REST Best Practices (Deep Workflow)
REST is HTTP semantics used consistently: resources as nouns, methods with meaning, predictable errors, and cacheable reads where safe.
When to Offer This Workflow
Trigger conditions:
- - Designing public or partner HTTP APIs
- Inconsistent verbs (GET with side effects); wrong status codes
- CDN/caching surprises; client retry storms on POST
Initial offer:
Use six stages: (1) resource model, (2) methods & safety, (3) status & errors, (4) pagination & filtering, (5) caching & conditional requests, (6) versioning & evolution). Confirm JSON conventions and authentication model.
Stage 1: Resource Model
Goal: Clear collection vs item resources; relationships via sub-paths or hypermedia links (HATEOAS optional).
Exit condition: Table or diagram of resources, identifiers, and canonical URLs.
Stage 2: Methods & Safety
Goal: GET/HEAD safe and idempotent; POST for creation or non-idempotent actions; PUT replaces; PATCH partial; DELETE removes.
Anti-patterns
- - Non-idempotent GET; overloaded POST for everything without documented patterns
Stage 3: Status & Errors
Goal: Correct 4xx vs 5xx; consistent error body (e.g., RFC 7807 Problem Details) with stable type codes and optional instance for support.
Stage 4: Pagination & Filtering
Goal: Cursor pagination for large lists; document sort/filter query params; cap page sizes.
Stage 5: Caching & Conditional Requests
Goal: ETag/Last-Modified for cacheable GET; Cache-Control directives; validate with intermediaries (CDN) when used.
Stage 6: Versioning & Evolution
Goal: URL prefix or header versioning; deprecation policy; Idempotency-Key on POST when clients retry.
Final Review Checklist
- - [ ] Resource model clear and consistent
- [ ] HTTP methods match semantics; GET is safe
- [ ] Status codes and errors consistent
- [ ] Pagination and filtering documented
- [ ] Caching headers where appropriate
- [ ] Versioning and idempotency strategy
Tips for Effective Guidance
- - Not everything is CRUD—model commands as sub-resources or task resources explicitly.
- Pair with openapi-spec for contract-first workflows.
Handling Deviations
- - Internal APIs still benefit from the same discipline—future consumers are often external.
REST 最佳实践(深度工作流)
REST 是HTTP 语义的一致运用:资源作为名词,方法具有含义,可预测的错误,以及在安全情况下可缓存的读取。
何时提供此工作流
触发条件:
- - 设计公共或合作伙伴 HTTP API
- 动词不一致(GET 带有副作用);错误的状态码
- CDN/缓存意外;客户端在 POST 上的重试风暴
初始建议:
使用六个阶段:(1)资源模型,(2)方法与安全性,(3)状态与错误,(4)分页与过滤,(5)缓存与条件请求,(6)版本管理与演进)。确认 JSON 约定和认证模型。
阶段 1:资源模型
目标: 清晰的集合与单项资源;通过子路径或超媒体链接(HATEOAS 可选)建立关系。
退出条件: 资源、标识符和规范 URL 的表格或图表。
阶段 2:方法与安全性
目标: GET/HEAD 安全且幂等;POST 用于创建或非幂等操作;PUT 替换;PATCH 部分更新;DELETE 删除。
反模式
- - 非幂等的 GET;无文档模式的过度使用 POST 处理所有操作
阶段 3:状态与错误
目标: 正确的 4xx 与 5xx 区分;一致的错误主体(例如,RFC 7807 问题详情),包含稳定的 type 代码和可选的 instance 用于支持。
阶段 4:分页与过滤
目标: 针对大型列表使用游标分页;记录排序/过滤查询参数;限制页面大小。
阶段 5:缓存与条件请求
目标: 对可缓存的 GET 使用 ETag/Last-Modified;Cache-Control 指令;使用中间件(CDN)时进行验证。
阶段 6:版本管理与演进
目标: URL 前缀或头部版本管理;弃用策略;客户端重试时在 POST 上使用 Idempotency-Key。
最终审查清单
- - [ ] 资源模型清晰一致
- [ ] HTTP 方法匹配语义;GET 安全
- [ ] 状态码和错误一致
- [ ] 分页和过滤已文档化
- [ ] 适当使用缓存头部
- [ ] 版本管理和幂等性策略
有效指导技巧
- - 并非所有操作都是 CRUD——将命令明确建模为子资源或任务资源。
- 配合 openapi-spec 用于契约优先的工作流。
处理偏差
- - 内部 API 同样受益于相同的规范——未来的消费者往往是外部的。
