DEV Community

Cover image for API Documentation: Good, Bad, and Unusable
APIVerve
APIVerve

Posted on • Originally published at blog.apiverve.com

API Documentation: Good, Bad, and Unusable

#documentation #devrel #apievaluation #bestpractices

Documentation is the API's resume. And like resumes, some are polished, some are sloppy, and some make you wonder if anyone actually read it before publishing.

Before you commit to an API integration, read the docs. Not to learn the API — to evaluate whether this provider deserves your time.

Here's what to look for.

The First 30 Seconds

Open the documentation. Start a timer.

Can you answer these questions in 30 seconds?

  1. What does this API do?
  2. How do I authenticate?
  3. What's the base URL?
  4. Show me a basic request and response.

If yes: good sign. Someone thought about your experience.

If no: warning sign. You'll be piecing things together from scattered pages.

If the docs open with a wall of text about the company history, the founder's vision, or a glossary of terms — close the tab. Life is too short.

The Quickstart Test

Every documentation site has a quickstart or "getting started" section. This is the API's handshake. First impressions matter.

Good quickstart:

  • Copy-paste a curl command
  • Replace the API key placeholder
  • Run it
  • See a response
  • Total time: under 2 minutes

Bad quickstart:

  • Read 3 paragraphs of concepts
  • Navigate to another page for authentication setup
  • Navigate to another page for the SDK installation
  • Navigate to another page for the actual request
  • Debug why it doesn't work because one of those pages was outdated
  • Total time: 45 minutes and growing frustration

The quickstart should get you a successful API call. That's it. Concepts can come later. Just let me see something work.

Error Documentation (Or Lack Thereof)

This separates professionals from amateurs.

When things go wrong — and they will — what does the API tell you?

Good error documentation:

Every error code is listed. Each one explains what triggered it and how to fix it. The HTTP status codes match conventions (400 for bad requests, 401 for auth failures, 429 for rate limits).

Example response included for each error type. No guessing.

Bad error documentation:

"If an error occurs, the API will return an error response."

Thanks. Incredibly helpful.

Or worse: error codes that are just numbers with no explanation. "Error 7042: Processing failed." What does that mean? The documentation doesn't say.

When evaluating an API, intentionally trigger errors. Send a malformed request. Use an invalid API key. Exceed a rate limit. See what comes back.

If the error messages are helpful, someone cared about your debugging experience. If they're cryptic, prepare for frustrating 3am sessions.

The Consistency Check

Pick three random endpoints and compare them.

Do they follow the same patterns?

Authentication: Is it the same header everywhere? Or does one endpoint use x-api-key while another uses Authorization: Bearer?

Response format: Same structure? Same field naming conventions? Or does one endpoint return user_id while another returns userId and a third returns id?

Error format: Consistent error schema? Or does each endpoint invent its own way to tell you something went wrong?

Inconsistency in documentation usually means inconsistency in the API itself. And inconsistency means extra code on your side to handle the variations.

Code Examples That Work

This sounds obvious. It isn't.

Copy-paste a code example from the documentation. Run it with your API key.

Does it work?

You'd be shocked how often documentation examples are outdated, use deprecated syntax, or simply don't work because nobody tested them after the API changed.

Signs of maintained examples:

  • Multiple languages (not just curl)
  • Modern syntax (async/await, not callbacks)
  • Comments that explain what's happening
  • Expected response shown alongside the request

Signs of abandoned examples:

  • Syntax errors in the code
  • Old SDK versions referenced
  • "TODO: add example" comments still visible
  • Examples that return different data than shown

If the examples are broken, the maintenance culture is broken. Expect other problems.

Rate Limit Transparency

How many requests can you make? Per second? Per minute? Per day?

What happens when you exceed the limit?

Good documentation tells you exactly:

  • The limit numbers for your plan
  • Which headers show your remaining quota
  • How long until the limit resets
  • What response you'll get when limited

Bad documentation either doesn't mention limits at all (suspicious) or mentions them vaguely ("generous rate limits included").

