# RESTful API Principles - Complete Guide üöÄ

This notebook will take you from zero to confident in understanding and designing:
1. **REST Principles** - The foundation of modern web APIs
2. **HTTP Methods** - GET, POST, PUT, DELETE, PATCH, and more
3. **Status Codes** - Communicating success and errors
4. **URL Design** - Creating intuitive and consistent endpoints
5. **Request/Response Formats** - JSON, headers, and best practices
6. **FastAPI Integration** - How to build RESTful APIs with FastAPI

REST is the standard for building web APIs, and FastAPI makes it easy!

Let's start learning! üöÄ

## Part 1: What is REST?

### Simple Definition
**REST** (Representational State Transfer) is an architectural style for designing web services. It's a set of principles that make APIs predictable, scalable, and easy to use.

### Key Concepts
- ‚úÖ **Resource**: Any object, data, or service that can be accessed (users, products, orders)
- ‚úÖ **URI/URL**: Unique address for each resource (`/users/123`)
- ‚úÖ **HTTP Methods**: Actions you can perform (GET, POST, PUT, DELETE)
- ‚úÖ **Stateless**: Each request contains all information needed
- ‚úÖ **Representation**: Data format (usually JSON)

### Why REST?
- **Standard**: Works with HTTP (the web's foundation)
- **Simple**: Easy to understand and use
- **Scalable**: Stateless design allows horizontal scaling
- **Language-agnostic**: Any language can consume REST APIs
- **Cacheable**: Responses can be cached for performance

### Real-World Analogy üè™
Think of a library:
- **Resources**: Books (each has a unique ID)
- **Actions**: Check out (POST), Return (PUT), Browse (GET), Remove (DELETE)
- **Stateless**: Each visit is independent - you don't need to remember previous visits

## Part 2: REST Principles (The 6 Constraints)

REST has 6 key principles that make APIs RESTful:

### 1. Client-Server Architecture
```
‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê         HTTP         ‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê
‚îÇ Client  ‚îÇ ‚óÑ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñ∫ ‚îÇ Server ‚îÇ
‚îÇ (Browser‚îÇ   Requests/Responses ‚îÇ (API)  ‚îÇ
‚îÇ  /App)  ‚îÇ                      ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò
‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò
```
- Client and server are separate
- They communicate via HTTP
- Each can evolve independently

### 2. Stateless
- **Each request must contain all information needed**
- Server doesn't store client state between requests
- Session state is kept entirely on the client
- Makes APIs scalable and simple

### 3. Cacheable
- Responses must define if they're cacheable
- Improves performance and scalability
- Uses HTTP cache headers

### 4. Uniform Interface
- Consistent way to interact with resources
- Uses standard HTTP methods
- Resources identified by URIs
- Self-descriptive messages

### 5. Layered System
- Architecture can have multiple layers (proxies, gateways, load balancers)
- Client doesn't know if it's connected directly to server
- Improves scalability and security

### 6. Code on Demand (Optional)
- Server can send executable code to client
- Less common, but allows flexibility

## Part 3: HTTP Methods (Verbs)

HTTP methods define what action you want to perform on a resource.

### HTTP Methods Table

| Method | Purpose | Idempotent? | Safe? | Request Body? | Response Body? |
|--------|---------|-------------|-------|---------------|----------------|
| **GET** | Retrieve data | ‚úÖ Yes | ‚úÖ Yes | ‚ùå No | ‚úÖ Yes |
| **POST** | Create new resource | ‚ùå No | ‚ùå No | ‚úÖ Yes | ‚úÖ Yes |
| **PUT** | Update/replace entire resource | ‚úÖ Yes | ‚ùå No | ‚úÖ Yes | ‚úÖ Yes |
| **PATCH** | Partial update | ‚ùå No | ‚ùå No | ‚úÖ Yes | ‚úÖ Yes |
| **DELETE** | Remove resource | ‚úÖ Yes | ‚ùå No | ‚ùå No | ‚úÖ Optional |

### Key Terms:
- **Idempotent**: Same request multiple times = same result
- **Safe**: Doesn't modify server state

### Visual Guide:

```
GET    /users/123     ‚Üí  Retrieve user 123
POST   /users         ‚Üí  Create new user
PUT    /users/123     ‚Üí  Replace entire user 123
PATCH  /users/123     ‚Üí  Update part of user 123
DELETE /users/123     ‚Üí  Delete user 123
```

In [None]:
# Example: HTTP Methods in Action

# Simulated REST API client
class RESTClient:
    """Simple REST API client simulation"""
    
    def __init__(self, base_url: str):
        self.base_url = base_url
        self.data = {}  # Simulated database
    
    def get(self, path: str):
        """GET - Retrieve resource"""
        print(f"GET {self.base_url}{path}")
        if path in self.data:
            return {"status": 200, "data": self.data[path]}
        return {"status": 404, "error": "Not found"}
    
    def post(self, path: str, data: dict):
        """POST - Create new resource"""
        print(f"POST {self.base_url}{path}")
        import uuid
        resource_id = str(uuid.uuid4())[:8]
        self.data[f"{path}/{resource_id}"] = data
        return {"status": 201, "data": {**data, "id": resource_id}}
    
    def put(self, path: str, data: dict):
        """PUT - Replace entire resource"""
        print(f"PUT {self.base_url}{path}")
        if path in self.data:
            self.data[path] = data
            return {"status": 200, "data": data}
        return {"status": 404, "error": "Not found"}
    
    def delete(self, path: str):
        """DELETE - Remove resource"""
        print(f"DELETE {self.base_url}{path}")
        if path in self.data:
            del self.data[path]
            return {"status": 204, "message": "Deleted"}
        return {"status": 404, "error": "Not found"}

# Usage examples
api = RESTClient("https://api.example.com")

# GET - Retrieve
result = api.get("/users/123")
print(f"GET result: {result}\n")

# POST - Create
result = api.post("/users", {"name": "Alice", "email": "alice@example.com"})
print(f"POST result: {result}\n")

# PUT - Update
result = api.put("/users/123", {"name": "Alice Updated", "email": "alice@example.com"})
print(f"PUT result: {result}\n")

# DELETE - Remove
result = api.delete("/users/123")
print(f"DELETE result: {result}")

## Part 4: HTTP Status Codes

Status codes tell the client what happened with their request.

