A REST API is a simple, standardized method of communication between web clients and servers. The main building blocks of the REST API are the request and the response. Learn about the REST API and how to issue requests and receive response data. 

A REST API is a web service that uses the REST architectural style to exchange data between clients and servers. REST stands for ‘Representational State Transfer and web services that adhere to the REST style must satisfy a set of constraints:

  1. Client-server architecture. Separation of user interface and data storage components
  2. Stateless. The client maintains the state information and each request contains the data needed for the server to respond
  3. Cacheable communications protocol. Clients and intermediaries may cache responses to improve scalability and performance
  4. Layered system. Proxies and other intermediaries may transparently assist the server with processing a client request to improve scalability
  5. Uniform interface. For web services, a URI describes the resource and HTTP methods describe the request

When you browse a social media website, the web server would probably use a REST API to request data from a database server. Then, the website formats the data and feeds it to you.

Apps that use the REST API set of rules to communicate are also called RESTful web services.

How it Works

RESTful web services are standardized. A client requests server resources using HTTP methods – usually, GET, POST, PUT and DELETE.

  1. GET. Extracts data from a server
  2. POST. Creates new data on a server
  3. PUT. Updates existing data on a server
  4. DELETE. Deletes resources from a server

The server response could be JSON, images, HTML, or audio files stored at a given URL.

REST API model

In REST, URLs are called resources, while the data sent to you is a response. 

The Request Anatomy

Each request consists of four elements – the resource, method, headers and data body. To comply with a request, you need to perform the following steps:

  • Identify your resource. The root server address is the starting point of your request. For example, Github’s API root address is https://api.github.com. Then, access a path to the resources as you link to website parts: https://api.github.com/tag/javascript/
  • Choose your method. Determine which type of request – GET, POST, PUT or DELETE – you send to the server
  • Identify your header. Like in usual letters, request headers provide valuable information about the request body, authentication or security. You can group headers by their context or how proxies handle
  • Determine the message data. The message body contains the information you want to send to the server. This option can be used in POST, PUT and DELETE requests

Securing REST APIs

REST APIs have no built-in security features or encryption. Here are some tips to ensure data privacy and integrity:

  • Don’t include unnecessary data such as user names in URLs
  • Hash all passwords
  • Secure your REST APIs by using HTTPS
  • Add timestamps to requests