docs(deep-notes): add rest api note series 📕

NeaByteLab · NeaByteLab · commit a33e6b7884a1 · 2026-03-21T00:30:38.000+07:00
- Add REST API note files for fundamentals, HTTP semantics, payload validation, status errors, and URI design
- Add REST API series index file under DEEP-NOTES/Rest-API
- Update Deep Notes catalog table to include the REST API series link
diff --git a/DEEP-NOTES/README.md b/DEEP-NOTES/README.md
@@ -6,6 +6,7 @@ _Structured learning notes: one topic per file, frontmatter and structured body.
 
 | Series              | Description                                                                | Link                                   |
 | ------------------- | -------------------------------------------------------------------------- | -------------------------------------- |
+| **REST API**        | REST API foundations, HTTP semantics, URI design, status and validation.   | [Rest-API/](./Rest-API/)               |
 | **Time Complexity** | Big O: O(1) → O(n!). Definition, analogy, when it shows up, code examples. | [Time-Complexity/](./Time-Complexity/) |
 
 ---
diff --git a/DEEP-NOTES/Rest-API/README.md b/DEEP-NOTES/Rest-API/README.md
@@ -0,0 +1,13 @@
+# REST API Deep Notes
+
+_One file per REST API concept. Structured, practical, reusable._
+
+## Contents
+
+| File                                             | Topic              | One-line                                               |
+| ------------------------------------------------ | ------------------ | ------------------------------------------------------ |
+| [api-fundamentals.md](./api-fundamentals.md)     | API Fundamentals   | What REST API is, and what it is not                   |
+| [http-semantics.md](./http-semantics.md)         | HTTP Semantics     | Method meaning and idempotency basics                  |
+| [uri-design.md](./uri-design.md)                 | URI Design         | Resource naming rules for consistent endpoints         |
+| [status-errors.md](./status-errors.md)           | Status Errors      | Status code mapping and stable error contract          |
+| [payload-validation.md](./payload-validation.md) | Payload Validation | Request and response validation for safe API contracts |
diff --git a/DEEP-NOTES/Rest-API/api-fundamentals.md b/DEEP-NOTES/Rest-API/api-fundamentals.md
@@ -0,0 +1,94 @@
+---
+title: 'API Fundamentals'
+source: 'https://restfulapi.net/'
+description: 'Core REST API principles, constraints, and practical boundaries.'
+tags: ['rest-api', 'http', 'architecture']
+---
+
+# API Fundamentals
+
+## Overview
+
+REST API is not just JSON over HTTP. It is a design style for exposing resources through clear
+interfaces. Good REST design makes contracts predictable, easier to evolve, and easier to debug.
+
+The main goal is consistency. Teams move faster when naming, behavior, and response shape are
+stable across endpoints.
+
+### Quick Takeaways
+
+- Design resource-first, not action-first
+- Keep contracts stable across endpoints
+- Use HTTP semantics as interface guarantees
+
+## Definition
+
+REST is an architectural style where:
+
+- resources are identified by URIs
+- operations use standard HTTP methods
+- communication is stateless
+- responses are cache-aware when possible
+
+## The Analogy
+
+Think of REST API like a well-organized library:
+
+- URI is the shelf location
+- method is the action (read, add, update, remove)
+- status code is the librarian response
+- payload is the actual book content
+
+If every shelf uses different rules, nobody finds anything.
+
+## When You See It
+
+You are usually in REST territory when:
+
+- your backend exposes CRUD-like resources
+- multiple clients need the same contract
+- you need long-term maintainability and observability
+
+## Examples
+
+**Good:**
+
+- `GET /v1/prompts`
+- `POST /v1/prompts`
+- `PATCH /v1/prompts/{id}`
+
+**Bad:**
+
+- `POST /getPromptsList`
+- `POST /deletePromptById`
+- `POST /editPrompt`
+
+**Good snippet (uniform contract):**
+
+```http
+GET /v1/prompts
+POST /v1/prompts
+PATCH /v1/prompts/{id}
+DELETE /v1/prompts/{id}
+```
+
+**Bad snippet (action endpoints):**
+
+```http
+POST /v1/getPromptsList
+POST /v1/removePromptById
+POST /v1/updatePromptById
+```
+
+## Important Points
+
+- Resource-first design beats action-first URL naming
+- Stateless requests simplify scaling and retries
+- Uniform conventions reduce client complexity
+- REST is a style, not a strict spec
+
+## Summary
+
+- REST API is about predictable contracts, not trends.
+- Stable structure now prevents expensive rewrites later.
+- _Consistency is the real speed multiplier in API systems._
diff --git a/DEEP-NOTES/Rest-API/http-semantics.md b/DEEP-NOTES/Rest-API/http-semantics.md
@@ -0,0 +1,107 @@
+---
+title: 'HTTP Semantics'
+source: 'https://www.rfc-editor.org/rfc/rfc9110'
+description: 'How HTTP methods express intent, safety, and idempotency in REST APIs.'
+tags: ['rest-api', 'http-methods', 'semantics']
+---
+
+# HTTP Semantics
+
+## Overview
+
+HTTP methods are contracts. If method semantics are wrong, clients cannot trust your API behavior.
+Most production API bugs start from semantic mismatch, not syntax errors.
+
+This note focuses on method intent, safety, and idempotency.
+
+### Quick Takeaways
+
+- Method choice defines behavior expectations
