What Makes an API "Open"?
An open API isn't just a public API — it's one designed for interoperability. That means using standard formats, predictable conventions, machine-readable documentation, and discovery mechanisms that allow any compliant client to integrate without proprietary SDKs or hand-holding. In a web ecosystem increasingly driven by automated agents, these properties are more valuable than ever.
This guide walks through the key design patterns that separate genuinely interoperable open APIs from APIs that are merely accessible.
Start with REST and HTTP Semantics
REST remains the dominant paradigm for open APIs because it maps cleanly to HTTP — a protocol every platform understands. To build a properly RESTful API:
- Use nouns for resources, not verbs:
/articles/42not/getArticle?id=42 - Respect HTTP methods: GET for reads, POST for creates, PUT/PATCH for updates, DELETE for removals
- Return appropriate status codes: 200, 201, 400, 401, 404, 422, and 429 each carry semantic meaning — use them correctly
- Support content negotiation: Honor the
Acceptheader to return JSON, XML, or other formats as requested
JSON-LD: Adding Semantic Context to Your Data
JSON-LD (JSON for Linked Data) extends plain JSON with semantic context, allowing machines to understand not just the structure of your data, but its meaning. It's the format behind Schema.org markup and a cornerstone of the Semantic Web.
A JSON-LD API response for an article might look like:
{
"@context": "https://schema.org",
"@type": "Article",
"headline": "Understanding .well-known URIs",
"author": {
"@type": "Person",
"name": "Jane Dev"
},
"datePublished": "2025-01-14"
}
By including @context and @type, you give any JSON-LD-aware client — including search engines and AI agents — the ability to interpret your data correctly without reading external documentation.
Well-Known Endpoints for API Discovery
Interoperable APIs publish their capabilities and metadata at predictable locations. The most important discovery endpoints for open APIs are:
| Endpoint | Content | Consumer |
|---|---|---|
/openapi.json or /openapi.yaml | Full OpenAPI specification | Developers, AI agents, tooling |
/.well-known/ai-plugin.json | AI capability manifest | AI assistants and agents |
/.well-known/oauth-authorization-server | OAuth server metadata (RFC 8414) | OAuth clients |
/health or /.well-known/health | API availability status | Monitoring systems |
Versioning Your API
Version your API from day one — retrofitting versioning is painful. Common strategies:
- URL path versioning:
/v1/articles,/v2/articles— simple and explicit, easy to test in a browser - Header versioning:
Accept: application/vnd.myapi.v2+json— cleaner URLs, harder to test manually - Query parameter versioning:
?version=2— easy to add but can get messy in URLs
For most open APIs targeting broad interoperability, URL path versioning is the pragmatic choice because it's unambiguous and works with every HTTP client and caching layer without configuration.
Pagination, Filtering, and Rate Limiting Conventions
Standardize your patterns so any client can predict how to interact with collections:
- Pagination: Use cursor-based pagination for large or frequently-updated datasets. Include
next,prev, andtotalin response envelopes, or use Link headers (RFC 5988). - Filtering: Use query parameters with a consistent pattern:
?filter[status]=published&filter[author]=42 - Rate limiting: Always return
X-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Resetheaders so clients can back off gracefully.
Documentation as a First-Class Deliverable
An open API without complete documentation isn't truly open. At minimum, publish:
- An OpenAPI 3.x specification (auto-generate it from your code if possible)
- Authentication and authorization guide
- Rate limits and quota documentation
- Changelog with deprecation notices
- At least one working code example per endpoint
Tools like Swagger UI, Redoc, or Scalar can turn your OpenAPI spec into beautiful interactive documentation with zero additional effort.