### Status Code Categories

| Code Range | Category | Meaning |
|------------|----------|---------|
| **1xx** | Informational | Request received, continuing process |
| **2xx** | Success | Request successfully received, understood, and accepted |
| **3xx** | Redirection | Further action needed to complete request |
| **4xx** | Client Error | Request has bad syntax or cannot be fulfilled |
| **5xx** | Server Error | Server failed to fulfill valid request |

### Common Status Codes

| Code | Name | When to Use | Example |
|------|------|-------------|---------|
| **200** | OK | Successful GET, PUT, PATCH | User retrieved successfully |
| **201** | Created | Successful POST (new resource) | User created successfully |
| **204** | No Content | Successful DELETE, or PUT with no response body | User deleted successfully |
| **400** | Bad Request | Invalid request syntax/parameters | Missing required field |
| **401** | Unauthorized | Authentication required | No auth token provided |
| **403** | Forbidden | Authenticated but not authorized | User can't access this resource |
| **404** | Not Found | Resource doesn't exist | User ID 999 doesn't exist |
| **409** | Conflict | Resource conflict (e.g., duplicate) | Email already exists |
| **422** | Unprocessable Entity | Valid syntax but semantic errors | Invalid email format |
| **500** | Internal Server Error | Server error | Database connection failed |
| **503** | Service Unavailable | Server temporarily unavailable | Server maintenance |

### Status Code Decision Tree

```
Request received
    ‚îÇ
    ‚îú‚îÄ Success? ‚îÄ‚îÄ‚Üí 2xx (200, 201, 204)
    ‚îÇ
    ‚îú‚îÄ Client Error? ‚îÄ‚îÄ‚Üí 4xx
    ‚îÇ   ‚îú‚îÄ Not found? ‚Üí 404
    ‚îÇ   ‚îú‚îÄ Bad request? ‚Üí 400
    ‚îÇ   ‚îú‚îÄ Unauthorized? ‚Üí 401
    ‚îÇ   ‚îî‚îÄ Conflict? ‚Üí 409
    ‚îÇ
    ‚îî‚îÄ Server Error? ‚îÄ‚îÄ‚Üí 5xx (500, 503)
```

In [None]:
# Example: Status Codes in Practice

def handle_get_user(user_id: int):
    """Example of proper status code usage"""
    users = {1: {"id": 1, "name": "Alice"}, 2: {"id": 2, "name": "Bob"}}
    
    if user_id in users:
        return {
            "status_code": 200,  # OK - resource found
            "data": users[user_id]
        }
    else:
        return {
            "status_code": 404,  # Not Found - resource doesn't exist
            "error": {"message": f"User {user_id} not found"}
        }

def handle_create_user(user_data: dict):
    """Example of creating a resource"""
    # Validate required fields
    if "name" not in user_data or "email" not in user_data:
        return {
            "status_code": 400,  # Bad Request - missing fields
            "error": {"message": "Missing required fields: name, email"}
        }
    
    # Check for duplicate email
    existing_emails = ["alice@example.com", "bob@example.com"]
    if user_data["email"] in existing_emails:
        return {
            "status_code": 409,  # Conflict - duplicate resource
            "error": {"message": "Email already exists"}
        }
    
    # Create user
    new_user = {**user_data, "id": 3}
    return {
        "status_code": 201,  # Created - new resource created
        "data": new_user
    }

# Examples
print("GET existing user:")
print(handle_get_user(1))
print("\nGET non-existent user:")
print(handle_get_user(999))
print("\nCREATE valid user:")
print(handle_create_user({"name": "Charlie", "email": "charlie@example.com"}))
print("\nCREATE user with duplicate email:")
print(handle_create_user({"name": "Duplicate", "email": "alice@example.com"}))

## Part 5: URL Design Best Practices

Good URL design makes your API intuitive and easy to use.

### URL Structure Pattern

```
https://api.example.com/v1/users/123/posts/456
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îÇ   ‚îÇ    ‚îÇ   ‚îÇ    ‚îÇ
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îÇ   ‚îÇ    ‚îÇ   ‚îÇ    ‚îî‚îÄ Resource ID (post 456)
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îÇ   ‚îÇ    ‚îÇ   ‚îî‚îÄ Resource type (posts)
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îÇ   ‚îÇ    ‚îî‚îÄ Resource ID (user 123)
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îÇ   ‚îî‚îÄ Resource type (users)
‚îÇ    ‚îÇ   ‚îÇ         ‚îÇ   ‚îî‚îÄ API version
‚îÇ    ‚îÇ   ‚îÇ         ‚îî‚îÄ Domain
‚îÇ    ‚îÇ   ‚îî‚îÄ Subdomain
‚îÇ    ‚îî‚îÄ Protocol
‚îî‚îÄ Scheme
```

### URL Design Rules

| Rule | Good ‚úÖ | Bad ‚ùå |
|------|---------|--------|
| **Use nouns, not verbs** | `/users` | `/getUsers` |
| **Use plural nouns** | `/users`, `/products` | `/user`, `/product` |
| **Use lowercase** | `/users/123` | `/Users/123` |
| **Use hyphens, not underscores** | `/user-profiles` | `/user_profiles` |
| **Keep it simple** | `/users/123` | `/api/v1/users/123/details` |
| **Use hierarchical structure** | `/users/123/posts` | `/user-posts/123` |
| **Avoid file extensions** | `/users/123` | `/users/123.json` |

### Common URL Patterns

```
# Collection resources
GET    /users              ‚Üí List all users
POST   /users              ‚Üí Create new user

# Individual resources
GET    /users/123          ‚Üí Get user 123
PUT    /users/123          ‚Üí Update user 123
DELETE /users/123          ‚Üí Delete user 123

# Nested resources
GET    /users/123/posts    ‚Üí Get posts by user 123
POST   /users/123/posts    ‚Üí Create post for user 123
GET    /users/123/posts/456 ‚Üí Get post 456 by user 123

# Filtering and pagination
GET    /users?status=active&page=1&limit=10
GET    /users?sort=name&order=asc

# Actions (when needed)
POST   /users/123/activate
POST   /orders/456/cancel
```

In [None]:
# Example: URL Design Patterns

# Good URL design examples
good_urls = [
    "GET    /users                    # List all users",
    "POST   /users                    # Create new user",
    "GET    /users/123                # Get specific user",
    "PUT    /users/123                # Update user",
    "DELETE /users/123                # Delete user",
    "GET    /users/123/posts          # Get user's posts",
    "POST   /users/123/posts          # Create post for user",
    "GET    /users/123/posts/456      # Get specific post",
    "GET    /users?status=active      # Filter users",
    "GET    /users?page=1&limit=10    # Pagination",
]

# Bad URL design examples
bad_urls = [
    "GET    /getUsers                 # ‚ùå Verb in URL",
    "GET    /user/123                 # ‚ùå Singular noun",
    "GET    /Users/123                # ‚ùå Capital letters",
    "GET    /user_posts/123           # ‚ùå Underscore",
    "GET    /users/123.json           # ‚ùå File extension",
    "POST   /users/123/update         # ‚ùå Verb in URL",
    "GET    /api/v1/users/123/details # ‚ùå Too nested",
]

print("‚úÖ Good URL Design:")
for url in good_urls:
    print(f"  {url}")

print("\n‚ùå Bad URL Design:")
for url in bad_urls:
    print(f"  {url}")

# URL hierarchy visualization
print("\nüìä URL Hierarchy:")
print("""
/users                    (Collection)
  ‚îú‚îÄ /users/123          (Resource)
  ‚îÇ   ‚îú‚îÄ /users/123/posts (Nested Collection)
  ‚îÇ   ‚îÇ   ‚îî‚îÄ /users/123/posts/456 (Nested Resource)
  ‚îÇ   ‚îî‚îÄ /users/123/settings (Nested Resource)
  ‚îî‚îÄ /users?page=1       (Collection with query)
""")

## Part 6: Request and Response Formats

### Request Structure

```
POST /users HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer token123

{
  "name": "Alice",
  "email": "alice@example.com"
}
```

### Response Structure

```
HTTP/1.1 201 Created
Content-Type: application/json
Location: /users/123

{
  "id": 123,
  "name": "Alice",
  "email": "alice@example.com",
  "created_at": "2024-01-15T10:30:00Z"
}
```

