Kaushal's Photo
Home Follow on LinkedIn Share on LinkedIn Share on Twitter

Rest API Design best practices

REST API Design Best Practices: Lessons I've Learned

Designing REST APIs has been an essential part of my journey as a developer and architect. Over the years, I've faced challenges, made mistakes, and learned what works best when building APIs for scalability, maintainability, and developer satisfaction. In this blog, I'll share the practices that have worked well for me.

What is a REST API?

A REST (Representational State Transfer) API is a way to interact with a system using HTTP methods and resource-based principles. When I first started designing REST APIs, I realized how critical it was to follow the principles of REST to ensure consistency and ease of use.

My Best Practices for REST API Design

1. Use Nouns for Resource Names

Early in my career, I made the mistake of using verbs for endpoints like /getUser or /updateUser. Over time, I learned that resources should represent entities and use nouns instead.

  • Bad: /getUser, /updateUser
  • Good: /users, /users/{id}

Focusing on nouns keeps the API intuitive and aligned with RESTful principles.

2. Use HTTP Methods Correctly

Mapping HTTP methods to CRUD operations is one of the first things I mastered:

  • GET: To fetch resources.
  • POST: To create new resources.
  • PUT: To update resources entirely.
  • PATCH: To partially update resources.
  • DELETE: To remove resources.

For example, I structure my APIs like this:

GET /users       # Retrieve all users
POST /users      # Create a new user
GET /users/{id}  # Retrieve a specific user
PUT /users/{id}  # Update a user
DELETE /users/{id} # Delete a user

3. Meaningful Status Codes

Early on, I underestimated the importance of status codes. I now ensure that my APIs always return the correct ones:

    •	200 OK: For successful requests.
    •	201 Created: When a resource is created.
    •	204 No Content: For successful actions without a response body.
    •	400 Bad Request: For invalid input.
    •	404 Not Found: When a resource doesn’t exist.
    •	500 Internal Server Error: For unexpected server issues.

Using these consistently has made debugging easier for both myself and others using my APIs.

4. Organize Endpoints Logically

To make my APIs predictable, I always structure endpoints hierarchically:


/users
/users/{id}
/users/{id}/posts
/users/{id}/posts/{postId}

This way, clients can easily navigate related resources without confusion.

5. Support Filtering, Sorting, and Pagination

One mistake I used to make was returning all data without giving clients control. Now, I always include:

    •	Filtering: /users?role=admin
    •	Sorting: /users?sort=created_at
    •	Pagination: /users?page=1&size=10

These small additions significantly improve usability and performance.

6. Default to JSON

From the beginning, I’ve stuck with JSON as the standard format. It’s readable, widely supported, and easy to work with.

Here’s an example of the kind of responses I aim for:

{
  "id": 1,
  "name": "John Doe",
  "email": "[email protected]"
}

7. Versioning is Non-Negotiable

One of the toughest lessons I learned was the importance of versioning. I’ve seen APIs break in production because backward compatibility wasn’t maintained. Now, I always version my APIs: • In the URL: /v1/users • Or via headers: Accept: application/vnd.myapp.v1+json

8. Error Handling Done Right

Providing clear error messages has been a game-changer for me. I use detailed, consistent responses like this:

{
  "error": {
    "code": 400,
    "message": "Invalid input: 'email' is required."
  }
}

This approach helps users quickly identify and fix issues.

9. Authentication and Authorization

Security is something I take seriously. For my APIs, I use: • OAuth 2.0 for token-based access. • JWT (JSON Web Tokens) for stateless authentication. • API keys for simpler use cases.

These mechanisms have helped secure sensitive data and maintain user trust.

10. Always Document Your API

I used to rely on comments or internal docs, but that wasn’t enough. Now, I use tools like Swagger or Postman to document every endpoint. Comprehensive documentation saves time and reduces misunderstandings for both my team and external developers.

Conclusion

Building a great REST API is more than just writing code; it’s about creating an experience that is predictable, secure, and easy to use. The lessons I’ve shared here are ones I’ve learned through trial and error, and I hope they help you design better APIs.

If you’ve got any feedback or tips, I’d love to hear them. Feel free to connect with me or share your thoughts in the comments!

Further Reading: • RESTful API Tutorial • JSON API Specification

Thanks for reading!

Alt text

© 2025 Kaushal Kishor. All rights reserved.

Follow on LinkedIn
Private Policy Terms and Conditions