Demystifying REST API: A Comprehensive Guide


13 min read

Demystifying REST API: A Comprehensive Guide
Understanding Architectural Styles: Before diving into REST, let's understand what architectural styles are and why they matter in software development. An architectural style is a set of principles and constraints that guide the design and organization of a software system. It provides a blueprint for creating scalable, maintainable, and efficient applications.

REST, or Representational State Transfer, is an architectural style for designing networked applications.

REST is not a protocol or a technology; instead, it's a set of constraints that define how web services should be structured and how they should interact with clients.

1. The 6 Principles of REST

1.1. Uniform Interface:

RESTful systems have a uniform and consistent interface, which simplifies communication between clients and servers.

This principle is further divided into sub-constraints:

  • Resource Identification: Resources are identified by unique URIs (Uniform Resource Identifiers). URIs act as universal resource addresses.

  • Resource Manipulation: Clients interact with resources through a small, predefined set of methods (HTTP verbs) to perform actions like retrieval, creation, updating, and deletion.

  • Self-Descriptive Messages: Messages exchanged between clients and servers should be self-descriptive, containing all the information necessary for their interpretation.

  • Hypermedia as the Engine of Application State (HATEOAS): Clients interact with resources and navigate the application's state through hypermedia links provided in responses.

In simple terms, it's like having a common set of rules or a shared language that everyone using the system understands. It's about having a standardized way for clients and servers to communicate and interact with each other. This standardization includes rules for how to request data, send data, and perform actions, regardless of the specific technology or programming language being used.

1.2. Client-Server Architecture:

REST separates the client and server into distinct entities that can evolve independently. This separation makes client and server loosely coupled. Both are unaware about each-other implementations, but instead a common interface is maintained for the communication.

Separating the client and server allows them to focus on their specific responsibilities. For example, the client handles user interactions, while the server manages data and business logic.

1.3. Statelessness:

Each request from a client to a server is treated as a new request, and must contain all the information needed to understand and process the request. The server should not rely on any information from previous requests.

1.4. Cacheable:

This constraint allows support for the caching of resources. This helps to avoid round-trips between client and server for retrieving the same resource. If a response is labelled as cacheable, the client can cache and reuse the response for subsequent requests for the same resource for a specified time.

1.5. Layered System:

A RESTful system can be composed of multiple layers, where each layer performs a specific function. This separation of concerns makes the system more modular and easier to maintain.

1.6. Code on Demand:

This is an optional constraint. It states that the the functionality of the client applications can be extended at runtime by supplying code dynamically from the server . Ex: JavaScript code that get transferred and executed at the client-side at runtime.

2. Why Choose REST?

REST has gained widespread adoption for several reasons:

  • Simplicity: RESTful APIs are straightforward to design and understand. The use of standard HTTP methods and URIs makes interactions predictable.

  • Scalability: Stateless communication and resource-based architecture allow for horizontal scaling, making RESTful services suitable for large-scale applications.

  • Flexibility: REST can be used with various data formats, including JSON and XML. Clients and servers can communicate using different representations of resources.

  • Platform Independence: REST can be used with any programming language and technology stack that supports HTTP.

  • Well-Supported: REST is supported by most web development frameworks and libraries. It's also the foundation of the World Wide Web.

In the following sections, we will explore each aspect of REST architecture in detail, starting with the client-server architecture.

3. HTTP Methods in REST

HTTP (Hypertext Transfer Protocol) is the foundation of RESTful communication.

It provides a set of methods (also known as HTTP verbs) that clients and servers use to perform actions on resources. In RESTful APIs, these methods map directly to the operations that can be performed on resources.

3.1. GET: Retrieving Data

The GET method is used to retrieve data from a resource on the server.

It is a safe and idempotent operation, meaning that it should not modify the resource on the server, and repeated GET requests should produce the same result.

Example GET Request:

GET /api

/products/123 HTTP/1.1

In this example, a GET request is made to retrieve information about a product with the ID 123.

3.2. POST: Creating Resources

The POST method is used to create a new resource on the server.

It submits data to the server, which then processes the data and generates a new resource.

Unlike GET, POST is neither safe nor idempotent, as it typically results in a change on the server.

Example POST Request:

POST /api/products HTTP/1.1
Content-Type: application/json

    "name": "New Product",
    "price": 19.99

In this example, a POST request is used to create a new product resource with the specified name and price.

3.3. PUT: Updating Resources

The PUT method is used to update an existing resource on the server (or may create it if it doesn't exist).

When a PUT request is sent to a resource, it replaces the resource's current state with the new representation provided in the request.

Example PUT Request:

PUT /api/products/123 HTTP/1.1
Content-Type: application/json

    "name": "Updated Product",
    "price": 24.99

In this example, a PUT request updates the product with ID 123 with the new name and price.