No specific numbers = prepare for surprises.

The Changelog Question

Find the changelog or release notes.

When was the last update?

Recent updates (within months): Active development. Bugs get fixed. Features get added.

No updates in over a year: Either the API is "done" (rare) or abandoned (common). Neither is great for something you're building a business on.

No changelog at all: They don't track changes, or they don't think you need to know. Both are problems.

Also look at what changed. Bug fixes and improvements suggest a healthy product. "Breaking changes to authentication" three times in a year suggests instability.

Authentication Clarity

Authentication is where many developers get stuck. Good docs make this trivial.

What you need to know:

  • Where to get your API key
  • Exactly which header to use
  • Whether it's an API key, bearer token, or something else
  • If there are different keys for test vs production

Red flags:

  • "Contact sales for API access"
  • OAuth flows explained poorly or not at all
  • Multiple authentication methods with unclear guidance on which to use
  • API keys that expire with no clear renewal process

Can you get authenticated and make a request in under 5 minutes? That's the bar.

Response Schema Documentation

When you call the API, what comes back?

Good documentation shows you:

  • Every field in the response
  • The data type of each field
  • Whether fields are always present or sometimes omitted
  • What null or empty values mean

This matters because you're writing code that depends on this structure. If user.email is sometimes missing and the docs don't mention it, your code throws a null reference exception and users see an error page.

Look for OpenAPI/Swagger specs. These are machine-readable schemas that can generate types for your code. Docs with OpenAPI specs are generally more rigorous.

The SDKs Tell a Story

If official SDKs exist, look at them.

Questions to ask:

  • When were they last updated?
  • Do they cover all the endpoints?
  • Are they documented themselves?
  • What's the installation process like?

Outdated SDKs that lag behind the API are worse than no SDK at all. They create a false sense of convenience while introducing version mismatch bugs.

Good SDKs have their own documentation, changelogs, and issue trackers. They're treated as products, not afterthoughts.

Search Functionality

Can you search the docs?

If yes: does it actually find what you're looking for? Search "rate limit" and see if the rate limit documentation appears.

If no: you're navigating by clicking and hoping. Documentation without search is documentation that's hiding things from you.

Bonus points: search that includes code examples, not just prose.

The Mobile Test

Open the docs on your phone.

Why? Because documentation that's unreadable on mobile is documentation that wasn't tested. And if they didn't test the docs, what else didn't they test?

Good docs are responsive. Code examples don't overflow. Navigation works.

Bad docs on mobile are an early warning sign about attention to detail.

What Great Documentation Looks Like

You'll know it when you see it.

  • Clear navigation that matches your mental model
  • A quickstart that gets you calling the API in minutes
  • Every endpoint documented with request and response examples
  • Error codes that help you debug, not frustrate you
  • A changelog that shows active maintenance
  • Search that finds what you need
  • Consistency everywhere

Great documentation feels like a conversation with a helpful colleague. You ask a question, you get an answer. You try something, it works.

Bad documentation feels like archaeology. You're digging through layers of outdated information, hoping to find something useful.

The Documentation Audit

Before your next API integration, run this quick audit:

  • [ ] Can I make an API call in under 5 minutes?
  • [ ] Are code examples accurate and runnable?
  • [ ] Are all error codes documented?
  • [ ] Are rate limits clearly stated?
  • [ ] Is there a changelog with recent updates?
  • [ ] Is authentication clearly explained?
  • [ ] Can I search the docs?
  • [ ] Are responses fully documented?

Four or fewer checks? Think hard before integrating. You'll be fighting the documentation as much as building features.

Documentation quality correlates with API quality. Teams that write good docs usually write good code. Teams that neglect docs usually cut other corners too.

Trust the documentation to tell you the truth about the API behind it.

Want to see what good documentation looks like? Check out our docs — clear examples, consistent patterns, everything you need to ship.

Originally published at APIVerve Blog

Top comments (0)