### Common Headers

| Header | Purpose | Example |
|--------|---------|---------|
| **Content-Type** | Request/response format | `application/json` |
| **Accept** | What format client wants | `application/json` |
| **Authorization** | Authentication token | `Bearer token123` |
| **Location** | URL of created resource | `/users/123` |
| **ETag** | Resource version for caching | `"abc123"` |
| **Cache-Control** | Caching instructions | `max-age=3600` |

In [None]:
# Example: Request/Response Formats

# Simulated HTTP request/response
class HTTPRequest:
    """Simulated HTTP request"""
    def __init__(self, method: str, path: str, headers: dict = None, body: dict = None):
        self.method = method
        self.path = path
        self.headers = headers or {}
        self.body = body or {}

class HTTPResponse:
    """Simulated HTTP response"""
    def __init__(self, status_code: int, headers: dict = None, body: dict = None):
        self.status_code = status_code
        self.headers = headers or {}
        self.body = body or {}
    
    def __repr__(self):
        return f"HTTP {self.status_code}\nHeaders: {self.headers}\nBody: {self.body}"

# Example: Creating a user
request = HTTPRequest(
    method="POST",
    path="/users",
    headers={
        "Content-Type": "application/json",
        "Authorization": "Bearer token123"
    },
    body={
        "name": "Alice",
        "email": "alice@example.com"
    }
)

print("üì§ REQUEST:")
print(f"Method: {request.method}")
print(f"Path: {request.path}")
print(f"Headers: {request.headers}")
print(f"Body: {request.body}")

# Simulated response
response = HTTPResponse(
    status_code=201,
    headers={
        "Content-Type": "application/json",
        "Location": "/users/123"
    },
    body={
        "id": 123,
        "name": "Alice",
        "email": "alice@example.com",
        "created_at": "2024-01-15T10:30:00Z"
    }
)

print("\nüì• RESPONSE:")
print(response)

## Part 7: RESTful API Design Patterns

### Pattern 1: Collection and Item Resources

```
Collection:  /users          (plural noun)
Item:        /users/123      (collection + ID)
```

### Pattern 2: Nested Resources

```
/users/123/posts          ‚Üí Posts belonging to user 123
/users/123/posts/456      ‚Üí Specific post 456 by user 123
```

### Pattern 3: Query Parameters for Filtering

```
GET /users?status=active&role=admin
GET /users?page=1&limit=10&sort=name
GET /products?category=electronics&min_price=100
```

### Pattern 4: Standard Response Format

```json
{
  "data": { ... },           // The actual resource(s)
  "meta": {                  // Metadata (pagination, etc.)
    "page": 1,
    "limit": 10,
    "total": 100
  },
  "links": {                 // Related resources
    "self": "/users?page=1",
    "next": "/users?page=2"
  }
}
```

### Pattern 5: Error Response Format

```json
{
  "error": {
    "code": "USER_NOT_FOUND",
    "message": "User with ID 123 does not exist",
    "details": {
      "user_id": 123
    }
  }
}
```

In [None]:
# Example: Standard Response Formats

# Success response with data
def success_response(data, meta=None, links=None):
    """Standard success response format"""
    response = {"data": data}
    if meta:
        response["meta"] = meta
    if links:
        response["links"] = links
    return response

# Error response
def error_response(code: str, message: str, details=None):
    """Standard error response format"""
    response = {
        "error": {
            "code": code,
            "message": message
        }
    }
    if details:
        response["error"]["details"] = details
    return response

# Examples
print("‚úÖ Success Response (Single Resource):")
print(success_response({
    "id": 123,
    "name": "Alice",
    "email": "alice@example.com"
}))

print("\n‚úÖ Success Response (Collection with Pagination):")
print(success_response(
    data=[
        {"id": 1, "name": "Alice"},
        {"id": 2, "name": "Bob"}
    ],
    meta={
        "page": 1,
        "limit": 10,
        "total": 100
    },
    links={
        "self": "/users?page=1",
        "next": "/users?page=2",
        "prev": None
    }
))

print("\n‚ùå Error Response:")
print(error_response(
    code="USER_NOT_FOUND",
    message="User with ID 999 does not exist",
    details={"user_id": 999}
))

## Part 8: CRUD Operations Mapping

CRUD (Create, Read, Update, Delete) maps to HTTP methods:

### CRUD to HTTP Mapping

| CRUD Operation | HTTP Method | URL Pattern | Status Code |
|----------------|-------------|------------|-------------|
| **Create** | POST | `/resources` | 201 Created |
| **Read (one)** | GET | `/resources/{id}` | 200 OK |
| **Read (many)** | GET | `/resources` | 200 OK |
| **Update (full)** | PUT | `/resources/{id}` | 200 OK |
| **Update (partial)** | PATCH | `/resources/{id}` | 200 OK |
| **Delete** | DELETE | `/resources/{id}` | 204 No Content |

### Visual CRUD Flow

```
‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê
‚îÇ           REST API Endpoints            ‚îÇ
‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò
                    ‚îÇ
        ‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê
        ‚îÇ           ‚îÇ           ‚îÇ
    ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îê   ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îê   ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îê
    ‚îÇ POST  ‚îÇ   ‚îÇ  GET  ‚îÇ   ‚îÇ  PUT  ‚îÇ
    ‚îÇCreate ‚îÇ   ‚îÇ Read  ‚îÇ   ‚îÇUpdate ‚îÇ
    ‚îî‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îò   ‚îî‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îò   ‚îî‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îò
        ‚îÇ           ‚îÇ           ‚îÇ
    ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îê
    ‚îÇ      DELETE (Remove)          ‚îÇ
    ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò
```

In [None]:
# Example: Complete CRUD Operations

class UserAPI:
    """Simulated User REST API"""
    
    def __init__(self):
        self.users = {}
        self.next_id = 1
    
    # CREATE
    def create_user(self, user_data: dict):
        """POST /users - Create new user"""
        user_id = self.next_id
        self.next_id += 1
        user = {**user_data, "id": user_id}
        self.users[user_id] = user
        return {
            "status": 201,
            "headers": {"Location": f"/users/{user_id}"},
            "body": user
        }
    
    # READ (one)
    def get_user(self, user_id: int):
        """GET /users/{id} - Get specific user"""
        if user_id in self.users:
            return {"status": 200, "body": self.users[user_id]}
        return {"status": 404, "body": {"error": "User not found"}}
    
    # READ (many)
    def list_users(self):
        """GET /users - List all users"""
        return {"status": 200, "body": list(self.users.values())}
    
    # UPDATE (full)
    def update_user(self, user_id: int, user_data: dict):
        """PUT /users/{id} - Replace entire user"""
        if user_id in self.users:
            self.users[user_id] = {**user_data, "id": user_id}
            return {"status": 200, "body": self.users[user_id]}
        return {"status": 404, "body": {"error": "User not found"}}
    
    # UPDATE (partial)
    def patch_user(self, user_id: int, updates: dict):
        """PATCH /users/{id} - Partial update"""
        if user_id in self.users:
            self.users[user_id].update(updates)
            return {"status": 200, "body": self.users[user_id]}
        return {"status": 404, "body": {"error": "User not found"}}
    
