My Tech Blog

RESTful API Design

Posted on September 10, 2025 • 5 min read

Introduction

Designing a RESTful API involves more than just choosing HTTP methods. It requires a thoughtful approach to resources, URI structure, and consistent conventions that make your API intuitive and maintainable.

Core Principles

  • Statelessness: Each request contains all the information needed to process it.
  • Uniform Interface: Standardized ways to interact with resources.
  • Layered System: Clients cannot ordinarily tell whether they are connected directly to the end server.
  • Cacheability: Responses must define themselves as cacheable or not.

Resources and URIs

Resources should be nouns, not verbs. Use plural nouns and hierarchical structures.

GET /api/v1/users
GET /api/v1/users/123
POST /api/v1/users
PUT /api/v1/users/123
DELETE /api/v1/users/123

HTTP Methods

Map CRUD operations to the appropriate verbs:

ActionMethodTypical Response
CreatePOST201 Created
ReadGET200 OK
UpdatePUT / PATCH200 OK or 204 No Content
DeleteDELETE204 No Content

Status Codes

Use standard HTTP status codes to convey the result of an operation.

200 OK – Successful GET, PUT, or POST returning a body
201 Created – New resource created
204 No Content – Successful DELETE or PUT without a response body
400 Bad Request – Validation errors
401 Unauthorized – Authentication required
403 Forbidden – Not allowed to access
404 Not Found – Resource does not exist
409 Conflict – Conflict with current state
415 Unsupported Media Type – Wrong content type

Versioning

Include the API version in the URI to avoid breaking existing clients.

/api/v1/…   // current version
/api/v2/…   // future version

Hypermedia (HATEOAS)

Provide links in responses so clients can discover actions dynamically.

{
  "id": 123,
  "name": "John Doe",
  "_links": {
    "self": { "href": "/api/v1/users/123" },
    "orders": { "href": "/api/v1/users/123/orders" }
  }
}

Error Responses

Return a consistent error format.

{
  "error": {
    "code": "INVALID_INPUT",
    "message": "Email address is required",
    "details": {
      "field": "email"
    }
  }
}

Best Practices

  • Use JSON as the default request/response format.
  • Document your API with OpenAPI/Swagger.
  • Implement rate limiting and throttling.
  • Secure endpoints with HTTPS and proper authentication.
  • Paginate large collections.

Comments