3.4. PATCH: Partial Updates

The PATCH method is used to apply partial updates to a resource.

Unlike PUT, which replaces the entire resource, PATCH applies modifications only to the specified fields of the resource. It's a useful method when you want to update specific properties of a resource without sending the entire representation.

Example PATCH Request:

PATCH /api/products/123 HTTP/1.1
Content-Type: application/json

    "price": 29.99

In this example, a PATCH request updates only the price of the product with ID 123.

3.5. DELETE: Removing Resources

The DELETE method is used to remove a resource from the server. It instructs the server to delete the specified resource.

Example DELETE Request:

DELETE /api/products/123 HTTP/1.1

In this example, a DELETE request removes the product with ID 123 from the server.

3.6. HEAD and OPTIONS: Metadata and Communication Options

While HEAD and OPTIONS are less frequently used than the previous methods, they play important roles in RESTful communication.

  • HEAD: The HEAD method is similar to GET, but it only retrieves the headers and status line of a response, not the response body. It's often used to check resource availability or retrieve metadata about a resource without transferring the full content.

  • OPTIONS: The OPTIONS method is used to retrieve information about the communication options available for a resource. It can provide details about the supported HTTP methods, headers, and other communication parameters.

4. Resource

A RESTful resource is anything that is accessible over web. Resources represent the entities or objects that an API exposes, and they are at the core of RESTful interactions. A resource is accessible through URI.

4.1. Resources and Resource URIs

In RESTful APIs, resources are the key abstractions that clients interact with. Resources can represent objects, data, or services. They are identified by unique URIs (Uniform Resource Identifiers), which serve as addresses for accessing and manipulating the resources.

The client uses a URI to locate the resources, and sends a proper HTTP request to manipulate or access it.

Examples of Resources and URIs:

GET/api/productGET all products
GET/api/product/{id}GET product with specified id
POST/api/productCreate a product
PUT/api/product/{id}UPDATE the product with specified id
DELETE/api/product/{id}DELETE the product with specified id

5. Request and Response

In RESTful communication, requests and responses play a vital role in exchanging data between clients and servers. Understanding the components of requests and responses is essential for building and consuming RESTful APIs effectively.

5.1. HTTP Headers

HTTP headers are metadata associated with HTTP requests and responses. They provide information about the communication, such as content type, encoding, caching directives, and authentication credentials.

Common HTTP Headers:

  • Content-Type: Specifies the media type (e.g., JSON or XML) of the request or response body.

  • Accept: In requests, it indicates the media types that the client can process. In responses, it specifies the media type of the content.

  • Authorization: Contains credentials (e.g., tokens or API keys) for authenticating the client's identity.

  • Cache-Control: Specifies caching directives, allowing clients and intermediaries to control caching behavior.

  • User-Agent: Identifies the client making the request. It is useful for tracking client usage.

  • Location: In responses, it indicates the location of a newly created resource (e.g., in a 201 Created response).

HTTP headers provide essential context for requests and responses, ensuring that both parties understand how to handle the data.

5.2. Resource Representations: Requests and Response Body (Media Types)

Resources in RESTful APIs are represented using media types. A media type defines how resource data should be formatted and interpreted.

Common media types include JSON and XML but others, like HTML or plain text, can also be used.

JSON Example of a Product Resource Representation:

    "id": 123,
    "name": "Product Name",
    "price": 19.99

XML Equivalent of the Same Product Resource:

    <name>Product Name</name>

Clients and servers must agree on a common media type for exchanging resource representations. This agreement is typically specified in the Content-Type header of HTTP requests and responses.

5.3. Content Negotiation

Content negotiation is the process of determining the media type of a request or response based on client and server preferences.

Clients can indicate their preferred media types using the Accept header in requests, while servers specify the media type of the response using the Content-Type header.

For example, a client can send an Accept: application/json header to request JSON-formatted data, and the server can respond with Content-Type: application/json to indicate that the response is in JSON format.

Content negotiation ensures that clients and servers can communicate using the media types they support, making RESTful APIs flexible and adaptable to different requirements.

6. RESTful API Design Best Practices

Designing a RESTful API involves making numerous decisions about resource structure, URI design, and interactions.

Following best practices ensures that your API is well-organized, easy to use, and consistent with REST principles.

6.1. Nouns Over Verbs

Use nouns (e.g., products, users, orders) in resource URIs rather than verbs (e.g., create, update, delete). RESTful APIs focus on resources and their representations, and HTTP methods (verbs) indicate the actions to be performed on resources. This leads to cleaner and more intuitive URIs.