    # DELETE
    def delete_user(self, user_id: int):
        """DELETE /users/{id} - Delete user"""
        if user_id in self.users:
            del self.users[user_id]
            return {"status": 204, "body": None}
        return {"status": 404, "body": {"error": "User not found"}}

# Usage
api = UserAPI()

print("1. CREATE (POST):")
result = api.create_user({"name": "Alice", "email": "alice@example.com"})
print(f"   Status: {result['status']}, Body: {result['body']}\n")

print("2. READ ONE (GET):")
result = api.get_user(1)
print(f"   Status: {result['status']}, Body: {result['body']}\n")

print("3. READ MANY (GET):")
result = api.list_users()
print(f"   Status: {result['status']}, Count: {len(result['body'])}\n")

print("4. UPDATE FULL (PUT):")
result = api.update_user(1, {"name": "Alice Updated", "email": "alice.new@example.com"})
print(f"   Status: {result['status']}, Body: {result['body']}\n")

print("5. UPDATE PARTIAL (PATCH):")
result = api.patch_user(1, {"name": "Alice Patched"})
print(f"   Status: {result['status']}, Body: {result['body']}\n")

print("6. DELETE (DELETE):")
result = api.delete_user(1)
print(f"   Status: {result['status']}")

In [None]:
# Example: Filtering, Sorting, and Pagination

class AdvancedUserAPI:
    """User API with filtering, sorting, and pagination"""
    
    def __init__(self):
        self.users = [
            {"id": 1, "name": "Alice", "email": "alice@example.com", "status": "active", "role": "admin"},
            {"id": 2, "name": "Bob", "email": "bob@example.com", "status": "active", "role": "user"},
            {"id": 3, "name": "Charlie", "email": "charlie@example.com", "status": "inactive", "role": "user"},
            {"id": 4, "name": "David", "email": "david@example.com", "status": "active", "role": "admin"},
        ]
    
    def list_users(self, filters=None, sort=None, page=1, limit=10):
        """GET /users with filtering, sorting, pagination"""
        result = self.users.copy()
        
        # Apply filters
        if filters:
            for key, value in filters.items():
                result = [u for u in result if u.get(key) == value]
        
        # Apply sorting
        if sort:
            field, order = sort
            result.sort(key=lambda x: x.get(field, ""), reverse=(order == "desc"))
        
        # Apply pagination
        total = len(result)
        start = (page - 1) * limit
        end = start + limit
        paginated = result[start:end]
        
        return {
            "data": paginated,
            "meta": {
                "page": page,
                "limit": limit,
                "total": total,
                "total_pages": (total + limit - 1) // limit
            }
        }

api = AdvancedUserAPI()

print("1. Filter by status:")
result = api.list_users(filters={"status": "active"})
print(f"   Found {result['meta']['total']} active users\n")

print("2. Sort by name:")
result = api.list_users(sort=("name", "asc"))
print(f"   First user: {result['data'][0]['name']}\n")

print("3. Pagination:")
result = api.list_users(page=1, limit=2)
print(f"   Page {result['meta']['page']} of {result['meta']['total_pages']}")
print(f"   Showing {len(result['data'])} of {result['meta']['total']} users\n")

print("4. Combined (filter + sort + pagination):")
result = api.list_users(
    filters={"role": "admin"},
    sort=("name", "asc"),
    page=1,
    limit=10
)
print(f"   Found {result['meta']['total']} admins")
print(f"   Users: {[u['name'] for u in result['data']]}")

## Part 10: RESTful API in FastAPI

FastAPI makes it easy to build RESTful APIs! Let's see how it maps to REST principles.

In [None]:
# FastAPI Example 1: Basic REST Endpoints

# Simulated FastAPI structure
from typing import Dict, List, Any, Optional
from enum import Enum

class FastAPIApp:
    """Simplified FastAPI-like structure"""
    routes = []
    
    def get(self, path: str):
        def decorator(func):
            self.routes.append(("GET", path, func))
            return func
        return decorator
    
    def post(self, path: str):
        def decorator(func):
            self.routes.append(("POST", path, func))
            return func
        return decorator
    
    def put(self, path: str):
        def decorator(func):
            self.routes.append(("PUT", path, func))
            return func
        return decorator
    
    def delete(self, path: str):
        def decorator(func):
            self.routes.append(("DELETE", path, func))
            return func
        return decorator

app = FastAPIApp()

# In-memory database simulation
users_db = {}
next_user_id = 1

# GET /users - List all users (Read many)
@app.get("/users")
def list_users() -> Dict[str, List[Dict]]:
    """List all users"""
    return {"data": list(users_db.values())}

# GET /users/{user_id} - Get specific user (Read one)
@app.get("/users/{user_id}")
def get_user(user_id: int) -> Dict[str, Any]:
    """Get user by ID"""
    if user_id in users_db:
        return {"data": users_db[user_id]}
    return {"error": "User not found"}, 404

# POST /users - Create user (Create)
@app.post("/users")
def create_user(user_data: Dict[str, str]) -> Dict[str, Any]:
    """Create new user"""
    global next_user_id
    user = {**user_data, "id": next_user_id}
    users_db[next_user_id] = user
    next_user_id += 1
    return {"data": user}, 201

# PUT /users/{user_id} - Update user (Update full)
@app.put("/users/{user_id}")
def update_user(user_id: int, user_data: Dict[str, str]) -> Dict[str, Any]:
    """Update entire user"""
    if user_id in users_db:
        users_db[user_id] = {**user_data, "id": user_id}
        return {"data": users_db[user_id]}
    return {"error": "User not found"}, 404

# DELETE /users/{user_id} - Delete user (Delete)
@app.delete("/users/{user_id}")
def delete_user(user_id: int) -> Dict[str, str]:
    """Delete user"""
    if user_id in users_db:
        del users_db[user_id]
        return {"message": "User deleted"}, 204
    return {"error": "User not found"}, 404

print("‚úÖ FastAPI REST Endpoints Registered:")
for method, path, func in app.routes:
    print(f"   {method:6} {path:20} ‚Üí {func.__name__}")

In [None]:
# FastAPI Example 2: Query Parameters for Filtering

@app.get("/users")
def list_users_filtered(
    status: Optional[str] = None,
    role: Optional[str] = None,
    page: int = 1,
    limit: int = 10
) -> Dict[str, Any]:
    """
    List users with filtering and pagination
    GET /users?status=active&role=admin&page=1&limit=10
    """
    all_users = list(users_db.values())
    
    # Filter
    filtered = all_users
    if status:
        filtered = [u for u in filtered if u.get("status") == status]
    if role:
        filtered = [u for u in filtered if u.get("role") == role]
    
    # Paginate
    total = len(filtered)
    start = (page - 1) * limit
    end = start + limit
    paginated = filtered[start:end]
    
    return {
        "data": paginated,
        "meta": {
            "page": page,
            "limit": limit,
            "total": total,
            "total_pages": (total + limit - 1) // limit
        }
    }

print("‚úÖ Filtering endpoint registered!")
print("   Example: GET /users?status=active&page=1&limit=10")

