APIs & Browser

Working with REST APIs

Consuming RESTful APIs with JavaScript

Find videos you like?

Save to resource drawer for future reference!

What is a REST API?

REST (Representational State Transfer) is an architectural style for building web APIs. A REST API uses HTTP methods (GET, POST, PUT, DELETE) to perform CRUD operations on resources, returning data usually in JSON format.

Simple Analogy

Think of REST API as a waiter in a restaurant: You (client) give an order (HTTP request), the waiter takes it to the kitchen (server), and brings back your food (JSON response).

REST API Fundamentals

Core concepts you need to understand

📋

Resources

Everything is a resource (users, posts, products)

/api/users/123

🔄

HTTP Methods

Actions performed on resources

GET - Retrieve

POST - Create

PUT - Update

DELETE - Remove

📊

Status Codes

Response status indicators

200 - Success

201 - Created

404 - Not Found

500 - Server Error

📦

JSON Format

Data exchange format

{
  "id": 1,
  "name": "John"
}

HTTP Methods & CRUD Operations

Mapping REST to database operations

HTTP Method	CRUD	Purpose	Example
`GET`	Read	Retrieve data	`GET /users`
`POST`	Create	Add new resource	`POST /users`
`PUT`	Update	Replace entire resource	`PUT /users/1`
`PATCH`	Update	Partial update	`PATCH /users/1`
`DELETE`	Delete	Remove resource	`DELETE /users/1`

Complete CRUD Example

Using Fetch API with a REST endpoint

1. GET - Fetch All Users

async function getUsers() {
  const response = await fetch('https://api.example.com/users');
  const users = await response.json();
  return users;
}

// Get single user
async function getUser(id) {
  const response = await fetch(`https://api.example.com/users/${id}`);
  return await response.json();
}

2. POST - Create New User

async function createUser(userData) {
  const response = await fetch('https://api.example.com/users', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(userData)
  });
  
  if (!response.ok) {
    throw new Error('Failed to create user');
  }
  
  return await response.json();
}

// Usage
const newUser = await createUser({
  name: 'John Doe',
  email: 'john@example.com'
});

3. PUT - Update User (Full Replace)

async function updateUser(id, userData) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'PUT',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(userData)
  });
  
  return await response.json();
}

// Usage - must include ALL fields
await updateUser(1, {
  name: 'Jane Doe',
  email: 'jane@example.com',
  age: 25
});

4. PATCH - Partial Update

async function patchUser(id, updates) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'PATCH',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(updates)
  });
  
  return await response.json();
}

// Usage - only update specific fields
await patchUser(1, { email: 'newemail@example.com' });

5. DELETE - Remove User

async function deleteUser(id) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'DELETE'
  });
  
  if (response.ok) {
    return { success: true };
  }
  
  throw new Error('Failed to delete user');
}

// Usage
await deleteUser(1);

Query Parameters & Filtering

Passing additional data in URLs

Query parameters allow you to filter, sort, paginate, and search data:

Common Query Parameters

// Pagination
GET /users?page=2&limit=10

// Filtering
GET /users?age=25&status=active

// Sorting
GET /users?sort=name&order=asc

// Searching
GET /users?search=john

// Multiple filters
GET /users?country=USA&role=admin&sort=createdAt

Building Query Strings in JavaScript

// Method 1: Manual string concatenation
const url = `https://api.example.com/users?page=${page}&limit=${limit}`;

// Method 2: URLSearchParams (Recommended)
const params = new URLSearchParams({
  page: 2,
  limit: 10,
  status: 'active'
});

const url = `https://api.example.com/users?${params.toString()}`;
// Result: https://api.example.com/users?page=2&limit=10&status=active

// Method 3: URL object
const url = new URL('https://api.example.com/users');
url.searchParams.set('page', '2');
url.searchParams.set('limit', '10');
fetch(url);

Authentication & Authorization

Securing API requests

Bearer Token (JWT)

const token = 'your-jwt-token';

fetch(url, {
  headers: {
    'Authorization': `Bearer ${token}`
  }
});

