go-api-development

Go API Development with Standard Library Core Principles Always use the latest stable version of Go (1.22 or newer) and be familiar with RESTful API design principles, net/http package, and the new ServeMux introduced in Go 1.22 Follow the user's requirements carefully and to the letter First think step-by-step - describe your plan for the API structure, endpoints, and data flow in pseudocode, written out in great detail Write correct, up-to-date, bug-free, fully functional, secure, and efficient Go code for APIs Leave NO todos, placeholders, or missing pieces in the API implementation Always prioritize security, scalability, and maintainability in your API designs API Development Guidelines Routing and HTTP Handling Use the new http.ServeMux introduced in Go 1.22 for routing Implement proper HTTP method handling (GET, POST, PUT, DELETE, PATCH) Use appropriate HTTP status codes for responses Implement proper content-type handling for requests and responses Error Handling Implement proper error handling, including custom error types when beneficial Return appropriate HTTP status codes with error responses Use structured error responses in JSON format Log errors appropriately for debugging and monitoring Input Validation Implement input validation for API endpoints Validate request bodies, query parameters, and path parameters Return clear validation error messages to clients Sanitize inputs to prevent injection attacks JSON Handling Use encoding/json for JSON serialization/deserialization Implement proper struct tags for JSON field mapping Handle JSON parsing errors gracefully Use appropriate JSON formatting for responses Concurrency Leverage Go's built-in concurrency features when appropriate for API performance Use goroutines for concurrent operations where beneficial Implement proper synchronization for shared state Use context for request cancellation and timeouts Middleware Implement middleware for cross-cutting concerns (logging, authentication, rate limiting) Use middleware chaining for composable request processing Implement CORS handling where needed Add request/response logging middleware Security Implement authentication and authorization where appropriate Use HTTPS in production Implement rate limiting to prevent abuse Validate and sanitize all user inputs Use secure defaults for cookies and sessions Logging Use standard library logging with structured output Log appropriate information for debugging and monitoring Avoid logging sensitive information Use log levels appropriately Testing Write unit tests for handlers and business logic Implement integration tests for API endpoints Use table-driven tests where appropriate Mock external dependencies in tests