RESTful API Design — Build APIs the Right Way
Why RESTful API Design Matters
A well-designed REST API is intuitive, consistent, and easy to consume. Poorly designed APIs lead to confusion, buggy integrations, and frustrated developers. REST (Representational State Transfer) is the dominant architectural style for web APIs — used by Google, Stripe, GitHub, Twitter, and most major platforms.
Why this matters for your career:
- Good API design separates professional developers from amateurs
- REST APIs power most web and mobile applications today
- Freelance clients expect clean, predictable APIs — not ad-hoc endpoints
- Mastering REST makes you valuable as both a backend developer and an API consultant
What Is REST?
REST is an architectural style defined by Roy Fielding in 2000. It uses HTTP as the application protocol and follows these principles:
- Resources: Everything is a resource (users, posts, orders, products)
- Stateless: Each request contains all information needed; no server-side session
- Uniform Interface: Consistent HTTP methods, resource URLs, and status codes
- Representation: Resources are represented as JSON, XML, or other formats
- HATEOAS (optional): Responses include links to related resources
Core RESTful Design Rules
1. Use Nouns, Not Verbs
| ❌ Bad | ✅ Good |
|--------|--------|
| /getUsers | GET /users |
| /createUser | POST /users |
| /updateUser/1 | PUT /users/1 |
| /deleteUser/1 | DELETE /users/1 |
The HTTP method already describes the action. Don't repeat it in the URL.
2. Use Plural Resource Names
| ❌ Bad | ✅ Good |
|--------|--------|
| /user | /users |
| /order/1 | /orders/1 |
| /product/5 | /products/5 |
Consistent pluralization makes your API predictable.
3. Use Sub-resources for Relationships
GET /users/1/orders → List orders for user 1
POST /users/1/orders → Create an order for user 1
GET /users/1/orders/5 → Get order 5 for user 1
PUT /users/1/orders/5 → Update order 5 for user 1
DELETE /users/1/orders/5 → Delete order 5 for user 1
This nesting clearly expresses ownership relationships.
4. Use Query Parameters for Filtering, Sorting, and Pagination
GET /users?role=admin&status=active&page=2&limit=20&sort=created_at:desc
Common query parameters:
page/offset— pagination controllimit— results per pagesort— field and directionfields— sparse fieldset (return only specified fields)filter— search or filter criteria
5. Use HTTP Status Codes Correctly
| Code | Meaning | When to Use | |------|---------|-------------| | 200 | OK | Successful GET, PUT, PATCH | | 201 | Created | Successful POST (new resource created) | | 204 | No Content | Successful DELETE | | 400 | Bad Request | Invalid input, missing fields | | 401 | Unauthorized | Missing or invalid authentication | | 403 | Forbidden | Authenticated but no permission | | 404 | Not Found | Resource does not exist | | 409 | Conflict | Duplicate resource, version conflict | | 422 | Unprocessable Entity | Validation errors | | 429 | Too Many Requests | Rate limit exceeded | | 500 | Internal Server Error | Unexpected server failure |
6. Use Consistent Error Responses
Always return errors in a consistent format:
{
"error": {
"code": "VALIDATION_ERROR",
"message": "The request body contains invalid fields.",
"details": [
{
"field": "email",
"message": "Must be a valid email address"
}
]
}
}
7. Version Your API
Use a URL prefix or header to version your API:
GET /api/v1/users
Accept: application/vnd.myapp.v1+json
Versioning prevents breaking existing clients when you make changes.
Complete Endpoint Design Example
Let's design a complete REST API for an e-commerce order system:
GET /api/v1/products → List products
GET /api/v1/products/:id → Get product details
POST /api/v1/products → Create a product (admin)
PUT /api/v1/products/:id → Update product (admin)
DELETE /api/v1/products/:id → Delete product (admin)
GET /api/v1/cart → Get current user's cart
POST /api/v1/cart/items → Add item to cart
PUT /api/v1/cart/items/:itemId → Update cart item
DELETE /api/v1/cart/items/:itemId → Remove cart item
POST /api/v1/checkout → Convert cart to order
GET /api/v1/orders → List user's orders
GET /api/v1/orders/:id → Get order details
GET /api/v1/users/me → Get current user profile
PUT /api/v1/users/me → Update profile
Pagination Best Practices
For list endpoints, always paginate:
GET /api/v1/products?page=2&limit=20
Response:
{
"data": [...],
"meta": {
"page": 2,
"limit": 20,
"total": 156,
"totalPages": 8
},
"links": {
"self": "/api/v1/products?page=2&limit=20",
"first": "/api/v1/products?page=1&limit=20",
"prev": "/api/v1/products?page=1&limit=20",
"next": "/api/v1/products?page=3&limit=20",
"last": "/api/v1/products?page=8&limit=20"
}
}
Naming Conventions Summary
| Element | Convention | Example |
|---------|------------|--------|
| Resource names | Plural nouns | /users, /orders |
| Sub-resources | Nested | /users/1/orders |
| Actions on resources | HTTP methods | GET, POST, PUT, DELETE |
| IDs | Path parameters | /users/:id |
| Filters | Query params | ?status=active |
| Pagination | Query params | ?page=2&limit=20 |
| Response format | JSON | application/json |
| Error format | Consistent JSON | { error: { code, message } } |
Common Anti-Patterns to Avoid
- Using verbs in URLs:
/getProducts→ should beGET /products - Inconsistent naming: Mix of
/usersand/getUserand/userList - Not using HTTP methods:
POST /users/1/delete→ should beDELETE /users/1 - Returning 200 for errors: Always use appropriate error status codes
- No pagination: Returning 10,000 records in one response
- Inconsistent error format: Errors that look different in each endpoint
- No versioning: Breaking changes affect all clients simultaneously
Summary
RESTful API design is about consistency, predictability, and following conventions that developers already know. By using proper resource naming, HTTP methods, status codes, and error formats, you create APIs that are a pleasure to work with — and that set you apart as a professional developer.
Key takeaways:
- Use plural nouns for resources, never verbs in URLs
- HTTP methods define the action: GET, POST, PUT, DELETE
- Use proper status codes (201 for create, 204 for delete, etc.)
- Always paginate list endpoints
- Version your API from day one
- Return consistent, structured error messages
- Nest sub-resources to express relationships
What's Next: API Authentication
The next chapter covers API authentication methods — API keys, JWT tokens, OAuth 2.0, and how to secure your APIs properly.