+- Do not use `GET` for state changes
+- Idempotency is critical for retry-safe operations
+
+## Definition
+
+- **Safe methods:** do not change server state (`GET`, `HEAD`)
+- **Idempotent methods:** repeated call has same final state (`PUT`, `DELETE`)
+- **Non-idempotent methods:** repeated call may create different outcomes (`POST`)
+
+### Method Matrix
+
+- `GET`: safe yes, idempotent yes, common use is read resource
+- `POST`: safe no, idempotent no, common use is create action/session/resource
+- `PUT`: safe no, idempotent yes, common use is full replace intent
+- `PATCH`: safe no, usually non-idempotent, common use is partial update
+- `DELETE`: safe no, idempotent yes, common use is remove resource
+
+## The Analogy
+
+Pressing an elevator button:
+
+- `GET`: check current floor display
+- `POST`: call elevator for a new trip
+- `PUT`: set floor indicator to a specific value
+- `DELETE`: clear a scheduled stop
+
+Pressing once or five times should follow method semantics.
+
+## When You See It
+
+Common API design decisions:
+
+- create session or token -> `POST`
+- update one field -> `PATCH`
+- replace full resource -> `PUT`
+- remove resource -> `DELETE`
+
+## Examples
+
+**Good:**
+
+- `DELETE /v1/sessions/{id}` to revoke one session
+
+**Bad:**
+
+- `GET /v1/logout` that mutates session state
+
+**Good snippet (Express style):**
+
+```ts
+app.put('/v1/users/:id', async (req, res) => {
+  const user = await replaceUser(req.params.id, req.body)
+  return res.status(200).json(user)
+})
+
+app.patch('/v1/users/:id', async (req, res) => {
+  const user = await updateUserPartial(req.params.id, req.body)
+  return res.status(200).json(user)
+})
+```
+
+**Bad snippet (semantic mismatch):**
+
+```ts
+app.get('/v1/logout', async (_req, res) => {
+  await revokeSession()
+  return res.status(200).json({ ok: true })
+})
+```
+
+## Important Points
+
+- Use method semantics as interface guarantees
+- Do not hide mutations behind `GET`
+- Idempotency helps retries under network failure
+- `PATCH` is partial update, `PUT` is full replacement intent
+
+## Common Mistakes
+
+- Using `POST` for every endpoint because it feels easier
+- Treating `PATCH` as full replace and silently dropping omitted fields
+- Returning different behavior for the same method on similar resources
+
+## Summary
+
+- Method choice is behavior design, not naming preference.
+- Correct semantics reduce hidden production risk.
+- _If clients must guess behavior, semantics are already broken._
diff --git a/DEEP-NOTES/Rest-API/payload-validation.md b/DEEP-NOTES/Rest-API/payload-validation.md
@@ -0,0 +1,101 @@
+---
+title: 'Payload Validation'
+source: 'https://json-schema.org/understanding-json-schema/'
+description: 'Request and response validation patterns to protect API contracts and data quality.'
+tags: ['rest-api', 'validation', 'api-contract']
+---
+
+# Payload Validation
+
+## Overview
+
+Validation protects system boundaries. Without strict validation, bad payloads leak into storage,
+business logic, and downstream services.
+
+Validation should happen before business processing starts.
+
+### Quick Takeaways
+
+- Validate payloads at API boundaries
+- Use explicit schema-based checks
+- Return structured field-level validation errors
+
+## Definition
+
+Payload validation checks:
+
+- shape (required fields, types)
+- constraints (length, range, enum)
+- semantic consistency (cross-field logic)
+- request and response payload contracts
+
+## The Analogy
+
+Airport security screening:
+
+- identity check -> required fields
+- bag scan -> type and constraint checks
+- additional checks -> semantic rules
+
+Skipping one checkpoint increases risk downstream.
+
+## When You See It
+
+You need strong validation in:
+
+- create and update endpoints
+- webhook receivers
+- public APIs with untrusted clients
+- internal APIs with multiple teams
+
+## Examples
+
+**Good:**
+
+- Reject invalid payload with `422` and field-level errors
+
+**Bad:**
+
+- Accept everything, fail later in DB with generic `500`
+
+**Good snippet (schema first):**
+
+```ts
+const result = createPromptSchema.safeParse(req.body)
+if (!result.success) {
+  return res.status(422).json({
+    code: 'validation_failed',
+    details: result.error.issues
+  })
+}
+```
+
+**Bad snippet (late failure):**
+
+```ts
+try {
+  await db.prompts.insert(req.body)
+  return res.status(201).json({ ok: true })
+} catch {
+  return res.status(500).json({ message: 'Something went wrong' })
+}
+```
+
+## Important Points
+
+- Validate at API boundary, not deep in service chain
+- Use explicit schemas, not ad-hoc checks
+- Return structured errors for each invalid field
+- Validate responses for critical public endpoints
+
+## Status Code Boundary
+
+- Use `400` when request syntax is malformed
+- Use `422` when syntax is valid but business payload is invalid
+- Use `500` only for unexpected server-side failures
+
+## Summary
+
+- Validation preserves contract quality and operational stability.
+- Early rejection is cheaper than late failure.
+- _Strict boundaries keep systems flexible, not rigid._
diff --git a/DEEP-NOTES/Rest-API/status-errors.md b/DEEP-NOTES/Rest-API/status-errors.md
diff --git a/DEEP-NOTES/Rest-API/uri-design.md b/DEEP-NOTES/Rest-API/uri-design.md
