REST API Design Cheat Sheet

Last Updated: November 21, 2025

HTTP Methods

Method	Purpose	Example
`GET`	Retrieve resource(s)	GET /users
`POST`	Create new resource	POST /users
`PUT`	Update entire resource	PUT /users/1
`PATCH`	Partial update	PATCH /users/1
`DELETE`	Delete resource	DELETE /users/1

URL Structure


         GET /users

Get all users


         GET /users/123

Get specific user


         GET /users/123/posts

Get user's posts


         POST /users

Create new user


         PUT /users/123

Update user


         DELETE /users/123

Delete user

Status Codes

Code	Meaning	Use Case
`200`	OK	Successful GET/PUT/PATCH
`201`	Created	Successful POST
`204`	No Content	Successful DELETE
`400`	Bad Request	Invalid request data
`401`	Unauthorized	Authentication required
`403`	Forbidden	No permission
`404`	Not Found	Resource doesn't exist
`500`	Server Error	Server-side error

Request/Response Examples

// POST /users (Create)
Request:
{
  "name": "John Doe",
  "email": "john@example.com"
}

Response (201):
{
  "id": 123,
  "name": "John Doe",
  "email": "john@example.com",
  "created_at": "2024-01-01T00:00:00Z"
}

// GET /users?page=1&limit=10 (List with pagination)
Response (200):
{
  "data": [...],
  "pagination": {
    "page": 1,
    "limit": 10,
    "total": 100
  }
}

// Error response (400)
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid email format"
  }
}

Best Practices


         Use nouns, not verbs

/users not /getUsers


         Use plural nouns

/users not /user


         Use sub-resources

/users/123/posts


         Version your API

/v1/users


         Use query params for filtering

/users?role=admin


         Return appropriate status codes

201 for creation, not 200


         Use HTTPS

Always encrypt in production

💡 Pro Tip: Consistency is key - stick to naming conventions across your entire API!

← Back to Databases & APIs | Browse all categories | View all cheat sheets