[Part 2] REST API Components & How to read them
[Part 2] REST API Components & How to read them
Decode the language of the web by breaking down REST APIs into their core components. Learn how to read requests, interpret status codes, and understand exactly what's happening between the client and the server.
Updated:
Oct 31, 2023
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M 18.5 0 L 1.5 0 C 1.102 0 0.721 0.158 0.439 0.439 C 0.158 0.721 0 1.102 0 1.5 L 0 18.5 C 0 18.898 0.158 19.279 0.439 19.561 C 0.721 19.842 1.102 20 1.5 20 L 18.5 20 C 18.898 20 19.279 19.842 19.561 19.561 C 19.842 19.279 20 18.898 20 18.5 L 20 1.5 C 20 1.102 19.842 0.721 19.561 0.439 C 19.279 0.158 18.898 0 18.5 0 Z M 6 17 L 3 17 L 3 8 L 6 8 Z M 4.5 6.25 C 4.156 6.24 3.823 6.129 3.542 5.931 C 3.261 5.733 3.044 5.456 2.919 5.136 C 2.794 4.815 2.767 4.465 2.84 4.129 C 2.913 3.793 3.083 3.486 3.33 3.246 C 3.577 3.006 3.889 2.844 4.227 2.781 C 4.565 2.717 4.914 2.755 5.231 2.889 C 5.548 3.022 5.818 3.247 6.008 3.533 C 6.198 3.82 6.3 4.156 6.3 4.5 C 6.292 4.97 6.098 5.418 5.761 5.746 C 5.424 6.074 4.97 6.255 4.5 6.25 Z M 17 17 L 14 17 L 14 12.26 C 14 10.84 13.4 10.33 12.62 10.33 C 12.391 10.345 12.168 10.405 11.963 10.507 C 11.757 10.609 11.574 10.751 11.423 10.923 C 11.273 11.096 11.158 11.297 11.085 11.514 C 11.013 11.732 10.984 11.961 11 12.19 C 10.995 12.237 10.995 12.283 11 12.33 L 11 17 L 8 17 L 8 8 L 10.9 8 L 10.9 9.3 C 11.193 8.855 11.594 8.493 12.067 8.247 C 12.54 8.002 13.068 7.883 13.6 7.9 C 15.15 7.9 16.96 8.76 16.96 11.56 Z" fill="rgb(0, 0, 0)" height="20px" id="D2av7Oa6w" width="20px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 22 20" xmlns="http://www.w3.org/2000/svg"><path d="M 17.445 0 L 20.842 0 L 13.421 8.487 L 22.151 20.036 L 15.315 20.036 L 9.962 13.031 L 3.836 20.036 L 0.437 20.036 L 8.374 10.958 L 0 0 L 7.009 0 L 11.848 6.402 Z M 16.253 18.001 L 18.135 18.001 L 5.986 1.928 L 3.966 1.928 Z" fill="rgb(0, 0, 0)" height="20.035778175313055px" id="eWFuVHpu9" width="22.150617531305898px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 36 20" xmlns="http://www.w3.org/2000/svg"><g d="M 10.028 20.193 C 15.566 20.193 20.055 15.672 20.055 10.096 C 20.055 4.52 15.565 0 10.028 0 C 4.489 0 0 4.519 0 10.096 C 0 15.674 4.489 20.193 10.028 20.193 Z M 26.042 19.6 C 28.811 19.6 31.056 15.345 31.056 10.096 C 31.056 4.848 28.811 0.592 26.042 0.592 C 23.273 0.592 21.028 4.848 21.028 10.096 C 21.028 15.344 23.273 19.6 26.042 19.6 Z M 33.793 18.611 C 34.766 18.611 35.556 14.798 35.556 10.095 C 35.556 5.393 34.767 1.58 33.793 1.58 C 32.818 1.58 32.028 5.394 32.028 10.095 C 32.028 14.797 32.818 18.611 33.793 18.611 Z" fill="transparent" height="20.192992592592603px" id="QCOTD_aoT" width="35.555552243833176px"><path d="M 10.028 20.193 C 15.566 20.193 20.055 15.672 20.055 10.096 C 20.055 4.52 15.565 0 10.028 0 C 4.489 0 0 4.519 0 10.096 C 0 15.674 4.489 20.193 10.028 20.193 Z" fill="rgb(0, 0, 0)" height="20.19299259259259px" id="jW1ICukqX" transform="translate(0 0)" width="20.05540740740753px"/><path d="M 5.014 19.008 C 7.783 19.008 10.028 14.753 10.028 9.504 C 10.028 4.256 7.783 0 5.014 0 C 2.245 0 0 4.256 0 9.504 C 0 14.752 2.245 19.008 5.014 19.008 Z" fill="rgb(0, 0, 0)" height="19.00823703703702px" id="o80dVBhnW" transform="translate(21.028 0.592)" width="10.02800000000002px"/><path d="M 1.764 17.031 C 2.738 17.031 3.527 13.218 3.527 8.515 C 3.527 3.813 2.739 0 1.764 0 C 0.79 0 0 3.814 0 8.515 C 0 13.217 0.79 17.031 1.764 17.031 Z" fill="rgb(0, 0, 0)" height="17.030755555555572px" id="dzJnzwG1A" transform="translate(32.028 1.58)" width="3.527407407407395px"/></g></svg>)
Dev teams spend a large chunk of time designing and building APIs so it’s crucial you’re able to fully engage during technical discussions about them.
