API Design Patterns
REST
Resource-oriented (GET /users/123). Stateless, cacheable, widely supported. Best for CRUD APIs, public APIs. Weakness: over-fetching, multiple round trips.
GraphQL
Client specifies exact fields needed in a single query. No over/under-fetching. Best for complex UIs with varied data needs. Weakness: caching complexity, N+1 queries on server.
gRPC
Binary protocol (Protocol Buffers) over HTTP/2. Strongly typed, streaming support, very fast. Best for internal service-to-service. Weakness: not browser-friendly, debugging harder.
WebSocket
Full-duplex persistent connection. Server can push to client. Best for real-time (chat, gaming, live data). Weakness: stateful, harder to scale, no built-in reconnection.
Server-Sent Events (SSE)
One-way server → client push over HTTP. Simpler than WebSocket, auto-reconnect, works with HTTP/2. Best for live feeds, notifications. No client-to-server streaming.
REST vs GraphQL
REST: simple, cacheable, one resource per endpoint. GraphQL: flexible queries, one endpoint, client-driven. REST for simple CRUD, GraphQL for complex/nested data.
Pagination Patterns
Offset-based: ?page=2&limit=20 (simple, inconsistent on inserts). Cursor-based: ?after=abc123 (stable, works with real-time). Keyset: WHERE id > X (fastest for large datasets).
Versioning Strategies
URL path: /v1/users (most common). Header: Accept: application/vnd.api.v1+json (cleaner). Query param: ?version=1 (easy, less RESTful).
Rate Limiting Headers
X-RateLimit-Limit (max requests), X-RateLimit-Remaining (left), X-RateLimit-Reset (epoch when limit resets), Retry-After (seconds to wait on 429).
Idempotency
Safe to retry without side effects. GET/PUT/DELETE are idempotent. POST is not. Use Idempotency-Key header for safe POST retries (Stripe pattern).