Search code, repositories, users, issues, pull requests...

hyrumtoken is a Go package to encrypt pagination tokens, so that your API clients can't depend on their contents, ordering, or any other characteristics.

With a sufficient number of users of an API, it does not matter what you promise in the contract: all observable behaviors of your system will be depended on by somebody.

I was implementing an audit logging feature. My job was the backend, some other folks were doing the frontend. To get them going quickly, I gave them an API documented like this:

That will return {"events": [...], "nextPageToken": "...", "totalCount": ...}. If nextPageToken is empty, you've hit the end of the list.

To keep things real simple, my unblock-the-frontend MVP used limit/offset pagination. The page tokens were just the offset values. This wasn't going to work once we had filters/sorts/millions of events, but whatever! Just rendering the audit log events was already a good chunk of work for the frontend folks, and we wanted to work in parallel.

Weird. The documented API doesn't really promise any affordance of "seeking" to a random page. "If you're on page 1 and you click on 3, what happens?" The reply: "We just set the pageToken to 300".

Leave a Comment