Almost every domain and project today actively utilizes APIs. While many businesses provide data only with the REST API, many API consumers use the data obtained from the REST API. Today, although the advantages and conveniences of using APIs for API users and developers are frequently mentioned, API development is also very important. Developers should develop API according to the best practices of the REST API design.
There are many best practices that developers can apply when developing a REST API. These are not any rules or obligations. These best practices are the applications determined by the developers. Developers created these practices to solve many problems and complications after API development. To develop API, these practices are lifesavers. In this article, we will first introduce the REST architecture and its features in which we apply these rules. Then, we will list the best practices that developers can apply while developing a REST API today.
Table of Contents
What Is the REST?
REST(Representational State Transfer) is an architecture we use for representative state transfer in web applications. REST is a structure used to create web services independent of the programming language. Additionally, REST provides XML, JSON, CSV, etc., to incoming requests using HTTP methods and HTTP status codes of the HTTP protocol. Furthermore, it enables communication with HTTP requests.
The most important feature of REST architecture is that it does not need a definition like WSDL, which is mandatory for SOAP, and it allows data exchange in any format other than XML.
What Are the Features of REST?
Six core principles actively build the REST architecture.
- Stateless: Thanks to its stateless structure, no historical information is needed and there is no obligation to maintain a session between each request.
- Uniform Interface: This constraint regulates communication between client and server according to certain principles.
- Cacheable: The client can create a cache mechanism based on the data received.
- Client-Server: Due to this constraint, the client does not deal with the storage and operations under the responsibility of the server.
- Layered System: The client-server architecture may not always be to send a request directly to a server and receive a response. In this case, there may be intermediate layers such as the security layer, and cache layer.
- Code on Demand: The Code on Demand constraint includes the ability of the server to send executable scripts or applications to the client in certain situations.
REST API Design Best Practices
In the previous section, we learned about the REST architecture and its features. We will now examine in detail some of the common best practices that we should apply when developing a REST API.
HTTP Methods
An HTTP method defines the type of request made for a REST API. HTTP methods such as GET, POST, PUT, PATCH, HEAD, and DELETE create basic CRUD operations. Moreover, some HTTP methods such as COPY, PURGE, LINK, and UNLINK are not used very often. Matching and using these HTTP methods with appropriate endpoints is one of the best practices in REST API development processes.
GET: HTTP GET method is used to fetch the resource specified in the URI. This request does not have a body, only a header. An example HTTP GET request is as follows:
1 |
curl -XGET 'https://jsonplaceholder.typicode.com/todos/1' |
POST: Developers use the HTTP POST method to create a new resource on the server to which they send the request. Since we will send data in this process, we also send the request body while using the POST method. An example HTTP POST request is as follows:
1 2 3 4 5 |
curl -X POST https://jsonplaceholder.typicode.com/posts \ -d '{ "title": "Foo", "body": "Bar" }' |
PUT: HTTP PUT method has similar usage to the POST method. Developers send a resource with the body, and if the URI points to an existing resource, they update that resource.
PATCH: HTTP PATCH method is also similar to HTTP PUT. However, developers use the HTTP PATCH method when they want to update a specific part of the resource. For example, the HTTP PATCH method is suitable if only the description field will change among hundreds of fields of a product in an e-commerce application.
DELETE: The HTTP DELETE method sends a request to delete the resource specified in the URI. It serves the sole purpose of deleting the relevant resource.
Naming
One of the most important parts of REST API design is the URI structure.
Resources must be “nouns”
In REST, developers designate every object representing data as a resource. For example, a resource can represent objects such as users, companies, or animals. Collections are the set of resources. For example, a user can be named as a resource while users are collections.
Resource naming allows developers to easily understand what the action is. The naming should definitely be designed as a “noun”, not a “verb”. Because nouns have properties/qualities that verbs do not have.
Resource name should be in the plural
Although not a requirement, developers name their resources in the plural. Multiple naming is recommended unless objects contain a single resource. Example usage is as follows:
1 |
/cars/{id}/wheels |
Path variable usage
Developers use the path variable to target a resource. They typically employ a unique value to specify the resource. Additionally, they utilize it for operations like additional filtering and sorting.
1 |
/cars/{id} |
Use lowercase letters when naming
Unless mandated, developers should prefer lowercase letters when naming URI paths.
Avoid using file extensions
Developers should not use file extensions in URIs. Thus, developers form a visually appealing image in the URI and reduce its length.
Use ‘/cars/{id}/wheels’ instead of ‘/cars/{id}/wheels.xml’.
Versioning
Not versioning while developing a REST API for changes that will affect the user and developer may result in the breakdown of existing products or services that use your APIs.
Even though developers have only one version in their current projects, starting versioning will provide flexibility for future changes. Versions start with the letter ‘v’ and have the version number next to it. Developers can represent the first version as ‘v1’.
1 |
/v1/cars |
HTTP Status Code
In Web APIs, every request results in a successful or unsuccessful response. Consequently, HTTP response codes play a crucial role in indicating the outcome of the request. Developers must use these codes to report the result of this request. By utilizing the appropriate HTTP response codes, developers can precisely convey the status of the request, whether it was successful, encountered an error, or requires further action. Therefore, understanding and utilizing HTTP response codes is imperative in Web API development.
