RESTful API Coding Standards

restapihttpbackend

Standards for designing and implementing consistent, secure RESTful APIs

Целевые файлы

Файл	Формат
.cursorrules	plaintext
CLAUDE.md	markdown

Содержимое

Use nouns for resource URLs (/users, /orders) and HTTP verbs for actions (GET, POST, PUT, DELETE). Return appropriate HTTP status codes: 200 OK, 201 Created, 204 No Content, 400 Bad Request, 404 Not Found. Version APIs in the URL path: /api/v1/resource; never make breaking changes without a new version. Use plural resource names consistently: /users not /user, /products not /product. Return JSON with Content-Type: application/json for all responses. Include pagination metadata (total, page, limit, links) for all list endpoints. Validate and sanitize all request inputs; return 400 with field-level error details on failure. Use query parameters for filtering, sorting, and searching: ?status=active&sort=createdAt. Use HTTPS only; reject plain HTTP connections at the infrastructure level. Include request IDs in responses (X-Request-Id header) for distributed tracing. Authenticate with Bearer tokens; never accept credentials as URL query parameters. Apply rate limiting per authenticated user and per IP; return 429 with Retry-After header. Use idempotency keys for POST requests that must not be processed twice. Document all endpoints with OpenAPI 3.x; keep the spec in sync with the implementation.

CLI

npx mindaxis apply rest-api-rules --target cursor --scope project