Why API Design Matters
Your API is the contract between your services and consumers. Poor design leads to confusion, bugs, and frustrated developers. Great design creates delightful developer experiences and reduces support burden.
Core Principles
1. Use Nouns, Not Verbs
❌ Bad:
GET /getUsers
POST /createUser
POST /updateUser/123
POST /deleteUser/123
✅ Good:
GET /users # List users
POST /users # Create user
GET /users/123 # Get specific user
PUT /users/123 # Update user
DELETE /users/123 # Delete user
2. Consistent Resource Naming
- Use plural nouns:
/users, not/user - Use kebab-case for URLs:
/blog-posts - Keep nesting shallow:
/users/123/postsis okay, deeper gets unwieldy
3. Proper HTTP Methods
GET- Retrieve resources (safe, idempotent, cacheable)POST- Create resourcesPUT- Replace entire resourcePATCH- Partial updateDELETE- Remove resource
Response Structure
Success Responses
// List endpoint
GET /users
{
"data": [...],
"meta": {
"total": 150,
"page": 1,
"per_page": 20,
"total_pages": 8
},
"links": {
"self": "/users?page=1",
"next": "/users?page=2",
"last": "/users?page=8"
}
}
// Single resource
GET /users/123
{
"data": {
"id": "123",
"name": "John Doe",
"email": "john@example.com",
"created_at": "2024-01-15T10:30:00Z"
}
}
Error Responses
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid input data",
"details": [
{
"field": "email",
"message": "Email format is invalid"
},
{
"field": "age",
"message": "Must be 18 or older"
}
]
}
}
HTTP Status Codes
Success Codes
200 OK- Successful GET, PUT, PATCH201 Created- Successful POST204 No Content- Successful DELETE
Client Error Codes
400 Bad Request- Invalid input401 Unauthorized- Missing/invalid authentication403 Forbidden- Authenticated but not authorized404 Not Found- Resource doesn't exist422 Unprocessable Entity- Validation failed429 Too Many Requests- Rate limit exceeded
Server Error Codes
500 Internal Server Error- Something went wrong503 Service Unavailable- Temporary outage
Pagination
Offset-Based (Simple)
GET /users?page=2&per_page=20
Response:
{
"data": [...],
"meta": {
"page": 2,
"per_page": 20,
"total": 500,
"total_pages": 25
}
}
Cursor-Based (Better for Large Datasets)
GET /users?cursor=eyJpZCI6MTIzfQ&limit=20
Response:
{
"data": [...],
"cursors": {
"next": "eyJpZCI6MTQzfQ",
"prev": "eyJpZCI6MTAzfQ"
}
}
Filtering and Sorting
// Filtering
GET /users?role=admin&status=active
// Sorting
GET /users?sort=-created_at,name // Descending date, then name
// Combining
GET /users?role=admin&sort=-created_at&page=1&per_page=20
Versioning Strategies
URL Path (Recommended)
GET /api/v1/users
GET /api/v2/users
Header-Based
GET /api/users
Accept: application/vnd.myapi.v2+json
Security
Authentication
// JWT Bearer Token
Authorization: Bearer eyJhbGc...
// API Key
X-API-Key: your-api-key-here
Rate Limiting
// Response headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 985
X-RateLimit-Reset: 1640995200
// When exceeded
429 Too Many Requests
Retry-After: 3600
Documentation
Use OpenAPI (Swagger) for interactive documentation:
openapi: 3.0.0
info:
title: Studio X API
version: 1.0.0
paths:
/users:
get:
summary: List all users
parameters:
- name: page
in: query
schema:
type: integer
responses:
'200':
description: Success
Best Practices Checklist
- ✅ Use consistent naming conventions
- ✅ Implement proper error handling
- ✅ Add pagination to list endpoints
- ✅ Version your API from day one
- ✅ Implement authentication and authorization
- ✅ Add rate limiting
- ✅ Return appropriate status codes
- ✅ Include metadata in responses
- ✅ Support filtering and sorting
- ✅ Provide comprehensive documentation
- ✅ Use HTTPS everywhere
- ✅ Implement logging and monitoring
Conclusion
Great API design is about consistency, clarity, and developer experience. Follow these patterns to create APIs that are intuitive, maintainable, and scalable.
At Studio X Consulting, we design and build production APIs for enterprise clients. Need help designing your API strategy? Let's chat about how we can help.
Learn more at www.studioxconsulting.com. Contact Studio X Consulting to discuss legacy modernization, AI-assisted development, and delivery.
