​

RESTful design and naming

​

RESTful design principles

​

HTTP methods

​

Naming conventions

​

URI naming

• Use plural nouns, lowercase, hyphenated names
• No verbs in URLs
• Nest resources only if there is a logical hierarchy or relationship
• Keep nesting shallow (2 levels max)

GET    /users
POST   /users
GET    /users/{user_uuid}
PATCH  /users/{user_uuid}
DELETE /users/{user_uuid}
GET    /users/{user_uuid}/authenticators

GET    /user-groups
GET    /user/{user_uuid}/adress-verification-requests

​

Resource identifiers: IDs vs UUIDs

• UUIDs should be used for externally exposed REST APIs
• Numeric, auto-increment IDs (/users/1) must not be exposed; they have a risk for enumeration
• Only when there is no other way around it you can use auto-increment IDs
• Internal IDs may exist but should never be part of the public API contract

• Prevents ID enumeration and scraping
• Improves security by design
• Decouples API contracts from database implementation details
• Enables safer data migrations and sharding

GET /users/550e8400-e29b-41d4-a716-446655440000
PATCH /devices/{device_uuid}
DELETE /orders/{order_uuid}

GET /users/1
PATCH /devices/42

​

Path parameter naming

​

Field naming (JSON bodies)

{
  "user_name": "john_doe",
  "email_address": "john@example.com"
}

​

Parameter naming in URI, path, body

GET /users?page_size=50&client_id=123

{
  "first_name": "Max"
}