Search tools and guides ⌘K
Multi-page · for platform + public-API teams
Protocols & wire formats

Protocols and wire formats

REST, gRPC, GraphQL, Protobuf, Thrift, JSON, WebSockets, webhooks. The formats and protocols that connect services to one another, plus the cross-cutting concerns — versioning, authentication, idempotency, error envelopes — that show up regardless of which one you pick. Each sub-page below is a self-contained walkthrough.

Eleven sub-pages. Each is a long-form walk-through with code examples, diagrams, and links into the canon — RFCs, papers, and engineering writing worth keeping handy.

Deep dives

The eleven deep dives

01 Live

REST

Resources, verbs, status codes, idempotency, HATEOAS. What Roy Fielding actually defined, what we ship in production, and how the constraints earn their keep.

resources ·HTTP verbs ·status codes ·idempotency keys ·HATEOAS
Read
02 Live

gRPC

HTTP/2 framing, Protobuf payloads, the four streaming modes, deadlines, interceptors. The fastest mainstream RPC stack and where it earns its keep.

HTTP/2 ·four streaming modes ·deadlines ·interceptors ·gRPC-Web
Read
03 Live

GraphQL

Schema, resolvers, the N+1 problem, DataLoader, persisted queries, federation. A query language for APIs and how it survives in production.

schema ·resolvers ·DataLoader ·persisted queries ·federation
Read
04 Live

Protocol Buffers

Wire format, varints, ZigZag, field tags, schema evolution. The rules that let you change a Protobuf schema without breaking deployed clients.

wire format ·varints ·ZigZag ·schema evolution ·reserved fields
Read
05 Live

Apache Thrift

Facebook's IDL with pluggable transports and protocols. The Compact Protocol, fbthrift, Finagle Thrift, and how it compares to gRPC + Protobuf.

IDL ·pluggable transport ·Compact Protocol ·fbthrift ·Finagle
Read
06 Live

JSON & JSON-RPC

The lingua franca of web APIs. Why it won, where it bites, and how JSON Schema, JSON-RPC, and binary cousins (CBOR, MessagePack, BSON) fit in.

data model ·JSON Schema ·JSON-RPC ·NDJSON ·binary cousins
Read
07 Live

WebSockets & SSE

Push to the browser. SSE for one-way, WebSockets for bidirectional, long-polling as fallback, WebTransport for the future. Production gotchas around proxies, timeouts, reconnects.

SSE ·RFC 6455 ·long-polling ·WebTransport ·reconnect
Read
08 Live

Webhooks

Server-to-server callbacks. At-least-once delivery, exponential retries with jitter, HMAC signatures, replay defense, dead-letter queues. The Standard Webhooks spec.

at-least-once ·retries ·HMAC signing ·replay defense ·standardwebhooks.com
Read
09 Live

Versioning

URI vs header vs date-based. The deprecation playbook (Sunset header, brownouts, dual-write). Stripe's date-pinned approach, GitHub's vendor media types, AWS's URI versions.

breaking change ·date-based ·Sunset header ·brownouts ·semver
Read
10 Live

Authentication

Five mainstream API auth schemes — API keys, OAuth 2.0 + PKCE, JWT, mTLS, HMAC-signed (SigV4). When each makes sense and the foot-guns to avoid.

API keys ·OAuth 2.0 + PKCE ·JWT ·mTLS ·HMAC SigV4
Read
11 Live

Pagination, errors, idempotency

The cross-cutting practices that age well. Cursor pagination, RFC 9457 error envelopes, rate-limit headers, idempotency keys, request-id propagation, observability hooks.

cursor pagination ·RFC 9457 ·rate-limit headers ·idempotency keys ·observability
Read
Where to go from here

The API design curriculum

The parent study path frames where each protocol fits in the bigger picture. Pair it with the deep dives above when you want both perspective and detail. The links below are the references each sub-page draws from — RFCs, vendor docs, and engineering writing worth bookmarking.

Related Concepts Related Concepts
Simulator HTTP Flow Simulator Simulator gRPC vs REST Simulator Simulator JWT Lifecycle Simulator Simulator JSON vs Protobuf Simulator Guide OAuth 2 — authorization Guide API Gateway — edge enforcement Study Path API Design Study Path