Guides

A REST API is the most common way for one piece of software to talk to another over the web. REST stands for REpresentational State Transfer — a set of conventions for requesting and changing data using ordinary web (HTTP) methods. Every time an app fetches your profile or posts a comment, it is almost certainly calling a REST API behind the scenes.

How a REST API works

The core idea is simple: everything is a "resource" with its own URL, and you act on it with standard HTTP verbs. GET reads data, POST creates it, PUT or PATCH updates it, and DELETE removes it. Ask for GET /users/42 and you get user 42; send DELETE /users/42 and that user is gone.

The server answers with data, almost always as JSON — a lightweight, human-readable format. Each response also carries a status code, such as 200 OK, 404 Not Found, or 401 Unauthorized, that tells your app exactly what happened so it can react correctly.

Why developers use REST

REST is also "stateless": every request carries everything the server needs, and the server keeps no memory of earlier calls. That makes REST APIs easy to scale, because any server can handle any request — which is a big reason the style became the default across the web.

• Lets software talk to software over HTTP
• Resources have URLs; verbs are GET, POST, PUT, DELETE
• Responses are usually JSON with a status code
• Stateless — each request stands alone, so it scales
• Secured with tokens (API key or JWT) over HTTPS

For front-end developers, REST is everyday work. Your Vue, React, or plain-JavaScript app fetches data from REST endpoints (using fetch or a library like axios), renders it on the page, and sends changes back. The API is the contract between your interface and the data sitting behind it.

REST vs GraphQL

REST is not the only option. GraphQL lets the client ask for exactly the fields it wants in a single request, which can cut down on over-fetching. But REST's simplicity, easy caching, and sheer ubiquity keep it the most widely used API style by a wide margin.

Security and good design

Real APIs need access control. Most send a token — an API key or a JWT — in a request header, and run over HTTPS so the data cannot be read in transit. Well-run APIs also version their endpoints (/v1/, /v2/) so that changes do not suddenly break the apps already using them.

A well-designed REST API is predictable: clear resource URLs, the right HTTP verbs and status codes, consistent JSON, and helpful error messages. That predictability is what lets a front end and a back end be built by different people and still fit neatly together.

Where a REST API runs

Finally, a REST API has to run somewhere. Your front end can be static files served from a CDN, but the API itself needs a real, always-on server to handle requests and reach your database. In short: a REST API is the web's standard contract for moving data between programs — simple, stateless, JSON over HTTP — and a reliable server is what keeps it answering.