REST API & JSON
REST Fundamentals(6)
REST Overview
A production-minded overview of REST: resources, constraints, and what matters in real APIs.
Resources & URIs
How to model resources and design clean, stable URIs.
HTTP Methods & Semantics
GET/POST/PUT/PATCH/DELETE semantics you can rely on.
Idempotency & Safety
Design requests so retries don't cause duplicate side effects.
Statelessness
Why stateless APIs scale better and how to apply it.
Content Negotiation
Use Accept and Content-Type correctly for robust clients.
HTTP & Status Codes(5)
HTTP Basics (Requests & Responses)
Understand HTTP request/response anatomy, headers, bodies, and the behaviors clients depend on.
HTTP Headers Guide
The headers you actually use: auth, caching, content, tracing.
HTTP Status Codes
Pick status codes that communicate intent, improve client behavior, and reduce edge-case bugs.
Caching (ETag, Cache-Control)
Speed up clients and cut load with correct caching.
CORS (Practical Guide)
Browser CORS explained with real scenarios and headers.
JSON Deep Dive(6)
JSON Syntax & Data Types
JSON basics with production pitfalls: numbers, strings, null, and how clients actually break.
JSON Parse & Stringify
Practical parsing rules, error handling, and serialization.
JSON Encoding Pitfalls
UTF-8, escaping, control chars, and broken payloads in the wild.
JSON Schema Validation
Validate payloads and generate reliable contracts.
JSON Patch vs Merge Patch
Partial updates without ambiguity: RFC6902 vs RFC7386 style.
Large JSON & Streaming
NDJSON, chunking, and strategies for big payloads.
API Authentication(7)
Authentication Overview
Identity, credentials, tokens, and threat basics.
API Keys
API keys are simple, common, and risky. Learn where they fit, how to store them, and how to rotate safely.
Basic Authentication
Still useful in controlled environments; do it safely.
Bearer Tokens
Bearer token patterns and common mistakes.
JWT (Practical Guide)
Claims, expiry, signature, and real security do's/don'ts.
OAuth 2.0 (Real Flows)
Auth Code + PKCE, client credentials, and what to avoid.
Refresh Tokens & Rotation
Reduce risk with rotation, reuse detection, and short-lived access.
API Testing (Postman, cURL, Fetch)(5)
cURL Cookbook
Copy-pasteable cURL examples for auth, JSON, files, and debugging.
Postman Workflows
Collections, environments, scripts, and sharing.
Fetch API (Browser)
Send requests, set headers, handle JSON, and manage errors.
Client Error Handling
Timeouts, retries, exponential backoff, and user-friendly failures.
Mocking & Environments
Mock servers, test data, and environment-based configs.
API Design Best Practices(9)
Naming & URL Design
Readable URLs, plural resources, and consistency rules.
Pagination
Offset vs cursor pagination, limits, and stable ordering.
Filtering & Sorting
Design flexible querying without turning URLs into chaos.
Partial Responses (fields)
Return only what clients need to reduce payload and coupling.
Error Format (Problem Details)
Consistent errors that clients can parse and act on.
Rate Limiting & Throttling
Protect your API with clear limits and retry hints.
Versioning
How to version APIs without breaking clients every month.
Observability (Request-Id, Logs)
Debug faster with correlation IDs, structured logs, and traces.
OpenAPI Documentation
Write specs once, generate docs, and keep contracts honest.