REST API Principles

Create a free account to save your progress

Earn XP, track streaks, and sync your dashboard across devices.

Lesson

Every developer eventually has to build an APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses., and every developer eventually has to use one that was clearly designed without any thought. Learning RESTWhat is rest?An architectural style for web APIs where URLs represent resources (nouns) and HTTP methods (GET, POST, PUT, DELETE) represent actions on those resources. conventions means you'll build APIs that other developers (including future you) can actually understand and use without a manual.

What RESTWhat is rest?An architectural style for web APIs where URLs represent resources (nouns) and HTTP methods (GET, POST, PUT, DELETE) represent actions on those resources. actually is

REST stands for Representational State Transfer. Roy Fielding coined it in his 2000 doctoral dissertation, and it describes a set of architectural constraints rather than a strict protocolWhat is protocol?An agreed-upon set of rules for how two systems communicate, defining the format of messages and the expected sequence of exchanges.. Think of it like a style guide for how HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted.-based APIs should behave, one that the whole industry eventually agreed to follow.

An APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. that follows these constraints is called RESTful. That word gets thrown around loosely, but at its core it means: you use HTTP's built-in mechanics (methods, status codes, headers) to represent what you're doing to resources, and you don't bolt on extra conventions that HTTP already handles.

REST is often contrasted with RPC (Remote Procedure Call), where endpoints are named after actions (/getUser, /deleteOrder). REST flips that: endpoints are named after things (resources), and actions are expressed through HTTP methods.

The core constraints

Statelessness

This is the most important constraint in practice. Every request from the client to the server must contain all the information needed to understand and process it. The server stores no client context between requests.

That means no "are you logged in from before?" memory on the server. If a request needs authenticationWhat is authentication?Verifying who a user is, typically through credentials like a password or token., the auth tokenWhat is token?The smallest unit of text an LLM processes - roughly three-quarters of a word. API pricing is based on how many tokens you use. goes in the request header, every time.

// Good: Request carries its own context
GET /api/orders/456
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

// Bad: Server is expected to remember you from a previous request
GET /api/orders/456
// (assumes the server knows who you are from last time)

Statelessness gives you scalability. Any server in a cluster can handle any request because no server holds special knowledge about any client. It also makes debugging much easier, a request either has what it needs or it doesn't.

Client-server separation

The client handles the user interface. The server handles data storage and business logic. They talk to each other only through the APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses.. Neither side knows or cares how the other is implemented internally.

This lets you replace your entire frontend (say, switching from a web app to a mobile app) without changing the API. It lets you scale the backend independently without touching the UI. It's the reason APIs exist in the first place.

Cacheability

Responses must tell clients whether they can cache the data and for how long. This reduces load on the server and speeds up responses for clients.

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Type: application/json

{
  "id": 123,
  "name": "Product A"
}

GET requests are typically cacheable. POST, PUT, PATCH, and DELETE are not, because they modify data.

Uniform interface

This is what makes RESTWhat is rest?An architectural style for web APIs where URLs represent resources (nouns) and HTTP methods (GET, POST, PUT, DELETE) represent actions on those resources. consistent across different APIs. Four sub-constraints make it up:

Resource identification: resources are identified by URIs (/users/123, /orders/456/items)
Manipulation through representations: clients send JSONWhat is json?A text format for exchanging data between systems. It uses key-value pairs and arrays, and every programming language can read and write it. (or XML) to modify resources, not raw commands
Self-descriptive messages: each message includes enough info to describe how to process it (content type, method, etc.)
HATEOASWhat is hateoas?A REST constraint where API responses include hyperlinks to related actions, so clients can discover available operations without hardcoding URLs.: responses include links to related actions

HATEOAS (Hypermedia as the Engine of Application State) is the most theoretical constraint. In practice, most APIs skip it, but the idea is useful: responses tell clients what they can do next.

json

{
  "id": 123,
  "name": "John Doe",
  "links": [
    { "rel": "self", "href": "/users/123" },
    { "rel": "orders", "href": "/users/123/orders" }
  ]
}

RESTWhat is rest?An architectural style for web APIs where URLs represent resources (nouns) and HTTP methods (GET, POST, PUT, DELETE) represent actions on those resources. vs the alternatives

It helps to understand what REST is competing against to know when to use it.

Approach	Style	Endpoints	Best for
REST	Resource-oriented	Many (one per resource)	Standard CRUD, public APIs
RPC	Action-oriented	Many (one per action)	Internal services, tight coupling
GraphQL	Query language	One	Complex data needs, mobile clients
WebSockets	Event-driven	One (persistent)	Real-time (chat, live data)

REST is the right choice when you have well-defined resources, need caching, want HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted. semantics, or are building a public APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. that other teams will consume. It's not the right choice when your clients need flexible data shapes (GraphQLWhat is graphql?A query language for APIs where clients specify the exact shape of data they need in a single request, avoiding over-fetching and under-fetching. wins there) or when you need sub-second real-time updates (WebSockets win there).

Quick reference

Constraint	What it means	Why it matters
Stateless	No server-side session state	Scalability, debuggability
Client-server	Separated concerns	Independent evolution
Cacheable	Responses declare cache policy	Performance
Uniform interface	Consistent conventions	Predictability
Layered system	Client can't tell if it hits a proxy	Flexibility

Done

Complete & Next