Endpoints conventions
GET /orders
returns all orders. The response body must contain the data as an array of orders.GET /orders/{id}
returns the order with identifier {id}
. The response body must contain the order data.POST /orders
creates an order using the data provided in the request body. The response body must contain the newly created order data, including a newly generated unique resource identifier.PUT /orders/{id}
updates the whole order resource with identifier {id}
using the data provided in the request body. The response body must contain the modified order data. The endpoint must never update the unique identifier of the entity. Favor PATCH
instead of PUT
.PATCH /orders/{id}/status
partially updates the resource with identifier {id}
using the data provided in the request body. The response body must contain the whole modified order.DELETE /orders/{id}
deletes the order with identifier {id}
.
Response HTTP status codes
200 OK
represents a successful operation201 CREATED
indicates that a resource was successfully created. It is usually used together withPOST
.- 202 ACCEPTED says that the operation was acknowledged by the server and that the operation will complete sometime in the future. Should be used whenever the underlying operation is expensive (eg. takes a long time).
204 NO CONTENT
indicates a successful operation with no response body. It is used usually together with the verbs that mutate the data on the server.400 BAD REQUEST
if the request data provided by the client is invalid. It could refer to path variables, query parameters, headers or the body.401 UNAUTHORIZED
if theAuthorization
header contains invalid data (wrong format, expired, etc.).403 FORBIDDEN
if theAuthorization
header doesn’t contain all the required privileges for the endpoint execution (ex. a user lacks a permission)404 NOT FOUND
when the URL cannot identify a resource considering all path variables409 CONFLICT
when the request is correct but the processing fails because there’s a conflict between the provided request data and the server’s data422 UNPROCESSABLE CONTENT
indicates that the server understood the request data and considered it as correct, but, based on the provided date, the server successfully process the request. This status code is frequently used to indicate business related errors.500 INTERNAL SERVER ERROR
in case an unexpected error occurs.
Idempotency
The verbs GET
, PUT
, PATCH
, DELETE
are idempotent, meaning that the state of the server will remain unchanged after the first request is executed regardless of how many identical requests the server processes.
Response representation
Each response should contain at least one of:
data
is the data returned from the API- should be an array in case the API returns collection of resource representations; if the API returns an empty collection then an empty array should be returned
- should be the resource representation in case the endpoint returns a single resource; if the resource is not available/found then
null
should be returned together with the200
status code OR404
status code with an empty response body
errors
indicates that errors occurred during the request processingmeta
may contain any other non standard data and must be an object
Responses should not contain both data
and errors
.
Example of a successful response:
[ "data": { "id": "...", "name": "John Doe" } ]
Each error should contain at least one of the following:
id
a unique identifier of the error stored in a database or in the logsstatus
required, the HTTP status code, as string, the best describes the problemcode
application specific error code, as stringtitle
a human readable summary of the error (except localization cases)detail
a human readable description of the errorsource
indicates where the error happened and should contain one of the following:pointer
indicates the place from the request body where the error occurred, ex./data/name
where/data
refers to the primary resource and/name
represents the name fieldparameter
indicates the query parameter at which the problem occurredheader
indicates the header at which the problem occurredmeta
can contain other data related to the error
In case the endpoint needs to return all errors related to the request, the response HTTP status code should be either 400
or 500
depending on the type of errors that occurred.
Example:
[ "errors": { "id": "634ef39d-f253-4598-b59a-bd9089a239e7", "status": "422", "code": "24205", "title": "Failed to re-send the order processed notification", "detail": "We were not able to re-send the notification for the processed order", } ]
Sorting
GET /orders?sort=created_at,created_by
sorts the result in ascending order by created_at
and then by created_by
GET /orders?sort=-created_at,created_by
sorts the result in descending order by created_at
and then in ascending order by created_by
Pagination
GET /orders?page[offset]=5&page[limit]=10
skips the first 5 records and returns the next 5 records
GET /orders?page=2&page_size=50
skips first 50 records and will return the next 50 records.
GET /orders?cursor=b0870299-7de8-4835-9668-67fe434810b4
cursor-based pagination uses a cursor (e.g., an encoded string) to indicate the position of the last item fetched in the previous request. The API then returns the next set of results starting after that cursor. It’s often considered more efficient than offset-based pagination for large datasets since it avoids the “skip” problem
Filtering data
GET /orders?filter[amountRangeMin]=100&filter[amountRangeMax]=3000&filter[created_by]=e058eb69-2e33-4179-ba34-ddd5f5ab9d9a
should return the orders created by the user with ID e058eb69-2e33-4179-ba34-ddd5f5ab9d9a
which total amount is in range [100, 3000].