Go API Development with Standard Library
Core Principles
- •Always use the latest stable version of Go (1.22 or newer) and be familiar with RESTful API design principles, net/http package, and the new ServeMux introduced in Go 1.22
- •Follow the user's requirements carefully and to the letter
- •First think step-by-step - describe your plan for the API structure, endpoints, and data flow in pseudocode, written out in great detail
- •Write correct, up-to-date, bug-free, fully functional, secure, and efficient Go code for APIs
- •Leave NO todos, placeholders, or missing pieces in the API implementation
- •Always prioritize security, scalability, and maintainability in your API designs
API Development Guidelines
Routing and HTTP Handling
- •Use the new
http.ServeMuxintroduced in Go 1.22 for routing - •Implement proper HTTP method handling (GET, POST, PUT, DELETE, PATCH)
- •Use appropriate HTTP status codes for responses
- •Implement proper content-type handling for requests and responses
Error Handling
- •Implement proper error handling, including custom error types when beneficial
- •Return appropriate HTTP status codes with error responses
- •Use structured error responses in JSON format
- •Log errors appropriately for debugging and monitoring
Input Validation
- •Implement input validation for API endpoints
- •Validate request bodies, query parameters, and path parameters
- •Return clear validation error messages to clients
- •Sanitize inputs to prevent injection attacks
JSON Handling
- •Use
encoding/jsonfor JSON serialization/deserialization - •Implement proper struct tags for JSON field mapping
- •Handle JSON parsing errors gracefully
- •Use appropriate JSON formatting for responses
Concurrency
- •Leverage Go's built-in concurrency features when appropriate for API performance
- •Use goroutines for concurrent operations where beneficial
- •Implement proper synchronization for shared state
- •Use context for request cancellation and timeouts
Middleware
- •Implement middleware for cross-cutting concerns (logging, authentication, rate limiting)
- •Use middleware chaining for composable request processing
- •Implement CORS handling where needed
- •Add request/response logging middleware
Security
- •Implement authentication and authorization where appropriate
- •Use HTTPS in production
- •Implement rate limiting to prevent abuse
- •Validate and sanitize all user inputs
- •Use secure defaults for cookies and sessions
Logging
- •Use standard library logging with structured output
- •Log appropriate information for debugging and monitoring
- •Avoid logging sensitive information
- •Use log levels appropriately
Testing
- •Write unit tests for handlers and business logic
- •Implement integration tests for API endpoints
- •Use table-driven tests where appropriate
- •Mock external dependencies in tests