Tags: rest, api, http, status-codes, idempotency, pagination, headers, backend Last updated: 2026-06-26

RESTful API Design Cheatsheet

Quick Reference

ConceptKey Point
GETSafe, idempotent, cacheable
POSTNot idempotent, creates resource
PUTIdempotent, full replacement
PATCHNot necessarily idempotent
DELETEIdempotent, removes resource
200 OKSuccess
201 CreatedResource created
400 Bad RequestClient error
401 UnauthorizedMissing/invalid auth
403 ForbiddenInsufficient permissions
404 Not FoundResource doesn't exist
422 UnprocessableValidation failure
429 Too Many RequestsRate limited
500 Internal Server ErrorServer error

HTTP Methods & Semantics

MethodIdempotentSafe BodyUse For
GETYesYes NoRetrieve resource(s)
POSTNoNo YesCreate a new resource
PUTYesNo YesFull replace or upsert
PATCHMaybeNo YesPartial update
DELETEYesNo NoRemove a resource

Status Codes

2xx — Success

4xx — Client Errors

Resource Naming

GET    /users              # List users
POST   /users              # Create a user
GET    /users/42           # Get user 42
PUT    /users/42           # Replace user 42
PATCH  /users/42           # Partial update
DELETE /users/42           # Delete user 42

# Sub-resources
GET    /users/42/orders    # User 42's orders

Pagination

Cursor-Based

GET /users?cursor=eyJpZCI6NDJ9&limit=20
{ "data": [...], "pagination": { "next": "...", "has_more": true } }

Offset-Based

GET /users?offset=40&limit=20
{ "data": [...], "pagination": { "offset": 40, "limit": 20, "total": 157 } }

Filtering & Sorting

GET /users?status=active&role=admin       # Filter
GET /users?q=john                         # Search
GET /users?sort=-created_at,+name          # Sort
GET /users?fields=id,name,email           # Sparse fieldsets

Headers

# Request
Authorization: Bearer <token>
Content-Type: application/json
Idempotency-Key: unique-key-123
If-Match: "etag-value"

# Response
Location: /users/42
Retry-After: 120
X-Request-Id: abc-123

Error Response Format

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Validation failed",
    "details": [
      { "field": "email", "message": "Must be valid" }
    ],
    "request_id": "req_abc123"
  }
}

Tips