REST API Cheat Sheet
https://brcline.com May 11 2022
Versioning Status Codes
MAJOR.MINOR.PATCH 1xx- Informational Request.
2xx- Request was successful.
Versioning in URL: 3xx- Request was Redirected. Rarely used.
https://api.example.com/v1/books/1 4xx- Client Errors (often codes like 401, 404)
Versioning in HTTP Header: 5xx- Server problem (most often 500).
Accept: application/json; version=1
Code English Meaning
Consistent URI
200 Okay. Resource in body.
Simple is better
201 Created. Should return created
Plural for resources, noun based
resource in body.
Get all books: GET: /v1/books 202 Accepted. Not always used.
Get specific book: GET: /v1/books/1
203 Normally used for caching.
Methods
400 Bad request.
GET to retrieve a resource;
PUT to change the state of or update a 401 Unauthorized/Invalid Token or API key.
resource, which can be an object, file or block;
POST to create that resource; and 402 Payment Required.
PATCH – update/modify
DELETE to remove it. 403 You don’t have access to resource.
VERB Standard Return Codes
404 Not found. Resource is missing.
GET 200, 401, 403, 404
405 Method not allowed.
POST 200 (should be 201), 201,
401, 403, 404,422 422 Unprocessable entity. Missing fields
PUT 200, 401, 403, 404,422 OR invalid XML or JSON.
PATCH 200,401,403,404,422 429 Too many requests. Rate limiting.
DELETE 204,401,403,404,422
500 Internal Server Error
Errors Authentication/Authorization
Always Respond in same format as HTTP Basic: username + password encoded as base64
Accept Request Authorization: “Basic YnJpYW5QHNzd29yZDEq”
HTTP/1.1 401 Unauthorized Bearer/token: tokens called bearer tokens. Often
Content-Type: application/json JWT
{ Authorization: Bearer someCrypticString
"errorCode": "401"
"message": "Unauthorized. You are not API keys: unique value used only by one
logged in." customer
} Often done as query string. Not very secure
when in query string.