Resources, not actions
A REST API models resources: things that have identity (users, orders, products). Routes are named with plural nouns, and it is the HTTP method —not the URL— that indicates the action:
| Action | Method + route |
|---|---|
| List | GET /users |
| View one | GET /users/:id |
| Create | POST /users |
| Replace | PUT /users/:id |
| Partial update | PATCH /users/:id |
| Delete | DELETE /users/:id |
Avoid verbs in the route (/createUser, /deleteUser): the verb is already
in the method. For nested resources, reflect the hierarchy:
GET /users/:id/orders // a user's orders
GET /users/:id/orders/:oid // a specific order of that user
Appropriate status codes
The status code communicates the result of the operation:
- 200 OK — successful request with a body (list, view, update).
- 201 Created — a resource has been created (response to a
POST). - 204 No Content — success without a body (typical of a
DELETE). - 400 Bad Request — invalid or malformed input data.
- 404 Not Found — the requested resource does not exist.
res.status(201).json(newUser); // created
res.status(204).send(); // deleted, no body
res.status(404).json({ error: "Not found" });
Using the correct status is not cosmetic: clients (apps, caches, other services) make decisions based on it.