The most used HTTP status codes are as follows:
-
- 200: OK, operation successful.
- 201: Created, the creation of the new resource was successful.
- 204: No Content, the resource is empty.
- 400: Bad Request, invalid request.
- 401: Unauthorized, authorization/authentication required.
- 403: Forbidden, The server rejected the request and you are not authorized for the request.
- 404: Not found, the requested resource does not exist.
- 405: Method Not Allowed, HTTP method is incorrect.
- 409: Conflict, incompatible request.
- 429: Too many requests, a large number of requests have been made.
- 415: Unsupported Media Type, unsupported or wrong content type.
- 5xx: Server errors.
API users need to get correct answers for each request in the REST API design. Giving correct answers to the developers and users using the API allows them to guide them correctly.
Request and Response Data Formats
It is a best practice that the request and response formats are the same when developing a REST API. Furthermore, JSON data is frequently used in REST APIs nowadays. The use of JSON format in REST APIs is more than other data transfer formats.
Moreover, the response body provided by a REST API should contain descriptive messages and preserve its format. Especially in case of an error, API users need to include the error code and a detailed explanation of the error in the response body.
An example JSON response, which is the best practice to use in case of error, is as follows.
1 2 3 4 5 |
{ "success": false, "message": "Missing values", "payload": [] } |
Pagination and Data Limits
When developing a REST API, developers need to open data with pagination and data limits. For APIs that work with large datasets, returning all data in a single request can cause performance issues. Pagination splits the amount of data into small chunks and returns a limited amount of data on each request. Thus, network traffic and server load are reduced, and response time is improved.
Additionally, data limits allow API users to receive data within a certain data limit. This prevents excessive data transfer and allows users to manage data in a more controlled manner.
Authentication and Authorization
Authentication and authorization are important steps to implement in REST API design. These are implemented to ensure security, privacy, and data protection. Authentication authenticates users so that only authenticated users can access the API. Authorization, on the other hand, provides data security and privacy by controlling the access permissions of the authenticated user.
Error Management
Developers should implement error management as one of the best practices in REST API design. Additionally, it is an essential practice for the API provider to diagnose and debug problems. By providing accurate error codes, error types, and detailed error messages, developers can more easily identify error sources and resolve issues. Therefore, integrating comprehensive error-handling mechanisms is paramount in REST API design.
Documentation
Creating documentation is another important practice of API development. Developers specify a lot of information about the API they developed in this documentation. We need to mention the following aspects of the API documentation:
- What operations do developers use API endpoints to perform and what methods do these endpoints support?
- What parameters do they expect and which are optional and which are mandatory?
- How should sample request content and titles be?
- With which programming languages or libraries can we make requests to these endpoints?
- What format and structure can these endpoints return responses in?
- In which cases can developers return error codes and what could be the reasons for these errors?
- Do developers need authentication to access these endpoints?
- If authentication is necessary, how can developers accomplish it?
What Is the Richardson Maturity Model?
The Richardson Maturity Model, named after Leonard Richardson, categorizes the maturity levels of RESTful architectures. This model provides a set of guidelines and principles for designing and evaluating how well an API conforms to REST principles. The best practices do not contain the maturity level of the REST API development process, but the quality of the developed API heavily relies on the maturity level of the APIs being developed. The model consists of four levels, and each level represents how committed it is to the core principles of REST. The Richardson Maturity Model consists of four levels.
- Level 0 – Swamp of POX: This level does not strictly follow REST principles in API design. Developers typically transfer data over HTTP using formats like XML or JSON, but they often employ RPC-like operations instead of resources and actions.
- Level 1 – Resources: This level is API design resource-oriented. Each resource is represented by a unique URI and CRUD (Create, Read, Update, Delete) operations are performed against that resource.
- Level 2 – HTTP Verbs: This level correctly uses API design HTTP methods (GET, POST, PUT, DELETE). Developers assign different HTTP methods to each resource and perform related actions through these methods.
- Level 3 – Hypermedia Controls: This level follows the HATEOAS (Hypertext As The Engine Of Application State) principle. The API uses hyperlinks to link resources in responses.
As a result, developers should follow recommended best practices during the API development process. Software developers created these best practices to address the problems they encountered during the process. So, these best practices provide developers with convenience in REST API development and production.
Frequently Asked Questions
Q: Why is API development important in today’s digital landscape?
Answer: API development ensures seamless communication between applications, enabling data exchange and functionality integration.
Q: What are the key features of the REST architecture?
Answer: REST architecture is stateless, provides a uniform interface, allows caching, separates the client-server relationship, supports a layered system, and enables code on demand.
Q: How should developers name resources in a REST API?
Answer: Developers should use nouns to represent resources and name them in the plural form, ensuring clarity and consistency in API design.
Q: Why is versioning important in REST API development?
Answer: Versioning allows developers to introduce changes to the API without breaking existing client applications, ensuring compatibility and smooth transitions.
Q: What role do HTTP status codes play in REST API development?
Answer: HTTP status codes indicate the outcome of a request, providing developers and users with information about the success or failure of the request.