In this 3-part “Guide to APIs” series, I’ll walk you through the most critical API knowledge. We won’t go deep into implementation—just deep enough for you to be dangerous.
[Part 2] REST API components & How to read them
[Part 3] PM Best Practices for Debugging APIs
————————————————————
If you missed Part 1 of this 3 part "Guide to APIs" series, check it out here.
In Part 1, you learned about API communication protocols and 3 of the most commonly used ones: REST, SOAP, and GraphQL.
In Part 2, we’re going to get real close and intimate with REST APIs specifically.
Why? Because REST APIs are the most prevalent and user-friendly type of APIs that you’re most likely encounter. As a product manager, you play a pivotal role in working with your engineering team to bring digital solutions to life, and a fundamental part of that collaboration is understanding REST APIs.
So in this essay, you’ll get a break down of REST APIs into their essential components so you can confidently discuss, dissect, interact with, and debug them.
Brief intro to REST APIs
Recall in part 1 that APIs allow two applications to communicate with each other.
REST APIs are a set of rules and conventions that defines a standardized way for requests and responses to be structured and exchanged. It is based on the principles of REST, which is a software architectural style for designing networked applications. You’ll also hear the term RESTful APIs in relation to REST APIs.
Here are a couple examples of RESTful rules and conventions followed by REST APIs (not important to memorize, just to give you an idea of what these rules look like):
Client-server: Separation of concerns whereby the user interface concerns (client) are separate from the data storage concerns (server).
Stateless: Each request from the client to the server must contain all of the information necessary to understand and complete the request. The server cannot use previously stored context information on the server.
REST APIs make extensive use of HTTP (Hypertext Transfer Protocol) as the foundation for communication between clients (like web browsers or mobile apps) and servers (where the API is hosted).
The majority of what you need to know about APIs are related to HTTP and it’s components. We can broadly bucket the components into the API Request and API Response:
API Request
When you make a request to an API, you’re essentially saying, “I want to do something or get something from this endpoint.” Requests consist of the following components:
Endpoint
HTTP Method
Request Headers
Request body
1/ API Endpoint
An endpoint is the specific location aka the access point to the API. Think of it as an address for a particular service or resource. These endpoints are usually represented as URLs (Uniform Resource Locators), making them easy to understand. The API endpoint is made up of the “ Base URL” plus the “path” of the API.
2/ HTTP Methods
HTTP (Hypertext Transfer Protocol) methods are the actions you can take when interacting with an API. There are 8 request types but 4 are the most commonly used:
GET: This method is like asking for information. When you send a GET request to an API’s endpoint, you’re requesting data, like retrieving weather information for a specific location.
POST: When you send a POST request, you’re submitting data to the API which adds new data to the database. This could be creating a new user account or adding a comment on a blog post.
PUT: Use the PUT method to update existing data. For instance, you might change your profile picture on a social media app.
DELETE: As the name suggests, the DELETE method is for removing data. If you want to delete a post or an account, you’d use this method.