In [None]:
# FastAPI Example 3: Nested Resources

posts_db = {}
next_post_id = 1

# Nested resource: GET /users/{user_id}/posts
@app.get("/users/{user_id}/posts")
def get_user_posts(user_id: int) -> Dict[str, Any]:
    """
    Get all posts by a specific user
    Nested resource pattern
    """
    user_posts = [p for p in posts_db.values() if p.get("user_id") == user_id]
    return {"data": user_posts}

# Nested resource: POST /users/{user_id}/posts
@app.post("/users/{user_id}/posts")
def create_user_post(user_id: int, post_data: Dict[str, str]) -> Dict[str, Any]:
    """
    Create a post for a specific user
    """
    global next_post_id
    if user_id not in users_db:
        return {"error": "User not found"}, 404
    
    post = {**post_data, "id": next_post_id, "user_id": user_id}
    posts_db[next_post_id] = post
    next_post_id += 1
    return {"data": post}, 201

print("‚úÖ Nested resources registered!")
print("   GET  /users/{user_id}/posts")
print("   POST /users/{user_id}/posts")

## Part 11: HTTP Methods Deep Dive

### GET - Retrieve Resources

**Characteristics:**
- ‚úÖ Safe (doesn't modify data)
- ‚úÖ Idempotent (same request = same result)
- ‚úÖ Can be cached
- ‚ùå No request body

**Use Cases:**
- Retrieve single resource: `GET /users/123`
- List resources: `GET /users`
- Search: `GET /users?q=alice`

### POST - Create Resources

**Characteristics:**
- ‚ùå Not safe (modifies data)
- ‚ùå Not idempotent (multiple calls create multiple resources)
- ‚ùå Usually not cacheable
- ‚úÖ Has request body

**Use Cases:**
- Create new resource: `POST /users`
- Perform actions: `POST /users/123/activate`
- Search with complex criteria: `POST /users/search`

### PUT - Replace Entire Resource

**Characteristics:**
- ‚ùå Not safe
- ‚úÖ Idempotent (same request = same result)
- ‚ùå Usually not cacheable
- ‚úÖ Has request body

**Use Cases:**
- Replace entire resource: `PUT /users/123`
- Create if not exists (upsert): `PUT /users/123`

### PATCH - Partial Update

**Characteristics:**
- ‚ùå Not safe
- ‚ùå Not idempotent (depends on current state)
- ‚ùå Usually not cacheable
- ‚úÖ Has request body

**Use Cases:**
- Update specific fields: `PATCH /users/123` with `{"name": "New Name"}`
- Increment values: `PATCH /products/123` with `{"stock": {"increment": 5}}`

### DELETE - Remove Resources

**Characteristics:**
- ‚ùå Not safe
- ‚úÖ Idempotent (deleting twice = same result)
- ‚ùå Usually not cacheable
- ‚ùå No request body (usually)

**Use Cases:**
- Delete resource: `DELETE /users/123`
- Delete collection: `DELETE /users` (rare, dangerous)

In [None]:
# Example: HTTP Methods Comparison

# Simulated resource
resource = {"id": 1, "name": "Alice", "email": "alice@example.com", "age": 25}

print("üìä HTTP Methods Comparison:\n")

print("1. GET - Retrieve (Safe, Idempotent)")
print("   GET /users/1")
print(f"   Response: {resource}\n")

print("2. POST - Create (Not Safe, Not Idempotent)")
print("   POST /users")
print("   Body: {'name': 'Bob', 'email': 'bob@example.com'}")
print("   Response: {'id': 2, 'name': 'Bob', ...} (new resource created)\n")

print("3. PUT - Replace (Not Safe, Idempotent)")
print("   PUT /users/1")
print("   Body: {'name': 'Alice Updated', 'email': 'alice.new@example.com'}")
print("   Response: {'id': 1, 'name': 'Alice Updated', ...} (entire resource replaced)\n")

print("4. PATCH - Partial Update (Not Safe, Not Idempotent)")
print("   PATCH /users/1")
print("   Body: {'age': 26}")
print("   Response: {'id': 1, 'name': 'Alice', 'email': 'alice@example.com', 'age': 26}\n")

print("5. DELETE - Remove (Not Safe, Idempotent)")
print("   DELETE /users/1")
print("   Response: 204 No Content (resource deleted)\n")

# Idempotency demonstration
print("üîÑ Idempotency Example:")
print("   GET /users/1 ‚Üí Always returns same data (idempotent)")
print("   POST /users ‚Üí Each call creates new user (NOT idempotent)")
print("   PUT /users/1 ‚Üí Same request = same result (idempotent)")
print("   DELETE /users/1 ‚Üí Deleting twice = same result (idempotent)")

## Part 12: API Versioning

Versioning allows you to evolve your API without breaking existing clients.

### Versioning Strategies

| Strategy | Example | Pros | Cons |
|----------|---------|------|------|
| **URL Path** | `/v1/users` | Simple, clear | URL pollution |
| **Query Parameter** | `/users?version=1` | Clean URLs | Less visible |
| **Header** | `Accept: application/vnd.api.v1+json` | Clean URLs | Requires custom headers |
| **Subdomain** | `v1.api.example.com` | Complete separation | DNS complexity |

### Recommended: URL Path Versioning

```
/v1/users          ‚Üí Version 1
/v2/users          ‚Üí Version 2
```

### Versioning Best Practices

1. ‚úÖ **Start with v1** - Even for first release
2. ‚úÖ **Increment major versions** - For breaking changes
3. ‚úÖ **Maintain old versions** - Support multiple versions simultaneously
4. ‚úÖ **Document deprecation** - Warn users before removing versions
5. ‚úÖ **Use semantic versioning** - v1, v2, v3 (not v1.1, v1.2)

In [None]:
# Example: API Versioning

class VersionedAPI:
    """API with versioning support"""
    
    def __init__(self):
        self.v1_users = {}  # Version 1 data structure
        self.v2_users = {}  # Version 2 data structure (different format)
    
    def create_user_v1(self, user_data: dict):
        """POST /v1/users - Version 1 format"""
        user = {
            "id": len(self.v1_users) + 1,
            "name": user_data.get("name"),
            "email": user_data.get("email")
        }
        self.v1_users[user["id"]] = user
        return user
    
    def create_user_v2(self, user_data: dict):
        """POST /v2/users - Version 2 format (enhanced)"""
        user = {
            "id": len(self.v2_users) + 1,
            "name": user_data.get("name"),
            "email": user_data.get("email"),
            "metadata": {  # New in v2
                "created_at": "2024-01-15",
                "version": 2
            }
        }
        self.v2_users[user["id"]] = user
        return user

api = VersionedAPI()

print("üìå API Versioning Example:\n")

print("Version 1 API:")
user_v1 = api.create_user_v1({"name": "Alice", "email": "alice@example.com"})
print(f"   POST /v1/users")
print(f"   Response: {user_v1}\n")

print("Version 2 API (enhanced):")
user_v2 = api.create_user_v2({"name": "Alice", "email": "alice@example.com"})
print(f"   POST /v2/users")
print(f"   Response: {user_v2}\n")

print("‚úÖ Both versions work simultaneously!")
print("   - Old clients can use /v1/users")
print("   - New clients can use /v2/users")

## Part 13: HATEOAS (Hypermedia as the Engine of Application State)

HATEOAS makes APIs self-documenting by including links to related resources.

