Home / Blog
Software Development

API Design - RESTful practices

NB
Nithya Balakrishnan
January 25, 2025 • 11 min read

Table of Contents

Introduction

RESTful APIs power modern web applications, microservices, and data integrations. The guide introduces the key RESTful concepts, practical patterns for developing robust and maintainable APIs, and common pitfalls to avoid for APIs that are consumable and durable.

What Makes an API RESTful?

REST (Representational State Transfer) treats data as resources accessed via standard HTTP methods. Core principles include:

  • Resources as nouns in URLs (e.g., /users, not /getUsers)
  • HTTP verbs for actions (GET, POST, PUT, DELETE)
  • Stateless operations—no server-side session memory
  • Standard status codes (200 OK, 404 Not Found, 500 Error)
  • Cacheable responses for performance

REST Resource Design Patterns

Good URL Structure:

  • ✅ GET /users # List users
  • ✅ GET /users/123 # Single user
  • ✅ POST /users # Create user
  • ✅ PUT /users/123 # Update user
  • ✅ DELETE /users/123 # Delete user
  • ✅ GET /users/123/orders # Related resources

Avoid these anti-patterns:

  • ❌ /getAllUsers
  • ❌ /deleteUser?id=123
  • ❌ /userById/123

FastAPI Implementation Example:


    from fastapi import FastAPI, HTTPException 
    from pydantic import BaseModel 
    from typing import List 
      
    app = FastAPI() 
    class User(BaseModel): 
        name: str 
        email: str 
      
    users_db = [] 
      
    @app.get("/users", response_model=List[User]) 
    def list_users(): 
        return users_db 
      
    @app.post("/users", response_model=User, status_code=201) 
    def create_user(user: User): 
        users_db.append(user) 
        return user 
      
    @app.get("/users/{user_id}", response_model=User) 
    def get_user(user_id: int): 
        if user_id >= len(users_db): 
            raise HTTPException(status_code=404, detail="User not found") 
        return users_db[user_id]

HTTP Status Codes Mastery

Use precise codes to communicate clearly:

Scenario Code Meaning
Success (list) 200 OK Returns data
Created 201 Created Resource created
No Content 204 No Content Success, no body
Bad Request 400 Bad Request Client error
Unauthorized 401 Unauthorized Auth required
Not Found 404 Not Found Resource missing
Rate Limited 429 Too Many Requests Slow down
Server Error 500 Internal Server Error Backend issue

Error Response Format:


    {  
      "error": {  
        "code": "VALIDATION_ERROR",  
        "message": "Email is required",  
        "field": "email"  
      }  
    }

Pagination, Filtering, and Sorting

Prevent huge responses with smart controls:

Query Parameters:

GET /users?page=2&limit=20&status=active&sort=-created_at&email=john@example.com

Response Structure:


    {  
      "data": [...],  
      "pagination": {  
        "page": 2,  
        "limit": 20,  
        "total": 150,  
        "pages": 8  
      }  
    }

Authentication and Security Essentials

Recommended Methods (2026):

  • JWT Tokens (stateless, scalable)
  • OAuth 2.0 (third-party access)
  • API Keys (simple server-to-server)

Always Implement:

  • HTTPS/TLS encryption
  • Rate limiting (100 req/min)
  • CORS properly configured
  • Input validation/sanitization
  • Token expiration & refresh

Header Example:


                Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...  
                X-RateLimit-Remaining: 47

API Versioning Strategies

Plan for evolution from day one:

Method Example Pros Cons
URL Path /v1/users Simple, clear URL changes
Header Accept: application/vnd.api.v2+json Clean URLs Client complexity
Query /users?version=2 No URL change Caching issues

Recommendation: URL path versioning (/v1/, /v2/) for most projects.

Documentation with OpenAPI

Auto-generate interactive docs:

OpenAPI Snippet:


    paths:  
    /users:  
      get:  
        summary: List users  
        parameters:  
          - name: page  
            in: query  
            schema: {type: integer, default: 1}  
        responses:  
          '200':  
            content:  
              application/json:  
                schema:  
                  type: object  
                  properties:  
                    data: {type: array}  
                    pagination: {}

Tools like Swagger UI or FastAPI's /docs make APIs self-documenting.

SyncBio Bioinformatics Implementation

SyncBio Bioinformatics applies these RESTful practices across bioinformatics platforms:

Bioinformatics API Services:

  • /v1/genomes/{id} - Genome metadata
  • /v1/variants?page=1&chromosome=chr1 - Variant queries
  • /v1/ml/predictions - ML model inference
  • JWT + rate limiting (1000 req/hour)
  • OpenAPI docs with Swagger UI

Key Results:

  • GenomeFlow API: 99.9% uptime, 50k daily calls
  • ML Pathology API: 2ms avg latency at scale
  • Developer Portal: Self-service OpenAPI specs

This RESTful foundation supports SyncBio's cloud-native bioinformatics services, genomic data platforms, and international research collaborations.

Need Professional Assistance?

Our experts can help you implement these solutions.

Get in Touch