rest-api-designer

REST API Designer

Design RESTful APIs with proper resource modeling and endpoint structure.

Quick Start

Use resource-based URLs with plural nouns, proper HTTP methods, and consistent patterns.

Instructions

Core REST Principles

Resources, not actions:

Good: GET /users, POST /users Bad: GET /getUsers, POST /createUser

Use HTTP methods correctly:

GET: Retrieve (safe, idempotent)
POST: Create (not idempotent)
PUT: Replace (idempotent)
PATCH: Partial update (not idempotent)
DELETE: Remove (idempotent)

Use plural nouns:

Good: /products, /orders Bad: /product, /order

Resource Modeling

Identify resources:

List main entities (users, products, orders)
Identify relationships (user has orders, order has items)
Determine hierarchies (posts have comments)

Design URL structure:

/api/v1/resources /api/v1/resources/{id} /api/v1/resources/{id}/sub-resources

Example - Blog API:

GET /api/v1/posts # List posts POST /api/v1/posts # Create post GET /api/v1/posts/{id} # Get post PUT /api/v1/posts/{id} # Replace post PATCH /api/v1/posts/{id} # Update post DELETE /api/v1/posts/{id} # Delete post

GET /api/v1/posts/{id}/comments # List comments POST /api/v1/posts/{id}/comments # Create comment

HTTP Methods

GET - Retrieve resources:

GET /api/v1/users # List all users GET /api/v1/users/{id} # Get specific user GET /api/v1/users?role=admin # Filter users

Response:

{ "data": [ { "id": 1, "name": "John" } ], "meta": { "total": 100, "page": 1 } }

POST - Create resources:

POST /api/v1/users Content-Type: application/json

{ "name": "John Doe", "email": "john@example.com" }

Response (201 Created):

{ "id": 123, "name": "John Doe", "email": "john@example.com", "created_at": "2024-01-01T00:00:00Z" }

PUT - Replace resource:

PUT /api/v1/users/{id} Content-Type: application/json

{ "name": "John Smith", "email": "john.smith@example.com" }

PATCH - Partial update:

PATCH /api/v1/users/{id} Content-Type: application/json

{ "email": "newemail@example.com" }

DELETE - Remove resource:

DELETE /api/v1/users/{id}

Response (204 No Content or 200 with confirmation)

Query Parameters

Filtering:

GET /api/v1/products?category=electronics&price_min=100

Sorting:

GET /api/v1/products?sort=price&order=desc GET /api/v1/products?sort=-price # Descending

Pagination:

GET /api/v1/products?page=2&per_page=20 GET /api/v1/products?offset=20&limit=20

Field selection:

GET /api/v1/users?fields=id,name,email

Search:

GET /api/v1/products?q=laptop

Nested Resources

One level (recommended):

GET /api/v1/users/{id}/orders POST /api/v1/users/{id}/orders

Avoid deep nesting:

Bad: /api/v1/users/{id}/orders/{id}/items/{id}/reviews Better: /api/v1/reviews?item_id={id}

Alternative - flat with filters:

GET /api/v1/orders?user_id={id} GET /api/v1/comments?post_id={id}

Response Format

Success response:

{ "data": { "id": 1, "name": "Product" }, "meta": { "timestamp": "2024-01-01T00:00:00Z" } }

List response:

{ "data": [ { "id": 1, "name": "Item 1" }, { "id": 2, "name": "Item 2" } ], "meta": { "total": 100, "page": 1, "per_page": 20 }, "links": { "self": "/api/v1/items?page=1", "next": "/api/v1/items?page=2", "prev": null } }

Error response:

{ "error": { "code": "VALIDATION_ERROR", "message": "Invalid input", "details": [ { "field": "email", "message": "Invalid email format" } ] } }

Status Codes

Success:

200 OK: Successful GET, PUT, PATCH, DELETE
201 Created: Successful POST
204 No Content: Successful DELETE with no response body

Client errors:

