REST API Documentation Best Practices

Building a back-end API layer introduces a whole new layer of coordination between server and client code. While there are many aspects to this delicate dance of communication, one key ingredient to minimizing back-and-forth-confusion-about what-call-does-what, is consistently communicating about your API endpoints.

This is by no means rocket science, but over time I’ve created a template that I now tend to use and have been asked to share. Conveniently when the time comes to publish an API externally, this serves as an invaluable tool for creating public documentation. You can see the markdown template alongside an example in this gist.

Title The name of your API call
Example : Show All Users

  • Note: try to use verbs that match both request type (fetching vs modifying) and plurality (one vs multiple.)
  • Note: Also add additional info here such as a description, if need be.

URL The URL structure (path only, no root url)
/users or /users/:id or /users?id=:id

  1. For fixed urls: /users or /photos
  2. For urls with parameters in them: /users/:id or /photos/:photo_id or /users?id=:id

Method The request type
URL Params If URL params exist, specify them in accordance with name mentioned in URL section. Separate into optional and required.

example: id=12

example: photo_id=2345kj3
Data Params If making a post request, what should the body payload look like? This is a good time to document your various data constraints too.
  u : {
    email : [string],
    name : [string],
    current_password : [alphanumeric]
    password : [alphanumeric],
    password_confirmation : [alphanumeric]

  u : {
    email : "",
    name : "John",
    current_password : "apassw0rd"
    password : "anewpassw0rd",
    password_confirmation : "anewpassw0rd"
Success Response What should the status code be on success and is there any returned data? This is useful when people need to to know what their callbacks should expect!
Code: 200
Content: { id : 12 }
Error Response Most endpoints will have many ways they can fail. From unauthorized access, to wrongful parameters etc. All of those should be listed here. It might seem repetitive, but it helps prevent assumptions from being made where they shouldn’t be.
Content: { error : "Log in" }
Code: 422 Unprocessable Entry
Content: { error : "Email invalid" }
Sample Call Just a sample call to your endpoint in a runnable format ($.ajax call or a curl request) – this makes life easier and more predictable.
  url: "/users",
  dataType: "json",
  data : { 
    u: { 
      id : 12,
      email : "" 
  type : "PUT",
  success : function(r) {

Notes This is where all uncertainties, commentary, discussion etc. can go. I recommend timestamping and identifying oneself when leaving comments here.

Are there other aspects of your API endpoints that you tend to communicate? What additional information should be shared?


We moved off of Disqus for data privacy and consent concerns, and are currently searching for a new commenting tool.

  1. It’s an interesting choice to use alphanumeric as a data type in these specifications. All alphanumerics are implicitly strings, that have the preconditions of matching [A-Za-z0-9]. Would you use emailaddress as a type? What about other string subtypes that need validation?

    Not a criticism, it just seems like a conscious choice to extend your data types like this, and I wonder what the implications are.

    • Oh I completely agree with you. I think the purpose was more to demonstrate a way to specify it rather than a specific format. I much prefer regex myself =)

  2. This is great. I wish more APIs followed something similar to this.

    One thing that is always really, really helpful for API documentation is a clear and precise coverage of rate limits. Their stringency can affect one’s decision to use the API in the first place, so that discussion should happen up-front.

  3. Hi Irene,

    A somewhat late response, but how about versioning of your API? Wouldn’t you communicate the specific version when you offer multiple versions?


    Auke Schotanus

Contact Us

We'd love to hear from you. Get in touch!


P.O. Box 961436
Boston, MA 02196