the HTTP and HTTPS protocols (using default ports) MUST be identical.

The api-catalog link relation This specification registers the "api-catalog" link relation by following the procedures per section 4.2.2 of (Editor's note: this is TODO).

The api-portal link relation (Editor's note: if the suggestion above to include this is agreed).

Security Considerations TBD

References Normative References Informative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.

Acknowledgements TODO