10 best practices for REST API design 

4 min read 1343

10 Best Practices For Rest API Design

REST API, an acronym for representational state transfer, is an architectural style for distributed hypermedia systems. It is a flexible method of designing APIs in a way that follows a certain protocol.

A REST API enables the client to communicate with the server by transferring states of data stored mainly in a database. Because clients and servers work independently, we need some interface that can facilitate communication between them. A client sends a request to the server via the API, which returns the response in a standardized format like JSON or XML.

REST APIs play a crucial role in facilitating communication in servers, so it is critical for a developer to have a deep understanding of how to use them. An error-prone API causes huge functional issues for the client and makes the software less appealing altogether.

In this article, we’ll take a deeper look at the best practices for designing REST APIs to ensure the best performance possible.

Best practices for optimizing your REST API

1. Use JSON for sending and receiving data

A well-designed REST API should always accept and receive data in the JSON format.

JSON is a lightweight data exchange format that has become the standard for many developers. It is available in many technologies and makes encoding and decoding fast and easy on the server side due to its lightweight nature. Moreover, JSON is readable and easy to interpret.

XML, a JSON alternative, is not supported by as many frameworks. Additionally, XML data manipulation can be a hassle compared to JSON because it is verbose and difficult to write.

To make sure that the REST API is using the JSON format, always set the Content-Type in the response header to application/JSON. Most backend frameworks have built-in functions to automatically parse the data to JSON format.

2. Use nouns instead of verbs

Naming conventions for REST APIs are important and can save a lot of confusion.

We should never use verbs like DELETE, PUT, or GET in our API endpoints as they are similar to the standard HTTP request methods. Additionally, the noun used for the API already perfectly describes the entity that is being manipulated.

However, when we want to refer to verbs, we mostly refer to HTTP methods such as GET, POST, PUT, and DELETE. These resemble CRUD operations that are happening on the database layer, which we don’t want to integrate directly in the API naming.

Let’s suppose we have to retrieve the list of users. We will name the API as follows:

const express = require('express');
const bodyParser = require('body-parser');

const app = express();


app.get('/user’, (req, res) => {
  const user’= [];

//Avoid this.
aap.get(‘getUser’, req,res)=>{
  const user’= [];

3.Use plurals for collections

Retrieving data from the database is usually required in bulk instead of from a single object because most operations are plural and list-based. Therefore, we should use plurals for the endpoints in our API. This keeps things simple and consistent between our API and the databases.

For example, if you are designing an API to retrieve all the users in the database, your endpoint should look like this:

// (List of users)

An incorrect endpoint would look like this:


4. Don’t ignore error handling

Every application is prone to errors, which is why error handling is so important. A good API should always return the proper HTTP error code that correctly explains the nature of the specific error that has occurred.

Let’s imagine we want to return an error for a bad request. The code example below is registering users with their email address:

const express = require('express');
const bodyParser = require('body-parser');

const app = express();

// existing users
const users = [
  { email: '[email protected]' }


app.post('/users', (req, res) => {
  const { email } = req.body;
  const user= users.find(u => u.email === email);
  if (user) {
    return res.status(400).json({ error: 'User already exists' })
app.listen(3000, () => console.log('server started'));

We have added a function that returns an error in case the email entered is already in use. Error 400 is used for a bad request and informs the client to enter a different email address. Error messages that elaborate on the problem make debugging easier, which is another reason REST APIs are wildly popular.

5.Filter the data

As any experienced developer knows, databases can grow to huge sizes that become difficult to manage when they grow to huge sizes. When a request comes, we must retrieve only the data we need instead of returning everything in our database.

For this, we must use a filter. This only returns the data required for fulfilling the request, which results in better performance and a huge amount of bandwidth being saved on the client side. As the database size grows, filters become more important.

6. Keep the security tight

Database security should be one of the biggest concerns for every API developer; a security breach can cost a company millions of dollars in losses.

As data sometimes contains sensitive information like credit card information, we have to keep the communication between server and client totally private. SSL/TLS security is a common and affordable way to make sure every request and response is encrypted over the channels.

Additionally, a user should not be able to access more data than needed. For example, user A accessing user B’s data poses a huge privacy and security threat. One way to solve this is providing admins with their own privileges and assigning roles to users individually.

7. Automate caching

Repeatedly requesting and responding to the same data is resource-consuming and a sign of flawed design. To fix this problem, store data fetched from the API on the server, and serve from there.

One issue that may arise, however, is that the data may become outdated. For this, there are several industry-standard caching solutions that can cache data after every change like Redis and Amazon ElasticCache.

8. Assign proper API versioning

If you are planning to make changes to your API, always make sure to assign the proper version so that the client end does not break. You should provide options for clients to either continue using the previous version or try the newer one.

The goal is to provide the best possible user experience by keeping updates optional for the clients. Common practice is to add a version before the endpoint as follows:


9. Use nesting for showing relationships

Keeping related endpoints together to create a hierarchy is known as API nesting. For example, if a user has any active orders, then nesting the /order after the /users/:id is good way of managing the API:

https://api.abc.com/users (list of users)
https://api.abc.com/users/321 (specific user by using filters)
https://api.abc.com/users/321/order (list of the order of the specific user)

It is recommended to use fewer nesting levels to prevent overcomplicating your application; you can use filtering to reduce the number of nesting levels. Two-level nesting typically keeps the API simpler and gets the job done.

More great articles from LogRocket:

10.Provide API documentation

Providing thorough documentation is crucial for any API. Without clear documentation, it will be impossible for the clients to use the API correctly. We have to make sure that the API documentation uses simples language and is continually updated with new releases.

Solid API documentation should include the following characteristics:

  • Simple wording and language
  • An explanation of the request, an example, and the sample responses for each endpoint
  • Implementation of the API in different programming languages (if applicable)
  • Possible error messages enlisted


As internet traffic has increased, more and more data is being fetched every day. A good API is a backbone for any system to keep things running smoothly. If we follow the above practices while designing our APIs, the result will be highly functional and performant applications.

Get set up with LogRocket's modern error tracking in minutes:

  1. Visit https://logrocket.com/signup/ to get an app ID
  2. Install LogRocket via npm or script tag. LogRocket.init() must be called client-side, not server-side
  3. $ npm i --save logrocket 

    // Code:

    import LogRocket from 'logrocket';
    Add to your HTML:

    <script src="https://cdn.lr-ingest.com/LogRocket.min.js"></script>
    <script>window.LogRocket && window.LogRocket.init('app/id');</script>
  4. (Optional) Install plugins for deeper integrations with your stack:
    • Redux middleware
    • NgRx middleware
    • Vuex plugin
Get started now

Leave a Reply