Backend API Idioms - sgml/signature GitHub Wiki

Check the following:

Make sure the HTTP status code returned is explicitly for the response (do not return 200 with an error message in the payload; do not skip a body response for a DELETE request)

Error messages returned with error status codes are generic

Only return stack traces in local or based on an environment variable

Make sure HTTP Security Headers are present (strict-transport-security, nosniff)

Make sure the acceptable token (access vs refresh) for an endpoint is specified

References

https://www.searchapi.io/docs/amazon-search

https://www.cockroachlabs.com/docs/stable/start-a-local-cluster.html