Security & Auth
JWT/OAuth, scopes, and best practices.
- RBAC/ACL
- Rate limits
- CORS
- Input validation
Schema & Versioning
Predictable and maintainable APIs.
- OpenAPI/Swagger
- v1/v2 strategy
- Deprecation policy
- Testing
Performance
Low latency and robust caching.
- HTTP caching
- Edge/CDN
- Batching
- Pagination