Most common for modern APIs

API Key

const apiKey = 'your-api-key';

fetch(url, {
  headers: {
    'X-API-Key': apiKey
  }
});

Simple authentication method

Reusable API Client with Auth

class APIClient {
  constructor(baseURL, token) {
    this.baseURL = baseURL;
    this.token = token;
  }
  
  async request(endpoint, options = {}) {
    const url = `${this.baseURL}${endpoint}`;
    const headers = {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${this.token}`,
      ...options.headers
    };
    
    const response = await fetch(url, { ...options, headers });
    
    if (!response.ok) {
      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
    }
    
    return await response.json();
  }
  
  get(endpoint) {
    return this.request(endpoint, { method: 'GET' });
  }
  
  post(endpoint, data) {
    return this.request(endpoint, {
      method: 'POST',
      body: JSON.stringify(data)
    });
  }
}

// Usage
const api = new APIClient('https://api.example.com', 'your-token');
const users = await api.get('/users');
const newUser = await api.post('/users', { name: 'John' });

Error Handling & Best Practices

Comprehensive Error Handling

async function apiRequest(url, options) {
  try {
    const response = await fetch(url, options);
    
    // Handle different status codes
    switch (response.status) {
      case 200:
      case 201:
        return await response.json();
      
      case 400:
        throw new Error('Bad Request - Check your data');
      
      case 401:
        throw new Error('Unauthorized - Login required');
      
      case 403:
        throw new Error('Forbidden - No permission');
      
      case 404:
        throw new Error('Not Found - Resource doesn\'t exist');
      
      case 500:
        throw new Error('Server Error - Try again later');
      
      default:
        throw new Error(`HTTP Error: ${response.status}`);
    }
  } catch (error) {
    console.error('API Error:', error.message);
    throw error;
  }
}

Common Mistakes to Avoid

1. Hardcoding API URLs - Use environment variables

2. Exposing API keys - Never commit keys to repositories

3. Not handling errors - Always use try-catch

4. Ignoring HTTP status codes - Check response.ok

5. No request timeouts - Use AbortController

REST API Best Practices

Do's

• Use proper HTTP methods
• Check response status codes
• Implement error handling
• Use async/await for clarity
• Cache responses when possible
• Implement request timeouts
• Use environment variables

Don'ts

• Don't hardcode API keys
• Don't ignore error responses
• Don't use GET for mutations
• Don't send sensitive data in URLs
• Don't skip authentication
• Don't make unnecessary requests
• Don't expose internal errors

Complete Example: Blog Post Manager

Complete CRUD operations with REST API

JavaScript Code

CRUD

// Complete blog post management system
class BlogAPI {
  constructor() {
    this.baseURL = 'https://api.example.com';
    this.token = localStorage.getItem('authToken');
  }
  
  // GET - Fetch all posts
  async getAllPosts() {
    const response = await fetch(
      `${this.baseURL}/posts`, 
      {
        headers: { 
          'Authorization': `Bearer ${this.token}` 
        }
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to fetch posts');
    }
    return await response.json();
  }
  
  // POST - Create new post
  async createPost(postData) {
    const response = await fetch(
      `${this.baseURL}/posts`, 
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'Authorization': `Bearer ${this.token}`
        },
        body: JSON.stringify(postData)
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to create post');
    }
    return await response.json();
  }
  
  // PUT - Update entire post
  async updatePost(id, postData) {
    const response = await fetch(
      `${this.baseURL}/posts/${id}`, 
      {
        method: 'PUT',
        headers: {
          'Content-Type': 'application/json',
          'Authorization': `Bearer ${this.token}`
        },
        body: JSON.stringify(postData)
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to update post');
    }
    return await response.json();
  }
  
  // DELETE - Remove post
  async deletePost(id) {
    const response = await fetch(
      `${this.baseURL}/posts/${id}`, 
      {
        method: 'DELETE',
        headers: { 
          'Authorization': `Bearer ${this.token}` 
        }
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to delete post');
    }
    return { success: true };
  }
}

