Some Principles For REST API Design PDF
Some Principles For REST API Design PDF
Some Principles For REST API Design PDF
A response's status is specified by its status code: 1xx for information, 2xx for success, 3xx for
redirection, 4xx for client errors, and 5xx for server errors.
Of course, you can use anything the HTTP protocol offers for REST API design, but these are basic things
we need to keep in mind.
1
SOME PRINCIPLES FOR REST API DESIGN
But the GET method is semantically sufficient here to say that we're retrieving ("GETting") a banner. So,
let's just use:
GET: /articles/:slug/banner/
2
SOME PRINCIPLES FOR REST API DESIGN
3
SOME PRINCIPLES FOR REST API DESIGN
4
SOME PRINCIPLES FOR REST API DESIGN
So be consistent, and if you stray away from conventions, document it somewhere with big signs.
5
SOME PRINCIPLES FOR REST API DESIGN
Story time!
One day, as Tom was integrating a REST API into a project, he kept receiving 500 Internal Error on every
single call. The endpoint he was using looked something like this:
POST: /entities
He was mad and couldn't figure out what he was doing wrong.
In the end, it turned out the server was failing because he was missing a trailing slash! So he started
using
POST: /entities/
and everything went fine afterward.
The API wasn't fixed, but hopefully, we can prevent this type of issue for our users.
Pro tip: Most web frameworks have an option to gracefully redirect to the trailed or untrailed version of
the URL. Find that option and activate it.
In Spring Boot
@Configuration
@ComponentScan
@EnableWebMvc
public class ApplicationConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer) {
configurer.setUseTrailingSlashMatch(false);
}
}
6
SOME PRINCIPLES FOR REST API DESIGN
With filtering, users can specify properties that the returned items should have.
Pagination allows users to retrieve fractions of a data set. The simplest kind of pagination is page
number pagination, which is determined by a page and a page_size.
Now the question is: how do we incorporate such features in a RESTful API?
The answer is: use the querystring.
It's pretty obvious why we should use the querystring for pagination. It would look like this:
GET: /articles/?page=1&page_size=10
But it may be less obvious for filtering. At first, you might think of doing something like this to retrieve a
list of published articles only:
GET: /articles/published/
Design issue: published is not a resource! Instead, it is a trait of the data we're retrieving. That kind of
thing should go in the querystring.
So in the end, a user could retrieve "the second page of published articles containing 20 items" like so:
GET: /articles/?published=true&page=2&page_size=20
Beautifully explicit, isn't it?
11. Learn the difference between 401 Unauthorized and 403 Forbidden
When handling security errors in an API, it's very easy to be confused about whether the error relates to
authentication or authorization (a.k.a. permissions) — happens to me all the time.
Has the user not provided authentication credentials? Were they invalid? 👉 401 Unauthorized.
Was the user correctly authenticated, but they don’t have the required permissions to access the
resource? 👉 403 Forbidden.