Md Ibrahim Khalil

Md Ibrahim Khalil

Software Engineer | Data Engineer

Designing RESTful APIs: Best Practices and Practical Examples

4 minute read

Published:

In the world of modern web development, APIs (Application Programming Interfaces) are the backbone of communication between different software systems. REST (Representational State Transfer) has become the dominant architectural style for designing networked applications.

In this post, we’ll explore the best practices for designing robust, scalable, and intuitive RESTful APIs, accompanied by practical coding examples.

1. Use Nouns for Resources, Not Verbs

REST is resource-oriented. Endpoints should represent things (nouns), not actions (verbs). The HTTP method (GET, POST, PUT, DELETE) defines the action.

❌ Bad Practice:

GET /getAllUsers
POST /createUser
DELETE /deleteUser

✅ Good Practice:

GET /users
POST /users
DELETE /users/{id}

2. Utilize HTTP Methods Correctly

Each HTTP method has a specific semantic meaning:

  • GET: Retrieve a representation of a resource. (Safe & Idempotent)
  • POST: Create a new resource. (Not Idempotent)
  • PUT: Update an existing resource (replace it entirely). (Idempotent)
  • PATCH: Partial update of a resource. (Not necessarily Idempotent)
  • DELETE: Remove a resource. (Idempotent)

3. Standard HTTP Status Codes

Don’t return 200 OK for an error. Use standard status codes to communicate the result of the request effectively.

  • 200 OK: Request succeeded.
  • 201 Created: Resource successfully created (response to POST).
  • 204 No Content: Request succeeded, but no content to return (often for DELETE).
  • 400 Bad Request: Client sent invalid data.
  • 401 Unauthorized: Authentication is required.
  • 403 Forbidden: Authenticated, but permissions are lacking.
  • 404 Not Found: Resource doesn’t exist.
  • 500 Internal Server Error: Something went wrong on the server.

4. Content Negotiation

Don’t assume every client wants JSON. Use the Accept header to serve different representations of the same resource.

  • Accept: application/json -> Return JSON
  • Accept: application/xml -> Return XML
# Flask Example
@app.route('/data')
def get_data():
    if request.headers.get('Accept') == 'application/xml':
        return render_template('data.xml', data=data)
    return jsonify(data)

5. HATEOAS (Hypermedia As The Engine Of Application State)

A truly RESTful API should be discoverable. The client should be able to navigate the API dynamically via links provided in the response.

Response Example:

{
  "id": 1,
  "name": "Ibrahim Khalil",
  "links": [
    { "rel": "self", "href": "/users/1", "method": "GET" },
    { "rel": "delete", "href": "/users/1", "method": "DELETE" },
    { "rel": "projects", "href": "/users/1/projects", "method": "GET" }
  ]
}

6. Consistent Response Formats

Define a standard envelope for all your responses. This makes it easier for clients to parse successful results and handle errors uniformly.

Success Response:

{
  "status": "success",
  "data": {
    "id": 1,
    "name": "Ibrahim Khalil"
  }
}

Error Response:

{
  "status": "error",
  "message": "User not found",
  "code": 404
}

7. Practical Implementation Example (Python & Flask)

Let’s look at a simple implementation of a User management API using Python and Flask.

from flask import Flask, jsonify, request

app = Flask(__name__)

# Sample Data
users = [
    {"id": 1, "name": "Ibrahim Khalil", "role": "Software Engineer"},
    {"id": 2, "name": "John Doe", "role": "Data Scientist"}
]

# Get all users
@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users), 200

# Get a single user
@app.route('/users/<int:user_id>', methods=['GET'])
def get_user(user_id):
    user = next((user for user in users if user["id"] == user_id), None)
    if user:
        return jsonify(user), 200
    return jsonify({"error": "User not found"}), 404

# Create a user
@app.route('/users', methods=['POST'])
def create_user():
    data = request.get_json()
    if not data or 'name' not in data:
        return jsonify({"error": "Invalid data"}), 400
    
    new_user = {
        "id": len(users) + 1,
        "name": data['name'],
        "role": data.get('role', 'User')
    }
    users.append(new_user)
    return jsonify(new_user), 201

# Update a user (PUT)
@app.route('/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
    user = next((user for user in users if user["id"] == user_id), None)
    if not user:
        return jsonify({"error": "User not found"}), 404
        
    data = request.get_json()
    user.update(data)
    return jsonify(user), 200

# Delete a user
@app.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    global users
    users = [user for user in users if user["id"] != user_id]
    return '', 204

if __name__ == '__main__':
    app.run(debug=True)

8. Versioning Your API

APIs change over time. To avoid breaking existing clients, version your API.

  • URI Versioning: GET /api/v1/users (Most common)
  • Header Versioning: Accept: application/vnd.myapi.v1+json

9. Pagination, Filtering, and Sorting

Don’t return all records at once. Use query parameters for pagination, filtering, and sorting.

  • Pagination: GET /users?page=2&limit=10
  • Filtering: GET /users?role=admin
  • Sorting: GET /users?sort=-created_at

Conclusion

Designing a good RESTful API requires discipline and adherence to standards. By following these best practices—using correct methods, status codes, and logical resource naming—you build APIs that are easy to understand, scalable, and a joy to consume.

You May Also Enjoy

The Future of AI in Data Engineering

less than 1 minute read

Published:

As we move further into the digital age, the intersection of Artificial Intelligence and Data Engineering is becoming increasingly critical.

Welcome to My Blog

less than 1 minute read

Published:

Assalamu Alaikum, and welcome to my blog!