api

APIs are easier to operate when errors are structured and consistent. Wrap errors into a problem-details style response with a stable type and request_id so support can quickly trace issues.

Retries are inevitable: mobile clients, flaky networks, and load balancers will resend POST requests. Without idempotency you end up double-charging or double-creating records. I store an Idempotency-Key with a sha256 hash of the request body and the

When building a React SPA, I configure Rails in API-only mode to skip view rendering, asset pipeline, and session cookies. The --api flag generates a lean Rails app focused on JSON responses. I enable CORS to allow the React dev server on localhost:51

API versioning is critical for maintaining backward compatibility while evolving your endpoints. I use Rails namespace routing to organize versions cleanly within the app/controllers structure. Each version lives in its own module like Api::V1 or Api:

Laravel Sanctum provides lightweight API authentication for SPAs and mobile apps. For SPAs on the same domain, Sanctum uses Laravel's session cookies with CSRF protection. For mobile apps or third-party clients, it issues API tokens stored in a person

Auto-generated API documentation from code annotations keeps docs in sync with implementation and reduces maintenance burden. The rswag gem generates OpenAPI 3.0 specs from RSpec request specs, providing interactive documentation via Swagger UI. I wri

Nested routers create hierarchical URL structures for related resources. I use drf-nested-routers to define parent-child relationships in URLs like /posts/1/comments/. This makes APIs more RESTful and intuitive. I filter child resources by parent ID i

I like API routes that read like tiny, well-scoped controllers. In Next.js Route Handlers, I keep auth and input parsing right at the top, then return explicit status codes instead of throwing for expected failures. I also avoid leaking server-only de

GraphQL provides clients flexibility to request exactly the data they need, reducing over-fetching and under-fetching compared to REST. The graphql-ruby gem integrates GraphQL into Rails with a schema-first approach. I define types for each model, fie

Custom actions extend viewsets beyond CRUD operations. I use @action decorator with detail=True/False for object-level or collection-level actions. This creates endpoints like /posts/1/publish/ or /posts/recent/. I specify HTTP methods, permissions, a

Maintaining separate REST types and frontend client types can be a lot of overhead in TypeScript-heavy teams. With tRPC, the API types flow directly to the client, which reduces duplication and keeps refactors safe. Runtime validation still matters, s

Rails conventions support RESTful API development. I use resourceful routing for standard CRUD operations. Controllers inherit from ActionController::API for API-only apps. JSON serialization with Jbuilder or Active Model Serializers structures respon