DEV Community

Eyüp Akdeniz
Eyüp Akdeniz

Posted on

HTTP & REST API Fundamentals

HTTP

HTTP (Hypertext Transfer Protocol) is a protocol used for exchanging data over the web.
HTTP Request is sent by a client (e.g., a web browser or mobile app) to a server, asking it to perform an operation (such as fetching or modifying data).
The client then waits for the server's HTTP Response.

Real-World Examples:

  • Loading product lists
  • Fetching user profiles
  • Checking order status

RESTful APIs

RESTful(Representational State Transfer) is an architectural style for designing web services (APIs).
It efficiently utilizes HTTP methods (GET, POST, PUT, DELETE, etc.) to standardize how clients interact with server resources.

Key Features:

✔ Resource-based URLs (/users, /products)

✔ Stateless (no client data stored between requests)

✔ JSON/XML responses

✔ Standard HTTP methods

REST API Best Practices

Client-Server Architecture : Backend (API) and frontend (UI) should be completely separate.

Stateless : Each request must contain all necessary authentication/authorization data.

Cacheable : Responses (especially GET requests) should be cacheable.

Uniform Interface : Resource access must follow consistent and clear rules.

Layered System : The client should never directly access the database.

Image description

HTTP Methods

Method Purpose
GET Retrieve data
POST Create data
PUT Full update
PATCH Partial update
DELETE Remove data

HTTP Status Codes

Code Range Type Common Codes
1xx Informational 100 Continue
2xx Success 200 OK, 201 Created
3xx Redirection 301 Moved Permanently
4xx Client Error 400 Bad Request, 404 Not Found
5xx Server Error 500 Internal Server Error

Request Headers:

  • Authorization: Passes credentials for authentication.
  • Content-Type: Specifies the media type (MIME type) of the request body.
  • Accept: Specifies the media type (MIME type) of the request body.
  • User-Agent: Identifies the client (browser, OS, or app).

Response Headers:

  • Content-Type: application/json
  • Access-Control-Allow-Origin(CORS) : Specifies which origins are allowed to access the resource.
  • Instructs the client to store cookies.
  • Set-Cookie: Session management
  • Rate limiting headers:
    • X-RateLimit-Limit
    • X-RateLimit-Remaining
    • Retry-After (on 429)

Top comments (0)