// Usage example
const blog = new BlogAPI();

// Create post
const newPost = await blog.createPost({
  title: 'My First Post',
  content: 'This is amazing!',
  author: 'John Doe'
});

Expected Output

Success

POST /posts (Create)

{

"id": 1,

"title": "My First Post",

"content": "This is amazing!",

"author": "John Doe"

}

GET /posts (Read All)

[{ id: 1, title: "My First Post", ... }]

PUT /posts/1 (Update)

{ id: 1, title: "Updated Title", ... }

DELETE /posts/1 (Delete)

{ success: true }

What This Shows

✅ Complete CRUD operations

✅ Proper HTTP methods

✅ Authentication headers

✅ Error handling

Key Takeaways

HTTP Methods

GET, POST, PUT, PATCH, DELETE for CRUD

Status Codes

2xx success, 4xx client error, 5xx server error

Authentication

Bearer tokens or API keys in headers

Error Handling

Always check response.ok and handle errors

Previous Topic

AJAX & XMLHttpRequest

Making asynchronous requests to servers.

Next Topic

localStorage & sessionStorage

Client-side data storage with Web Storage API.

Ask a Question

Have a question about Working with REST APIs? Ask our AI assistant.

🔐 Login to use AI Assistant

JavaScript Code Editor

Write and experiment with JavaScript code.

Output

Click "Run Code" to see the output.

APIs & Browser

Working with REST APIs

Consuming RESTful APIs with JavaScript

Find videos you like?

Save to resource drawer for future reference!

What is a REST API?

Simple Analogy

Think of REST API as a waiter in a restaurant: You (client) give an order (HTTP request), the waiter takes it to the kitchen (server), and brings back your food (JSON response).

REST API Fundamentals

Core concepts you need to understand

📋

Resources

Everything is a resource (users, posts, products)

/api/users/123

🔄

HTTP Methods

Actions performed on resources

GET - Retrieve

POST - Create

PUT - Update

DELETE - Remove

📊

Status Codes

Response status indicators

200 - Success

201 - Created

404 - Not Found

500 - Server Error

📦

JSON Format

Data exchange format

{
  "id": 1,
  "name": "John"
}

HTTP Methods & CRUD Operations

Mapping REST to database operations

HTTP Method	CRUD	Purpose	Example
`GET`	Read	Retrieve data	`GET /users`
`POST`	Create	Add new resource	`POST /users`
`PUT`	Update	Replace entire resource	`PUT /users/1`
`PATCH`	Update	Partial update	`PATCH /users/1`
`DELETE`	Delete	Remove resource	`DELETE /users/1`

Complete CRUD Example

Using Fetch API with a REST endpoint

1. GET - Fetch All Users

async function getUsers() {
  const response = await fetch('https://api.example.com/users');
  const users = await response.json();
  return users;
}

// Get single user
async function getUser(id) {
  const response = await fetch(`https://api.example.com/users/${id}`);
  return await response.json();
}

2. POST - Create New User

async function createUser(userData) {
  const response = await fetch('https://api.example.com/users', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(userData)
  });
  
  if (!response.ok) {
    throw new Error('Failed to create user');
  }
  
  return await response.json();
}

// Usage
const newUser = await createUser({
  name: 'John Doe',
  email: 'john@example.com'
});

3. PUT - Update User (Full Replace)

async function updateUser(id, userData) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'PUT',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(userData)
  });
  
  return await response.json();
}

// Usage - must include ALL fields
await updateUser(1, {
  name: 'Jane Doe',
  email: 'jane@example.com',
  age: 25
});

4. PATCH - Partial Update

async function patchUser(id, updates) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'PATCH',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(updates)
  });
  
  return await response.json();
}

// Usage - only update specific fields
await patchUser(1, { email: 'newemail@example.com' });