### HATEOAS Response Example

```json
{
  "data": {
    "id": 123,
    "name": "Alice",
    "email": "alice@example.com"
  },
  "links": {
    "self": "/users/123",
    "posts": "/users/123/posts",
    "update": "/users/123",
    "delete": "/users/123"
  }
}
```

### Benefits
- ‚úÖ Self-documenting API
- ‚úÖ Client doesn't need to construct URLs
- ‚úÖ Easier to evolve API
- ‚úÖ Better discoverability

### Link Relations

| Relation | Meaning | Example |
|----------|---------|---------|
| `self` | Current resource | `/users/123` |
| `collection` | Parent collection | `/users` |
| `next` | Next page | `/users?page=2` |
| `prev` | Previous page | `/users?page=1` |
| `related` | Related resource | `/users/123/posts` |

In [None]:
# Example: HATEOAS Implementation

def get_user_with_links(user_id: int, user_data: dict) -> dict:
    """Get user with HATEOAS links"""
    return {
        "data": user_data,
        "links": {
            "self": f"/users/{user_id}",
            "collection": "/users",
            "posts": f"/users/{user_id}/posts",
            "update": f"/users/{user_id}",
            "delete": f"/users/{user_id}"
        }
    }

def list_users_with_links(users: list, page: int = 1, total_pages: int = 1) -> dict:
    """List users with pagination links"""
    links = {
        "self": f"/users?page={page}",
        "collection": "/users"
    }
    
    if page < total_pages:
        links["next"] = f"/users?page={page + 1}"
    if page > 1:
        links["prev"] = f"/users?page={page - 1}"
    
    return {
        "data": users,
        "links": links
    }

# Examples
print("üìé HATEOAS Example 1: Single Resource")
user_response = get_user_with_links(123, {"id": 123, "name": "Alice"})
print(f"   {user_response}\n")

print("üìé HATEOAS Example 2: Collection with Pagination")
users_response = list_users_with_links(
    [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}],
    page=1,
    total_pages=3
)
print(f"   Links: {users_response['links']}")
print("\n‚úÖ Client can follow links without constructing URLs!")

## Part 14: RESTful API Best Practices

### 1. Use Proper HTTP Methods

| ‚úÖ Good | ‚ùå Bad |
|---------|--------|
| `GET /users/123` | `GET /users/123/get` |
| `POST /users` | `GET /users/create` |
| `PUT /users/123` | `POST /users/123/update` |
| `DELETE /users/123` | `POST /users/123/delete` |

### 2. Use Appropriate Status Codes

| ‚úÖ Good | ‚ùå Bad |
|---------|--------|
| `201 Created` for POST | `200 OK` for POST |
| `204 No Content` for DELETE | `200 OK` with empty body |
| `404 Not Found` for missing resource | `200 OK` with error message |
| `400 Bad Request` for validation errors | `200 OK` with error |

### 3. Consistent Response Format

```json
// ‚úÖ Good - Consistent structure
{
  "data": { ... },
  "meta": { ... }
}

// ‚ùå Bad - Inconsistent
{
  "user": { ... }  // Sometimes "user"
  "users": [...]   // Sometimes "users"
  "result": { ... } // Sometimes "result"
}
```

### 4. Use Nouns, Not Verbs

| ‚úÖ Good | ‚ùå Bad |
|---------|--------|
| `/users` | `/getUsers` |
| `/users/123` | `/getUserById/123` |
| `/users/123/posts` | `/getUserPosts/123` |

### 5. Handle Errors Properly

```json
// ‚úÖ Good error response
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email is required",
    "field": "email"
  }
}

// ‚ùå Bad - Generic error
{
  "error": "Something went wrong"
}
```

In [None]:
# Example: Best Practices Comparison

print("‚úÖ BEST PRACTICES:\n")

print("1. HTTP Methods:")
print("   ‚úÖ GET    /users/123")
print("   ‚úÖ POST   /users")
print("   ‚úÖ PUT    /users/123")
print("   ‚úÖ DELETE /users/123")
print("   ‚ùå GET    /users/123/get")
print("   ‚ùå POST   /users/123/update\n")

print("2. Status Codes:")
print("   ‚úÖ 201 Created - for new resources")
print("   ‚úÖ 204 No Content - for successful DELETE")
print("   ‚úÖ 404 Not Found - for missing resources")
print("   ‚úÖ 400 Bad Request - for validation errors")
print("   ‚ùå Always returning 200 OK\n")

print("3. Response Format:")
good_response = {
    "data": {"id": 123, "name": "Alice"},
    "meta": {"version": "1.0"}
}
print(f"   ‚úÖ Consistent: {good_response}\n")

print("4. URL Design:")
print("   ‚úÖ /users (plural, lowercase)")
print("   ‚úÖ /users/123/posts (hierarchical)")
print("   ‚ùå /getUsers (verb)")
print("   ‚ùå /Users/123 (capitalized)\n")

print("5. Error Handling:")
good_error = {
    "error": {
        "code": "USER_NOT_FOUND",
        "message": "User with ID 999 does not exist",
        "details": {"user_id": 999}
    }
}
print(f"   ‚úÖ Detailed: {good_error}")
print("   ‚ùå Generic: {'error': 'Not found'}")

## Part 15: Common REST Patterns

### Pattern 1: Resource Actions (When Needed)

Sometimes you need actions that don't fit standard CRUD:

```
POST /users/123/activate     ‚Üí Activate user
POST /users/123/deactivate   ‚Üí Deactivate user
POST /orders/456/cancel      ‚Üí Cancel order
POST /posts/789/publish      ‚Üí Publish post
```

**Note:** Use sparingly! Most operations should use standard HTTP methods.

### Pattern 2: Bulk Operations

```
POST /users/bulk
Body: {
  "users": [
    {"name": "Alice", "email": "alice@example.com"},
    {"name": "Bob", "email": "bob@example.com"}
  ]
}
```

### Pattern 3: Search Endpoint

```
POST /users/search
Body: {
  "query": "alice",
  "filters": {"status": "active"},
  "sort": {"field": "name", "order": "asc"}
}
```

### Pattern 4: Sub-resources

```
/users/123/settings          ‚Üí User settings
/users/123/profile           ‚Üí User profile
/users/123/permissions       ‚Üí User permissions
```

### Pattern 5: Status Endpoint

```
GET /health                  ‚Üí API health check
GET /status                  ‚Üí API status
```

In [None]:
# Example: Common REST Patterns

class PatternExamples:
    """Examples of common REST patterns"""
    
    def __init__(self):
        self.users = {1: {"id": 1, "name": "Alice", "status": "inactive"}}
    
    # Pattern 1: Resource Actions
    def activate_user(self, user_id: int):
        """POST /users/{id}/activate"""
        if user_id in self.users:
            self.users[user_id]["status"] = "active"
            return {"message": "User activated", "status": 200}
        return {"error": "User not found", "status": 404}
    
    # Pattern 2: Bulk Operations
    def create_users_bulk(self, users_data: list):
        """POST /users/bulk"""
        created = []
        for user_data in users_data:
            user_id = len(self.users) + 1
            user = {**user_data, "id": user_id}
            self.users[user_id] = user
            created.append(user)
        return {"created": len(created), "users": created, "status": 201}
    
