REST is misunderstood. Most 'REST' APIs are really RPC-over-HTTP. True REST is more disciplined. Here's what matters in practice.

Nouns as resources/users/123HTTP verbs = actionsGET/POST/PUT/DELETEStatus codes matter200 vs 201 vs 204Versioning/v1/ or Accept headerPaginationcursor > offsetConsistent errorsProblem DetailsIdempotency keyssafe retriesHATEOASnext linksRate limit headers
REST fundamentals + practical concerns
Advertisement

Resources not RPC

URLs identify things (users, orders), not actions. POST /users creates. DELETE /users/42 removes. Not /createUser.

Resources not RPC

URLs identify things (users, orders), not actions. POST /users creates. DELETE /users/42 removes. Not /createUser.

Advertisement

HTTP semantics

GET = safe + idempotent. PUT = idempotent replace. POST = create + non-idempotent. DELETE = idempotent removal. Follow them.

Versioning strategy

URL path (/v1/) is pragmatic. Accept header (application/vnd.myapp.v1+json) is purer. Pick one, stick with it.

Cursor pagination

Offset pagination breaks under insertions. Cursor pagination gives stable results. Return next_cursor with page.

RFC 9457 Problem Details

Standard error format. {type, title, status, detail, instance}. Machine-parseable. Better than custom error shapes.

Resources + HTTP semantics + versioning + cursor pagination + standard errors.