5. DELETE - Remove User

async function deleteUser(id) {
  const response = await fetch(`https://api.example.com/users/${id}`, {
    method: 'DELETE'
  });
  
  if (response.ok) {
    return { success: true };
  }
  
  throw new Error('Failed to delete user');
}

// Usage
await deleteUser(1);

Query Parameters & Filtering

Passing additional data in URLs

Query parameters allow you to filter, sort, paginate, and search data:

Common Query Parameters

// Pagination
GET /users?page=2&limit=10

// Filtering
GET /users?age=25&status=active

// Sorting
GET /users?sort=name&order=asc

// Searching
GET /users?search=john

// Multiple filters
GET /users?country=USA&role=admin&sort=createdAt

Building Query Strings in JavaScript

// Method 1: Manual string concatenation
const url = `https://api.example.com/users?page=${page}&limit=${limit}`;

// Method 2: URLSearchParams (Recommended)
const params = new URLSearchParams({
  page: 2,
  limit: 10,
  status: 'active'
});

const url = `https://api.example.com/users?${params.toString()}`;
// Result: https://api.example.com/users?page=2&limit=10&status=active

// Method 3: URL object
const url = new URL('https://api.example.com/users');
url.searchParams.set('page', '2');
url.searchParams.set('limit', '10');
fetch(url);

Authentication & Authorization

Securing API requests

Bearer Token (JWT)

const token = 'your-jwt-token';

fetch(url, {
  headers: {
    'Authorization': `Bearer ${token}`
  }
});

Most common for modern APIs

API Key

const apiKey = 'your-api-key';

fetch(url, {
  headers: {
    'X-API-Key': apiKey
  }
});

Simple authentication method

Reusable API Client with Auth

class APIClient {
  constructor(baseURL, token) {
    this.baseURL = baseURL;
    this.token = token;
  }
  
  async request(endpoint, options = {}) {
    const url = `${this.baseURL}${endpoint}`;
    const headers = {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${this.token}`,
      ...options.headers
    };
    
    const response = await fetch(url, { ...options, headers });
    
    if (!response.ok) {
      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
    }
    
    return await response.json();
  }
  
  get(endpoint) {
    return this.request(endpoint, { method: 'GET' });
  }
  
  post(endpoint, data) {
    return this.request(endpoint, {
      method: 'POST',
      body: JSON.stringify(data)
    });
  }
}

// Usage
const api = new APIClient('https://api.example.com', 'your-token');
const users = await api.get('/users');
const newUser = await api.post('/users', { name: 'John' });

Error Handling & Best Practices

Comprehensive Error Handling

async function apiRequest(url, options) {
  try {
    const response = await fetch(url, options);
    
    // Handle different status codes
    switch (response.status) {
      case 200:
      case 201:
        return await response.json();
      
      case 400:
        throw new Error('Bad Request - Check your data');
      
      case 401:
        throw new Error('Unauthorized - Login required');
      
      case 403:
        throw new Error('Forbidden - No permission');
      
      case 404:
        throw new Error('Not Found - Resource doesn\'t exist');
      
      case 500:
        throw new Error('Server Error - Try again later');
      
      default:
        throw new Error(`HTTP Error: ${response.status}`);
    }
  } catch (error) {
    console.error('API Error:', error.message);
    throw error;
  }
}

Common Mistakes to Avoid

1. Hardcoding API URLs - Use environment variables

2. Exposing API keys - Never commit keys to repositories

3. Not handling errors - Always use try-catch

4. Ignoring HTTP status codes - Check response.ok

5. No request timeouts - Use AbortController

REST API Best Practices

Do's

• Use proper HTTP methods
• Check response status codes
• Implement error handling
• Use async/await for clarity
• Cache responses when possible
• Implement request timeouts
• Use environment variables

Don'ts

• Don't hardcode API keys
• Don't ignore error responses
• Don't use GET for mutations
• Don't send sensitive data in URLs
• Don't skip authentication
• Don't make unnecessary requests
• Don't expose internal errors