    # Pattern 3: Search
    def search_users(self, query: str, filters: dict = None):
        """POST /users/search"""
        results = []
        for user in self.users.values():
            if query.lower() in user["name"].lower():
                if not filters or all(user.get(k) == v for k, v in filters.items()):
                    results.append(user)
        return {"results": results, "count": len(results), "status": 200}
    
    # Pattern 4: Health Check
    def health_check(self):
        """GET /health"""
        return {"status": "healthy", "timestamp": "2024-01-15T10:30:00Z", "status_code": 200}

patterns = PatternExamples()

print("üìã Common REST Patterns:\n")

print("1. Resource Actions:")
result = patterns.activate_user(1)
print(f"   POST /users/1/activate ‚Üí {result}\n")

print("2. Bulk Operations:")
result = patterns.create_users_bulk([
    {"name": "Bob", "email": "bob@example.com"},
    {"name": "Charlie", "email": "charlie@example.com"}
])
print(f"   POST /users/bulk ‚Üí Created {result['created']} users\n")

print("3. Search:")
result = patterns.search_users("alice", filters={"status": "active"})
print(f"   POST /users/search ‚Üí Found {result['count']} users\n")

print("4. Health Check:")
result = patterns.health_check()
print(f"   GET /health ‚Üí {result}")

## Part 16: REST vs RPC vs GraphQL

Understanding when to use REST vs alternatives:

### Comparison Table

| Feature | REST | RPC | GraphQL |
|---------|------|-----|---------|
| **Style** | Resource-based | Action-based | Query-based |
| **URLs** | `/users/123` | `/getUser` | `/graphql` |
| **Methods** | HTTP methods | Function calls | Query/Mutation |
| **Data Fetching** | Multiple requests | One request | One request (flexible) |
| **Caching** | HTTP caching | Limited | Limited |
| **Learning Curve** | Easy | Easy | Moderate |
| **Over-fetching** | Common | Common | Avoided |
| **Under-fetching** | Common | Common | Avoided |

### When to Use REST

‚úÖ **Use REST when:**
- Building standard CRUD APIs
- Need HTTP caching
- Want simple, predictable URLs
- Working with resources (users, products, orders)
- Team familiar with HTTP

‚ùå **Don't use REST when:**
- Need real-time updates (use WebSockets)
- Complex queries with relationships (consider GraphQL)
- Internal service communication (consider gRPC)

### REST Example vs RPC Example

```
# REST Style
GET    /users/123
POST   /users
PUT    /users/123
DELETE /users/123

# RPC Style
POST /getUser
POST /createUser
POST /updateUser
POST /deleteUser
```

In [None]:
# Example: REST vs RPC Comparison

print("üîÑ REST vs RPC Comparison:\n")

print("REST Style (Resource-based):")
print("   GET    /users/123          ‚Üí Get user")
print("   POST   /users              ‚Üí Create user")
print("   PUT    /users/123          ‚Üí Update user")
print("   DELETE /users/123          ‚Üí Delete user")
print("   ‚úÖ Uses HTTP methods")
print("   ‚úÖ Resource-focused")
print("   ‚úÖ Cacheable\n")

print("RPC Style (Action-based):")
print("   POST /getUser              ‚Üí Get user")
print("   POST /createUser           ‚Üí Create user")
print("   POST /updateUser           ‚Üí Update user")
print("   POST /deleteUser           ‚Üí Delete user")
print("   ‚ùå All POST requests")
print("   ‚ùå Action-focused")
print("   ‚ùå Less cacheable\n")

print("‚úÖ REST is preferred for public APIs")
print("‚úÖ RPC is sometimes used for internal services")
print("‚úÖ FastAPI supports both styles!")

## Part 17: Security Best Practices

### Authentication and Authorization

| Method | Use Case | Example |
|--------|----------|---------|
| **API Key** | Simple services | `X-API-Key: abc123` |
| **Bearer Token** | Most common | `Authorization: Bearer token123` |
| **Basic Auth** | Simple auth | `Authorization: Basic base64(user:pass)` |
| **OAuth 2.0** | Third-party access | `Authorization: Bearer oauth_token` |

### Security Headers

```
Content-Type: application/json
Authorization: Bearer token123
X-Request-ID: unique-request-id
X-Rate-Limit: 100
X-Rate-Limit-Remaining: 95
```

### Security Best Practices

1. ‚úÖ **Always use HTTPS** - Never HTTP in production
2. ‚úÖ **Validate all input** - Never trust client data
3. ‚úÖ **Use proper authentication** - Don't expose sensitive endpoints
4. ‚úÖ **Rate limiting** - Prevent abuse
5. ‚úÖ **CORS configuration** - Control cross-origin access
6. ‚úÖ **Sanitize output** - Prevent XSS attacks
7. ‚úÖ **Use parameterized queries** - Prevent SQL injection
8. ‚úÖ **Log security events** - Monitor for attacks

In [None]:
# Example: Security Headers and Authentication

class SecureAPI:
    """API with security features"""
    
    def __init__(self):
        self.api_keys = {"key123": "admin", "key456": "user"}
        self.rate_limits = {}
    
    def check_auth(self, api_key: str):
        """Check API key authentication"""
        if api_key in self.api_keys:
            return {"authenticated": True, "role": self.api_keys[api_key]}
        return {"authenticated": False, "error": "Invalid API key"}
    
    def check_rate_limit(self, api_key: str, limit: int = 100):
        """Simple rate limiting check"""
        if api_key not in self.rate_limits:
            self.rate_limits[api_key] = 0
        
        if self.rate_limits[api_key] >= limit:
            return {
                "allowed": False,
                "headers": {
                    "X-Rate-Limit": str(limit),
                    "X-Rate-Limit-Remaining": "0",
                    "Retry-After": "60"
                }
            }
        
        self.rate_limits[api_key] += 1
        return {
            "allowed": True,
            "headers": {
                "X-Rate-Limit": str(limit),
                "X-Rate-Limit-Remaining": str(limit - self.rate_limits[api_key])
            }
        }
    
    def secure_response_headers(self):
        """Security headers for responses"""
        return {
            "Content-Type": "application/json",
            "X-Content-Type-Options": "nosniff",
            "X-Frame-Options": "DENY",
            "X-XSS-Protection": "1; mode=block",
            "Strict-Transport-Security": "max-age=31536000"
        }

api = SecureAPI()

print("üîí Security Examples:\n")

print("1. Authentication:")
auth_result = api.check_auth("key123")
print(f"   API Key: key123 ‚Üí {auth_result}\n")

print("2. Rate Limiting:")
for i in range(3):
    rate_result = api.check_rate_limit("key123", limit=100)
    print(f"   Request {i+1}: Allowed={rate_result['allowed']}, Remaining={rate_result['headers']['X-Rate-Limit-Remaining']}")
print()

print("3. Security Headers:")
headers = api.secure_response_headers()
for key, value in headers.items():
    print(f"   {key}: {value}")

