Best practices for CodeIgniter API development

Modern web applications built in CodeIgniter require API support. This article touches on those best practices for API development in CodeIgniter. These are general guidelines and hold true for all versions of CodeIgniter framework.

Use Status Codes

you can use status codes in responses of request. This will helpfull for users to known whether the request is successfull or fail. A good API should always return the proper HTTP error code that correctly explains the nature of the specific error that has occurred. For example:

"status_code": "401 Unauthorized",
"error": "invalid_token",
"error_description": "Access token expired: fhsgjfgs777868sdf868."

Use nouns instead of verbs

Naming conventation in apis are important and can save a lot of confusion. Use noun at the end of api path this is because our HTTP request method already has the verb.



Use filtering, searching and Pagination

Sometime API response data is large. Then retrieving data from database is very slow. For this purpose we use pagination. In filtering use a unique query parameter for retrieve the result. Sometimes basic filters aren’t sufficient and you need the power of full text search then use searching in APIs. For example:

DO: http://localhost:8080/rest/api

DON’T: http://localhost:8080/rest/api?limit=20&offset=0

Instead of limit based pagination, Its a best practice to implement cursor-based pagination. All the good companies are moving towards cursor-based pagination for large datasets where its important to not lose any data during updates. Check the link at the end of this article to learn cursor-based pagination.


Security is important when you build apis. For API management and security use api_key that is a single token string. Basic Authentication that is a two token string solution (username and password) Necessary to validate the input fields. Establish trusted identities and then control access to services and resources by using tokens assigned to those identities. At least enforce the principle of privilege. People shouldn’t be able to access more information that they requested. For example a normal user should not be able to access information of another user. They also should not be able to access data of admins.

Use rate limiting

Setting a threshold/throttling for an api. Other requests will be rejected. For example 30 requests per minute per account. Throttling can prevent denial of service attacks. A leaky bucket algorithm can be implemented to this effect.

Optimizing for Human Readers

APIs must be easy to understand and use. Utilize clear and easy naming systems with no abbreviation.
Utilize nouns rather than verbs in HTTP methods. Have easy to understood and simple descriptions for error management along with standardized error codes.

API Documentation

API documentation should provide information about the authorization, request/response examples, possible response status codes, pagination and available limits or throttling. It should be correct, up-to-date and easy to understand.

Working with Experts

Finally, it helps if you work with people who have done this a few dozen time and know how to develop CodeIgniter APIs with best practices built in. Let us make the extra effort for you.

Useful Links