Bad URI (Verb-Based):


Good URI (Noun-Based):


6.2. Plural Nouns in Resource URIs

When naming collections of resources, use plural nouns to indicate that multiple items are being referenced.

Bad URI (Singular Noun):


Good URI (Plural Noun):


6.3. Versioning RESTful APIs

API versioning is a critical aspect of designing RESTful APIs, as it allows you to introduce changes and enhancements without breaking existing clients. Effective versioning ensures that both new and existing users can continue using your API seamlessly.

6.3.1. Why Versioning Is Important?

API's versioning ensures backward compatibility as your API evolves. This allows you to introduce changes to your API without breaking existing clients.

As your API evolves, you may need to make backward-incompatible changes, such as modifying resource structures, altering request or response formats, or deprecating certain endpoints. Without versioning, these changes can disrupt existing clients and lead to compatibility issues.

6.3.2. Common API Versioning Strategies

Several versioning strategies are commonly used in RESTful APIs:

  • URI Versioning: Include the version number in the URI of your API. For example:

  • Request Parameter Versioning:

  • Content Negotiation Versioning: Use content negotiation to specify the version by including it in the request's Accept header and the response's Content-Type header. For example:

      Accept: application/vnd.myapi.v1+json
      Accept: application/vnd.myapi.v2+json
  • Custom Header Versioning: Define a custom header, such as X-API-Version, to specify the version. For example:

      headers: [X-API-Version: 1]
      headers: [X-API-Version: 2]

Each versioning strategy has its pros and cons. The choice of strategy depends on your API's requirements and the needs of your clients. Regardless of the strategy you choose, it's essential to document versioning clearly in your API documentation.

6.4. Use of HTTP Status Codes

Use appropriate HTTP status codes to indicate the result of an API operation.

HTTP responses include status codes that indicate the result of a request. Status codes are grouped into several categories, each with a specific meaning:

  • 1xx (Informational): These status codes indicate that the request was received and understood but requires further action.

    • 100 : Continue
  • 2xx (Successful): These codes indicate that the request was successfully received, understood, and accepted.

    • 200 : OK

    • 201 : Created

    • 202 : Accepted

    • 204 : No Content

  • 3xx (Redirection): These codes indicate that further action is needed to complete the request, such as redirection to another URL.

    • 301 : Moved Permanently

    • 307 : Temporary Redirect

  • 4xx (Client Errors): These codes indicate that there was a problem with the client's request, such as a missing or invalid parameter.

    • 400 : Bad Request

    • 401 : Unauthorized

    • 403 : Forbidden

    • 404 : Not Found

  • 5xx (Server Errors): These codes indicate that there was an error on the server's side while processing the request.

    • 500: Internal Server Error

    • 501: Not Implemented

    • 502: Bad Gateway

    • 503: Service Unavailable

    • 504: Gateway Timeout

6.5. Error Handling and Validation

Implement clear and informative error responses for API errors. Include details like error codes, descriptions, and, if applicable, links to relevant documentation.

6.6. Pagination and Filtering

When dealing with collections of resources, provide support for pagination and filtering to allow clients to retrieve data efficiently.

Use query parameters like page, per_page, and filter to enable this functionality.

6.7. Handling Authentication and Authorization

Implement authentication and authorization mechanisms to secure your API. Common approaches include API keys, tokens, OAuth, and JWT (JSON Web Tokens). Ensure that your API clearly communicates access restrictions and authentication requirements.


TypeArchitectural StyleProtocol
Message FormatSupports multiple data formats (e.g., JSON, XML).Always uses XML for messages.
Protocol & StandardsRelies on existing HTTP protocols and standards.Has its own set of specifications and standards (e.g., WS-Security, WS-ReliableMessaging).
ComplexitySimple and lightweight in nature.Typically more complex and rigid.
PerformanceGenerally more performant due to its lightweight nature.Can be less performant due to XML message format and added processing.
FlexibilityOffers greater flexibility in terms of data format and communication.Rigid structure with less flexibility in data format.
Use CasesIdeal for public APIs, web applications, and scenarios prioritizing simplicity and performance.Commonly used in enterprise-level applications requiring security, reliability, and strict transactional support.


RESTful APIs are a powerful and widely adopted architectural style for building web services. They offer simplicity, scalability, and flexibility, making them suitable for a wide range of applications.

When designing RESTful APIs, it's crucial to follow the best practices. Careful design, documentation, and adherence to REST principles will help you build APIs that are robust, maintainable, and developer-friendly.

And there you have it - the REST of the story! Remember that even in the world of APIs, it's okay to 'REST', because the only thing you'll be 'PUT'ting up with is success! Happy coding, and may your RESTful dreams be stateless, and your APIs be always available!