Whether you're building an Express API or consuming one, these conventions are the shared language of web teams.
Resources are nouns; methods are verbs
GET /api/students # list (with filters) GET /api/students/42 # one POST /api/students # create โ 201 + the created object PUT /api/students/42 # replace PATCH /api/students/42 # partial update DELETE /api/students/42 # remove โ 204 # nested relations โ one level max GET /api/students/42/marks # โ never: /getStudents, /student_delete.php?id=42
Query params = filtering; path = identity
GET /api/students?dept=cse&sort=-cgpa&page=2&limit=20
Error responses โ pick a shape, keep it
// 400
{ "error": { "code": "VALIDATION", "message": "cgpa must be 0โ10", "field": "cgpa" } }Consistent error shapes are what make frontends pleasant to write against โ inconsistent APIs are why frontend devs drink chai angrily.
Rapid-fire conventions
- Version from day one:
/api/v1/โฆ - Plural nouns, lowercase, hyphens
- PUT/DELETE are idempotent (same call twice = same result) โ a favorite interview probe
- Status codes from the status code guide โ 200/201/204/400/401/403/404/500 cover almost everything