REST API Masterclass
Architecting Modern Backends01.Home02.What is REST?03.HTTP Deep Dive04.URI Best Practices05.JSON & Data Formats06.Environment Setup07.Your First Resource08.Advanced Controllers09.Database Strategy10.JWT Authentication11.Role-Based Auth (RBAC)12.API Versioning13.Filtering & Searching14.Pagination & Sorting15.Global Error Handling16.Rate Limiting17.CORS & Security18.Swagger & OpenAPI19.Testing with Supertest20.Webhooks & Caching21.Production Checklist
HTTP Methods & Status Codes
HTTP is the language of the web. To build a great API, you must use the protocol's built-in features correctly rather than reinventing them.
1. HTTP Methods (Verbs)
| Method | Standard Use Case | Idempotent? |
|---|---|---|
GET | Retrieve a resource | Yes |
POST | Create a new resource | No |
PUT | Update/Replace a resource | Yes |
PATCH | Partial update to a resource | No |
DELETE | Remove a resource | Yes |
2. Semantic Status Codes
Never return 200 OK for everything. Use specific codes so clients know what happened.
- 201 Created: After a successful POST.
- 204 No Content: After a successful DELETE.
- 400 Bad Request: Validation failed.
- 401 Unauthorized: No valid login found.
- 403 Forbidden: Logic found, but user doesn't have permission.
- 404 Not Found: Resource doesn't exist.
- 429 Too Many Requests: Rate limit exceeded.
3. Idempotency
An operation is idempotent if performing it multiple times has the same effect as performing it once. GET and DELETEare idempotent. POST is not (as it creates a new record each time).
Pro Tip: Use the
Location header in a 201 Createdresponse to tell the client exactly where the new resource can be found.