API Design Guidelines¶
The following section outlines guidelines related to extending and/or modifying the Galaxy API. The Galaxy API has been developed over time in an ad-hoc fashion and by many contributors, so clients SHOULD NOT expect the API will conform to these guidelines - but developers contributing to the Galaxy API SHOULD follow these guidelines.
Before Getting Started¶
Developers should familiarize themselves with HTTP method definitions. While Galaxy follows these imperfectly - a serious effort should be made to use HTTP methods (GET, POST, PUT, DELETE, etc.) correctly and consistently. More information about these methods with a focus on RESTful APIs can be found at https://restfulapi.net/http-methods/.
Developers should also familiarize themselves with the HTTP status code definitions. The API responses should properly set the status code according to the result - in particular 2XX responses should be used for successful requests, 4XX for various kinds of client errors, and 5XX for the errors on the server side.
Finally, developers should familiarize themselves with RESTful API design. Again, Galaxy follows generic RESTful guidelines imperfectly, but a serious effort should be made to design the API as RESTfully and consistently as possible.
Documenting the API¶
An API endpoint implementation method should include high-level docstring documentation for consumption at docs.galaxyproject.org.
API functionality should consume and produce Pydantic models with typed and annotated fields. This information will be used to generate detailed OpenAPI documentation for APIs in the near future. Typed models also improve the quality and thoroughness of the static checking that can be done for the Galaxy backend.
To further document your API and allow other developers to see how it functions, new API functionality should include functional tests. These functional tests should be implemented in Python and added to either the API test suite or the integration test suite. Checkout the Writing Tests for Galaxy documentation for more information on developing tests for Galaxy.
The Galaxy documentation can be generated by running
from the Galaxy root. Galaxy can be type checked by running
tox -e mypy
from the root of Galaxy after tox has been configured.
API methods should throw a finite number of exceptions
galaxy.exceptions) and these should subclass
galaxy.exceptions.MessageException and not paste/WSGI/FastAPI HTTP exceptions.
When possible, the framework itself should be responsible for catching these exceptions,
setting the status code, and building an error response. Throwing these exceptions
will ensure the API responses are consistent across frameworks and across the API.
These exceptions allow throwers to attach arbitrary extra information.
Error responses should not consist of plain text strings - they should be dictionaries describing the error and containing the following:
The error code (
err_code) is defined by the exception class
and pulled from
lig/galaxy/exceptions/error_codes.json. This JSON
document should be used to add new error conditions or improve
default error messages.
If there is an error processing some part of the request (one item in a list for instance), the status code should be set to reflect the error and the partial result may or may not be returned depending on the controller - this behavior should be documented.
Backward compatibility is important and should be maintained when possible. If changing behavior in a non-backward compatible way please ensure one of the following holds - there is a strong reason to believe no consumers depend on the old behavior, the behavior is effectively broken, or the API method being modified has not been part of a tagged dist release. If these conditions do not hold, please help the Galaxy release manager ensure information about the breaking API is highlighted in the Galaxy release notes.
Whenever functionality needs to be added, removed, or modified that breaks backward compatibility in a significant way to a component used by the community - a “dev” variant of the API should be established and the community should be alerted and given a time frame for when the old behavior will be replaced with the new behavior.
Functionality should not be copied and pasted between controllers -
consider refactoring functionality into associated classes or short of
that into mixins or into managers (
To whatever degree is possible, the Galaxy API controller classes
galaxy.webapps.galaxy.api) should be as lean as
possible. Most of the logic should be pushed into components that
are decoupled from the actual web application and the web framework.
The role of the controller should be simply to adapt the web request
(tied to the web framework) to simple objects (plain Python objects,
Pydantic models, or SQLAlchemy models), send these objects to a
Python component lower in the stack, and finally to translate the
response to a web response. This design will ensure that Galaxy
application logic is usable in as many contexts as possible and
decouple the core “business logic” of Galaxy from the web framework
Going forward, we anticipate the most typical way this abstract
advice translates to concrete code flow is that API controllers
galaxy.webapps.galaxy.api receive or produce Pydantic
models and pass them to manager components defined in
galaxy.managers. The manager is then responsible for
interacting with the whole backend or specific components to
fullfil the desired request.
Galaxy work contexts provide a way for API requests (and other
components) to describe what they require from the framework
in terms of the request (examples include the Galaxy app, a user
to act on behalf of, or a user with a defined “current history”).
These objects describing the web request are passed around rather
haphazardly as an argument named
trans. To design API methods
to deal with
trans in the most statically checkable and
rigorous way - please review the docs for
A very clean, isolated example of a well documented controller
and well annotated models is the licenses endpoint -
galaxy.webapps.galaxy.api.licenses. A more complicated
endpoint that demonstrates working with a manager and the
Galaxy model backend is the roles endpoint -
Changes to reflect modifications to the API should be pushed upstream to the BioBlend project if possible.
Longer Term Goals¶
It would be advantageous to have a clearer separation of anonymous and admin handling functionality.
Consistent standards for range-based requests, batch requests, filtered requests, etc… should be established and documented here.