You’ll likely see all 4 HTTP methods being used at some point, but out of the 4, you’ll see the GET and POST method most frequently and those are the two that you should be most familiar with.
Two quick side notes:
The POST and PUT methods are often used interchangeably. The difference has to do with something called idempotency which is very technical in nature and really not worth diving into if you’re just getting started with APIs, but feel free to read about idempotency here if you’re curious.
You’ll also see the same POST API sometimes used to both add new data and update existing data. Developers may decide to design the API this way to be more efficient as opposed to creating and managing two separate APIs in the business logic: one POST and the other PUT.
The POST and PUT methods are often used interchangeably. The difference has to do with something called idempotency which is very technical in nature and really not worth diving into if you’re just getting started with APIs, but feel free to read about idempotency here if you’re curious.
You’ll also see the same POST API sometimes used to both add new data and update existing data. Developers may decide to design the API this way to be more efficient as opposed to creating and managing two separate APIs in the business logic: one POST and the other PUT.
3/ Request Headers
Request headers convey additional information about the API request, such as the format in which the client expects the response (e.g., JSON or XML), authentication credentials, caching instructions, and more.
Here’s an example using Amazon:
Information in the request header can be used for a number of reasons including:
Authenticating the request: There are various authentication methods, such as API keys, OAuth tokens, and username/password combinations. For example, credentials for your bank account so the API is authorized to make changes to your account.
Caching instructions: Temporarily storing data in a cache for improved future performance/latency.
Logging: All systemskeep a log of events that occur in a computer system. Information stored in the headers (i.e. location of request origin, browser information, date & time of request, etc..) are logged in log files. The information in the log files can then be used for a variety of reasons: debugging, metrics, and telemetry.Accept-Language: en-USAuthorization: Bearer YourAccessTokenHere
4/ Request Body
When you need to send data to the server, you include it in the request body. The data is typically in a structured format like JSON or XML. This is common when creating new records or updating existing ones. The request body is akin to a letter with the information you want to submit.
For example: Amazon has an internal API that adds a new product into the database.
API Response
Once you send a API request, you’ll receive an API response. This response contains the data or information you requested, as well as metadata about the response itself. It consists of the following components:
Status Code
Response Headers
Response Body
1/ Status Code
This is a three-digit number that tells you the outcome of your request. Status codes are like short, standardized messages that quickly convey whether your request was successful, encountered an issue, or faced an error. All status codes are divided into 5 categories but you’ll only really encounter 4 of them:
2xx: Success — The API request was successful! e.g. 200 OK, 201 Created
3xx: Redirection — The API request has more than one response. e.g. 301 Moved Permanently, 302 Found
4xx: Client Error — Some information provided in the request was wrong or missing. e.g. 400 Bad Request, 401 Unauthorized
5xx: Server Error — Something went wrong on the server and the request wasn’t successful. e.g. 501 Internal Server Error, 502 Bad Gateway
Here are some examples of common status codes:
200 OK: Your request was successful, and you’ll find the data you wanted in the response.
201 Created: This code typically appears after a successful POST request, indicating that the resource you requested has been created.
400 Bad Request: If the API couldn’t understand your request, you might see this code.
401 Unauthorized: When you lack proper authorization or credentials to access the requested data, this code appears.
404 Not Found: This indicates that the endpoint or resource you’re looking for doesn’t exist.
500 Internal Server Error: If something goes wrong on the other island (the API’s server), you might see this code.
2/ Response Headers
Similar to request headers, response headers provide additional information about the response, such as the type of data you’re receiving (e.g., JSON or XML), the server’s version, and more.
Here’s an example also using Amazon:
3/ Response Body
This is where you’ll find the actual data or information you requested. Like the request body, the response body is often in JSON format for easy readability and parsing.
Using the same Amazon API example as the one in the request body, here’s what a successful response where the product was successfully added to the database might look like. Notice the API response returned a newly created product_id uniquely assigned to the added product.
Conclusion
We’ve covered the crucial parts of the API and you now have all the information you need to confidently discuss, dissect, interact with, and debug APIs.
In Part 3 of this API guide, we’re going to apply your new found knowledge into practical use. We’re going to look at a couple of real-life scenarios where you’ll need to apply your API knowledge as a product manager and you’ll learn how to debug errors based on API responses.