Complete Example: Blog Post Manager

Complete CRUD operations with REST API

JavaScript Code

CRUD

// Complete blog post management system
class BlogAPI {
  constructor() {
    this.baseURL = 'https://api.example.com';
    this.token = localStorage.getItem('authToken');
  }
  
  // GET - Fetch all posts
  async getAllPosts() {
    const response = await fetch(
      `${this.baseURL}/posts`, 
      {
        headers: { 
          'Authorization': `Bearer ${this.token}` 
        }
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to fetch posts');
    }
    return await response.json();
  }
  
  // POST - Create new post
  async createPost(postData) {
    const response = await fetch(
      `${this.baseURL}/posts`, 
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'Authorization': `Bearer ${this.token}`
        },
        body: JSON.stringify(postData)
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to create post');
    }
    return await response.json();
  }
  
  // PUT - Update entire post
  async updatePost(id, postData) {
    const response = await fetch(
      `${this.baseURL}/posts/${id}`, 
      {
        method: 'PUT',
        headers: {
          'Content-Type': 'application/json',
          'Authorization': `Bearer ${this.token}`
        },
        body: JSON.stringify(postData)
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to update post');
    }
    return await response.json();
  }
  
  // DELETE - Remove post
  async deletePost(id) {
    const response = await fetch(
      `${this.baseURL}/posts/${id}`, 
      {
        method: 'DELETE',
        headers: { 
          'Authorization': `Bearer ${this.token}` 
        }
      }
    );
    
    if (!response.ok) {
      throw new Error('Failed to delete post');
    }
    return { success: true };
  }
}

// Usage example
const blog = new BlogAPI();

// Create post
const newPost = await blog.createPost({
  title: 'My First Post',
  content: 'This is amazing!',
  author: 'John Doe'
});

Expected Output

Success

POST /posts (Create)

{

"id": 1,

"title": "My First Post",

"content": "This is amazing!",

"author": "John Doe"

}

GET /posts (Read All)

[{ id: 1, title: "My First Post", ... }]

PUT /posts/1 (Update)

{ id: 1, title: "Updated Title", ... }

DELETE /posts/1 (Delete)

{ success: true }

What This Shows

✅ Complete CRUD operations

✅ Proper HTTP methods

✅ Authentication headers

✅ Error handling

Key Takeaways

HTTP Methods

GET, POST, PUT, PATCH, DELETE for CRUD

Status Codes

2xx success, 4xx client error, 5xx server error

Authentication

Bearer tokens or API keys in headers

Error Handling

Always check response.ok and handle errors

Coder Pod - Learn Programming Online | AI Coding Tutor & Interview Practice

AJAX & XMLHttpRequest

localStorage & sessionStorage

JavaScript Code Editor

Building Your Learning Module...

Working with REST APIs

What is a REST API?

Simple Analogy

Resources

HTTP Methods

Status Codes

JSON Format

1. GET - Fetch All Users

2. POST - Create New User

3. PUT - Update User (Full Replace)

4. PATCH - Partial Update

5. DELETE - Remove User

Common Query Parameters

Building Query Strings in JavaScript

Bearer Token (JWT)

API Key

Reusable API Client with Auth

Comprehensive Error Handling

Common Mistakes to Avoid

Do's

Don'ts

JavaScript Code

Expected Output

What This Shows

Key Takeaways

HTTP Methods

Status Codes

Authentication

Error Handling

AJAX & XMLHttpRequest

localStorage & sessionStorage

JavaScript Code Editor

Working with REST APIs

What is a REST API?

Simple Analogy

Resources

HTTP Methods

Status Codes

JSON Format

1. GET - Fetch All Users

2. POST - Create New User

3. PUT - Update User (Full Replace)

4. PATCH - Partial Update

5. DELETE - Remove User

Common Query Parameters

Building Query Strings in JavaScript

Bearer Token (JWT)

API Key

Reusable API Client with Auth

Comprehensive Error Handling

Common Mistakes to Avoid

Do's

Don'ts

JavaScript Code

Expected Output

What This Shows

Key Takeaways

HTTP Methods

Status Codes

Authentication

Error Handling