Examples
GET /api/v1/users/42 → { "id": 42, "name": "Alice", "email": "alice@example.com" }POST /api/v1/users { "name": "Bob", "email": "bob@example.com" } → 201 Created, Location: /api/v1/users/99PUT /api/v1/users/42 { "name": "Alice Smith" } → 200 OKDELETE /api/v1/users/42 → 204 No ContentGET /api/v1/posts?author=42&status=published&page=2&limit=20
FAQ
REST is stateless but how do I handle authentication?
Each request includes a token (JWT, OAuth Bearer) in the Authorization header. The server validates the token without maintaining a session; the token contains claims (user ID, permissions). This enables statelessness: any instance can verify the token.
When do I use PUT vs PATCH?
PUT replaces the entire resource; you send all properties. PATCH updates partially; you send only the properties that change. Example: PATCH /users/42 { "email": "new@example.com" } updates only email, leaving the rest intact.
How do I handle relationships in REST?
Three approaches: 1) Subresources: GET /users/42/posts. 2) Query params: GET /posts?user_id=42. 3) Include relations in response: GET /users/42?include=posts (returns user with embedded posts). Choose based on depth and access frequency.