Best Practices

API Design Principles

Build well-designed, consistent, and developer-friendly APIs using industry best practices and proven design patterns.

REST API Principles

Resource-Based

URLs should represent resources (nouns), not actions (verbs). Use HTTP methods to define operations.

/users

/products/123

✗/getUsers

✗/deleteProduct/123

Stateless

Each request should contain all information needed. Server shouldn't store client state between requests.

Include auth token in each request

Pass all required parameters

Don't rely on session state

Uniform Interface

Use standard HTTP methods, status codes, and conventions consistently across all endpoints.

GET for retrieval

POST for creation

PUT/PATCH for updates

DELETE for removal

Hierarchical

Represent relationships through nested resources and clear hierarchies.

/users/123/posts

/posts/456/comments

/orders/789/items

Resource Naming Conventions

Naming Best Practices

1. Use Plural Nouns for Collections

plaintext

2. Use Lowercase with Hyphens

plaintext

3. Avoid File Extensions

plaintext

4. Use Sub-Resources for Relationships

plaintext

5. Use Query Parameters for Filters

plaintext

HTTP Methods Usage

GETRetrieve Resources

Retrieve data without side effects. Should be safe and idempotent.

http

POSTCreate Resources

Create new resources. Not idempotent - multiple identical requests create multiple resources.

json

PUTReplace Resources

Replace entire resource. Idempotent - same request produces same result.

json

PATCHUpdate Resources

Partially update resource. Only include fields to change. Idempotent.

json

DELETERemove Resources

Delete resources. Idempotent - deleting same resource multiple times has same effect.

json

Idempotency

Understanding Idempotency

An idempotent operation produces the same result when called multiple times with identical parameters. This is crucial for reliable APIs.

Idempotent Methods

GET- Always safe and idempotent

PUT- Replace resource with same data

PATCH- Update same fields to same values

DELETE- Deleting deleted resource returns 404

Non-Idempotent Method

⚠

POST- Creates new resource each time

Making POST Idempotent

Use idempotency keys to prevent duplicate resource creation:

javascript

Endpoint Structure Patterns

Collection and Resource Endpoints

http

Nested Resources

http

Actions on Resources

For operations that don't fit CRUD, use action verbs as sub-resources:

http

Search and Filtering

http

Bulk Operations

json

Response Design

Consistent Response Structure

json

Use Appropriate Status Codes

2xx Success

200 OK - Successful GET, PUT, PATCH, DELETE

201 Created - Successful POST (resource created)

204 No Content - Successful DELETE (no response body)

4xx Client Errors

400 Bad Request - Invalid request data

401 Unauthorized - Missing or invalid authentication

403 Forbidden - Insufficient permissions

404 Not Found - Resource doesn't exist

409 Conflict - Resource already exists

422 Unprocessable Entity - Validation failed

429 Too Many Requests - Rate limit exceeded

5xx Server Errors

500 Internal Server Error - Unexpected error

503 Service Unavailable - Temporary downtime

Include Timestamps

json

API Versioning Strategies

1. URL Path Versioning (Recommended)

plaintext

Easy to test and share URLs, works with all HTTP clients

2. Header Versioning

http

⚠Cleaner URLs but harder to test, requires header support

3. Query Parameter Versioning

http

✗Not recommended - mixes versioning with filtering concerns

API Design Best Practices

Use nouns for resources: /users, /products, not /getUsers

Plural collections: /users not /user

Lowercase with hyphens: /user-profiles not /userProfiles

HTTP methods for actions: GET, POST, PUT, PATCH, DELETE

Appropriate status codes: 200, 201, 204, 400, 404, 500

Consistent response structure: Use data/error wrapper objects

Include timestamps: created_at, updated_at in ISO 8601 format

Version your API: Use /v1/, /v2/ in URL path

Support filtering and pagination: Query parameters for search, sort, page

Make operations idempotent: Use idempotency keys for POST requests

Limit nesting depth: Maximum 2 levels (e.g., /users/123/posts/456)

Document your API: Use OpenAPI/Swagger specifications

Previous: Mobile App Backend Next: REST Principles

REST API Principles

Resource-Based

URLs should represent resources (nouns), not actions (verbs). Use HTTP methods to define operations.

/users

/products/123

✗/getUsers

✗/deleteProduct/123

Stateless

Each request should contain all information needed. Server shouldn't store client state between requests.

Include auth token in each request

Pass all required parameters

Don't rely on session state

Uniform Interface

Use standard HTTP methods, status codes, and conventions consistently across all endpoints.

GET for retrieval

POST for creation

PUT/PATCH for updates

DELETE for removal

Hierarchical

Represent relationships through nested resources and clear hierarchies.

/users/123/posts

/posts/456/comments

/orders/789/items

HTTP Methods Usage

GETRetrieve Resources

Retrieve data without side effects. Should be safe and idempotent.

http

POSTCreate Resources

Create new resources. Not idempotent - multiple identical requests create multiple resources.

json

PUTReplace Resources

Replace entire resource. Idempotent - same request produces same result.

json

PATCHUpdate Resources

Partially update resource. Only include fields to change. Idempotent.

json

DELETERemove Resources

Delete resources. Idempotent - deleting same resource multiple times has same effect.

json

Idempotency

Understanding Idempotency

An idempotent operation produces the same result when called multiple times with identical parameters. This is crucial for reliable APIs.

Idempotent Methods

GET- Always safe and idempotent

PUT- Replace resource with same data

PATCH- Update same fields to same values

DELETE- Deleting deleted resource returns 404

Non-Idempotent Method

⚠

POST- Creates new resource each time

Making POST Idempotent

Use idempotency keys to prevent duplicate resource creation:

javascript

Response Design

Consistent Response Structure

json

Use Appropriate Status Codes

2xx Success

200 OK - Successful GET, PUT, PATCH, DELETE

201 Created - Successful POST (resource created)

204 No Content - Successful DELETE (no response body)

4xx Client Errors

400 Bad Request - Invalid request data

401 Unauthorized - Missing or invalid authentication

403 Forbidden - Insufficient permissions

404 Not Found - Resource doesn't exist

409 Conflict - Resource already exists

422 Unprocessable Entity - Validation failed

429 Too Many Requests - Rate limit exceeded

5xx Server Errors

500 Internal Server Error - Unexpected error

503 Service Unavailable - Temporary downtime

Include Timestamps

json