各公司 API 接口设计观察

测试过程

因为我的两个帖子 /t/838609 /t/846741 V 友们的意见都不太统一，刚好看到今天有人又在争论这个问题，于是我打算看看各公司 API 的接口设计

• YouTube

首页随便找了个接口:

POST https://www.youtube.com/youtubei/v1/att/get?key=<input>&prettyPrint=true

Request:

key=? prettyPrint=? 

Success Case (HTTP 200):

{ "responseContext": { "serviceTrackingParams": [ { "service": "**", "params": [ { "key": "**", "value": "WEB" }, { "key": "**", "value": "**" }, ] }, ** ], "mainAppWebResponseContext": { "datasyncId": "**", "loggedOut": false }, "webResponseContextExtensionData": { "hasDecorated": true } }, "challenge": "**", "botguardData": { "program": "**", "interpreterSafeUrl": { "privateDoNotAccessOrElseTrustedResourceUrlWrappedValue": "//www.google.com/js/**.js" } } } 

Fail Case （不传 Key 字段 HTTP 403 ）：

{ "error": { "code": 403, "message": "The request is missing a valid API key.", "errors": [ { "message": "The request is missing a valid API key.", "domain": "global", "reason": "forbidden" } ], "status": "PERMISSION_DENIED" } } 

Fail Case 2 （ Key 随便传了个 0 HTTP 400 ）：

{ "error": { "code": 400, "message": "API key not valid. Please pass a valid API key.", "errors": [ { "message": "API key not valid. Please pass a valid API key.", "domain": "global", "reason": "badRequest" } ], "status": "INVALID_ARGUMENT", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "API_KEY_INVALID", "domain": "googlapis.com", "metadata": { "service": "**.googleapis.com" } } ] } } 

• Gmail

大部分 API 都有混淆，选一个列登录 Google 账号列表的

POST https://accounts.google.com/ListAccounts

Requests:

listPages=? authuser=? pid=? 

Success Case (HTTP 200):

["**",[["**",1,"**","**@gmail.com","https://**.googleusercontent.com/**.jpg",0,0,1,null,1,"**",null,**]]]

Success Case 2 (清空 Cookies 后测试 HTTP 200):

返回长度 0 的内容。

Fail Case (listPages 传负数 HTTP 400 ）：

返回长度 0 的内容。

另外这里看到了 3 个 ASP.NET Core 官方模板风格的请求（路由大驼峰，参数小驼峰）

• Twitter:

推特详情 API ，懒得截图了

GET https://twitter.com/i/api/graphql/**/TweetDetail

Request:

variables=%7B%22focalTweetId%**

URL 解码后：

{"focalTweetId":"**","referrer":"home",**

Success Case (HTTP 200):

{ "data": { "threaded_conversation_with_injections_v2": { "instructions": [ { "type": "TimelineAddEntries", "entries": [ { "entryId": "**" ** 

Fail Case (随便破坏 JSON 结构几个字符 HTTP 400 ）

{"errors":[{"message":"Cannot parse variables: \"focalTweetId\\\"** 

Fail Case 2 （传不存在的推特 ID HTTP 200 ）

{"errors":[{"message":"_Missing: No status found with that ID.","locations":[{"line":5,"column":3}], 

后续我又测试了 Amazon ，Azure ，AT&T 的 API ，结果都属于上面几种情况，因为过滤并检查是否有隐私信息麻烦就不贴了。

结论