400 Bad Request: Invalid input
401 Unauthorized: Missing/invalid auth
403 Forbidden: Insufficient permissions
404 Not Found: Resource doesn't exist
409 Conflict: Resource conflict
422 Unprocessable Entity: Validation error

Server errors:

500 Internal Server Error: Server error
503 Service Unavailable: Temporary unavailability

Versioning

URL versioning (recommended):

/api/v1/users /api/v2/users

Header versioning:

GET /api/users Accept: application/vnd.myapi.v1+json

Query parameter:

GET /api/users?version=1

Authentication

JWT Bearer token:

GET /api/v1/users Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

API Key:

GET /api/v1/users X-API-Key: your-api-key-here

Basic Auth:

GET /api/v1/users Authorization: Basic base64(username:password)

Rate Limiting

Include headers:

X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 999 X-RateLimit-Reset: 1640995200

Response when exceeded (429):

{ "error": { "code": "RATE_LIMIT_EXCEEDED", "message": "Too many requests", "retry_after": 60 } }

HATEOAS (Optional)

Include links to related resources:

{ "id": 1, "name": "Product", "links": { "self": "/api/v1/products/1", "category": "/api/v1/categories/5", "reviews": "/api/v1/products/1/reviews" } }

Common Patterns

Bulk Operations

Bulk create:

POST /api/v1/users/bulk Content-Type: application/json

{ "users": [ { "name": "User 1" }, { "name": "User 2" } ] }

Bulk update:

PATCH /api/v1/users/bulk Content-Type: application/json

{ "updates": [ { "id": 1, "status": "active" }, { "id": 2, "status": "inactive" } ] }

Async Operations

Long-running operation:

POST /api/v1/reports Response: 202 Accepted

{ "job_id": "abc123", "status": "processing", "status_url": "/api/v1/jobs/abc123" }

Check status:

GET /api/v1/jobs/abc123

{ "status": "completed", "result_url": "/api/v1/reports/xyz789" }

File Upload

Single file:

POST /api/v1/files Content-Type: multipart/form-data

file: [binary data]

With metadata:

POST /api/v1/documents Content-Type: multipart/form-data

file: [binary data] title: "Document Title" category: "reports"

Webhooks

POST /api/v1/webhooks

{ "url": "https://example.com/webhook", "events": ["order.created", "order.updated"] }

Health Check

GET /api/health

{ "status": "healthy", "version": "1.0.0", "timestamp": "2024-01-01T00:00:00Z" }

Example API Design

E-commerce API

Products:

GET /api/v1/products POST /api/v1/products GET /api/v1/products/{id} PUT /api/v1/products/{id} DELETE /api/v1/products/{id} GET /api/v1/products/{id}/reviews

Orders:

GET /api/v1/orders POST /api/v1/orders GET /api/v1/orders/{id} PATCH /api/v1/orders/{id} GET /api/v1/orders/{id}/items

Customers:

GET /api/v1/customers POST /api/v1/customers GET /api/v1/customers/{id} GET /api/v1/customers/{id}/orders

Cart:

GET /api/v1/cart POST /api/v1/cart/items DELETE /api/v1/cart/items/{id} POST /api/v1/cart/checkout

Best Practices

Use consistent naming:

Lowercase URLs
Hyphens for multi-word resources: /order-items
Consistent date formats: ISO 8601

Include metadata:

Timestamps (created_at, updated_at)
Pagination info
API version

Validate input:

Check required fields
Validate formats
Sanitize data

Handle errors gracefully:

Clear error messages
Appropriate status codes
Include error codes for client handling

Document everything:

Use OpenAPI/Swagger
Include examples
Document rate limits

Troubleshooting

Unclear resource boundaries:

Focus on nouns, not verbs
Think about data entities
Consider client needs

Deep nesting:

Limit to one level
Use query parameters for filtering
Create separate endpoints

Inconsistent responses:

Use response templates
Standardize error format
Document response structure

rest-api-designer

Safety Notice

Copy this and send it to your AI assistant to learn

Source Transparency

Related Skills

gcp-cost-optimizer

schema-designer

api-documentation-generator

aws-cost-optimizer