In [None]:
# Complete REST API Example: User Management

class CompleteUserAPI:
    """Complete RESTful User API with all best practices"""
    
    def __init__(self):
        self.users = {}
        self.next_id = 1
    
    # GET /users - List all users (with filtering, pagination)
    def list_users(self, status=None, role=None, page=1, limit=10):
        """List users with filtering and pagination"""
        filtered = list(self.users.values())
        
        if status:
            filtered = [u for u in filtered if u.get("status") == status]
        if role:
            filtered = [u for u in filtered if u.get("role") == role]
        
        total = len(filtered)
        start = (page - 1) * limit
        end = start + limit
        paginated = filtered[start:end]
        
        return {
            "status_code": 200,
            "data": paginated,
            "meta": {
                "page": page,
                "limit": limit,
                "total": total,
                "total_pages": (total + limit - 1) // limit
            },
            "links": {
                "self": f"/users?page={page}&limit={limit}",
                "first": f"/users?page=1&limit={limit}",
                "last": f"/users?page={(total + limit - 1) // limit}&limit={limit}"
            }
        }
    
    # GET /users/{id} - Get specific user
    def get_user(self, user_id: int):
        """Get user by ID"""
        if user_id in self.users:
            return {
                "status_code": 200,
                "data": self.users[user_id],
                "links": {
                    "self": f"/users/{user_id}",
                    "collection": "/users",
                    "posts": f"/users/{user_id}/posts"
                }
            }
        return {
            "status_code": 404,
            "error": {
                "code": "USER_NOT_FOUND",
                "message": f"User with ID {user_id} does not exist"
            }
        }
    
    # POST /users - Create user
    def create_user(self, user_data: dict):
        """Create new user"""
        # Validation
        if "name" not in user_data or "email" not in user_data:
            return {
                "status_code": 400,
                "error": {
                    "code": "VALIDATION_ERROR",
                    "message": "Missing required fields: name, email"
                }
            }
        
        # Check duplicate email
        for user in self.users.values():
            if user.get("email") == user_data["email"]:
                return {
                    "status_code": 409,
                    "error": {
                        "code": "DUPLICATE_EMAIL",
                        "message": "Email already exists"
                    }
                }
        
        # Create user
        user_id = self.next_id
        self.next_id += 1
        user = {**user_data, "id": user_id, "status": "active"}
        self.users[user_id] = user
        
        return {
            "status_code": 201,
            "data": user,
            "headers": {"Location": f"/users/{user_id}"},
            "links": {
                "self": f"/users/{user_id}",
                "collection": "/users"
            }
        }
    
    # PUT /users/{id} - Update entire user
    def update_user(self, user_id: int, user_data: dict):
        """Update entire user"""
        if user_id not in self.users:
            return {
                "status_code": 404,
                "error": {"code": "USER_NOT_FOUND", "message": "User not found"}
            }
        
        self.users[user_id] = {**user_data, "id": user_id}
        return {
            "status_code": 200,
            "data": self.users[user_id]
        }
    
    # DELETE /users/{id} - Delete user
    def delete_user(self, user_id: int):
        """Delete user"""
        if user_id not in self.users:
            return {
                "status_code": 404,
                "error": {"code": "USER_NOT_FOUND", "message": "User not found"}
            }
        
        del self.users[user_id]
        return {"status_code": 204}

# Usage
api = CompleteUserAPI()

print("üöÄ Complete REST API Example:\n")

print("1. CREATE:")
result = api.create_user({"name": "Alice", "email": "alice@example.com", "role": "admin"})
print(f"   Status: {result['status_code']}")
print(f"   Data: {result['data']}\n")

print("2. READ ONE:")
result = api.get_user(1)
print(f"   Status: {result['status_code']}")
print(f"   Data: {result['data']}\n")

print("3. LIST (with pagination):")
result = api.list_users(page=1, limit=10)
print(f"   Status: {result['status_code']}")
print(f"   Total: {result['meta']['total']} users")
print(f"   Links: {list(result['links'].keys())}\n")

print("4. UPDATE:")
result = api.update_user(1, {"name": "Alice Updated", "email": "alice@example.com", "role": "admin"})
print(f"   Status: {result['status_code']}\n")

print("5. DELETE:")
result = api.delete_user(1)
print(f"   Status: {result['status_code']}")

## Part 19: Common Mistakes to Avoid

### Mistake 1: Using Verbs in URLs

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| `/getUsers` | `/users` |
| `/createUser` | `/users` (POST) |
| `/updateUser/123` | `/users/123` (PUT) |
| `/deleteUser/123` | `/users/123` (DELETE) |

### Mistake 2: Wrong HTTP Methods

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| `GET /users/create` | `POST /users` |
| `POST /users/123/update` | `PUT /users/123` |
| `GET /users/123/delete` | `DELETE /users/123` |

### Mistake 3: Inconsistent Response Format

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| Sometimes `{"user": ...}` | Always `{"data": ...}` |
| Sometimes `{"users": [...]}` | Always `{"data": [...]}` |
| Sometimes `{"result": ...}` | Always `{"data": ...}` |

### Mistake 4: Wrong Status Codes

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| `200 OK` for POST | `201 Created` |
| `200 OK` with empty body for DELETE | `204 No Content` |
| `200 OK` with error message | `400 Bad Request` or `404 Not Found` |

### Mistake 5: Not Using Query Parameters

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| `/users/active` | `/users?status=active` |
| `/users/page/1` | `/users?page=1` |
| `/users/search/alice` | `/users?q=alice` |

### Mistake 6: Ignoring HTTP Semantics

| ‚ùå Bad | ‚úÖ Good |
|--------|--------|
| POST for everything | Use appropriate HTTP methods |
| GET with request body | GET should not have body |
| Not using idempotency | Respect idempotency rules |

In [None]:
# Example: Common Mistakes

print("‚ùå COMMON MISTAKES:\n")

mistakes = [
    ("Using verbs in URLs", "‚ùå /getUsers", "‚úÖ /users (GET)"),
    ("Wrong HTTP methods", "‚ùå GET /users/create", "‚úÖ POST /users"),
    ("Inconsistent responses", "‚ùå Sometimes {'user': ...}", "‚úÖ Always {'data': ...}"),
    ("Wrong status codes", "‚ùå 200 for POST", "‚úÖ 201 Created"),
    ("Not using query params", "‚ùå /users/active", "‚úÖ /users?status=active"),
    ("Ignoring HTTP semantics", "‚ùå POST for everything", "‚úÖ Use appropriate methods"),
]

for i, (mistake, bad, good) in enumerate(mistakes, 1):
    print(f"{i}. {mistake}:")
    print(f"   {bad}")
    print(f"   {good}\n")

print("‚úÖ Always follow REST principles for consistent, predictable APIs!")

## Part 20: RESTful API Design Checklist

Use this checklist when designing your REST API:

### URL Design ‚úÖ
- [ ] Use nouns, not verbs (`/users` not `/getUsers`)
- [ ] Use plural nouns (`/users` not `/user`)
- [ ] Use lowercase (`/users/123` not `/Users/123`)
- [ ] Use hyphens for multi-word (`/user-profiles` not `/user_profiles`)
- [ ] Keep URLs simple and intuitive
- [ ] Use hierarchical structure for nested resources

### HTTP Methods ‚úÖ
- [ ] Use GET for retrieval (safe, idempotent)
- [ ] Use POST for creation (not idempotent)
- [ ] Use PUT for full updates (idempotent)
- [ ] Use PATCH for partial updates (not idempotent)
- [ ] Use DELETE for removal (idempotent)
- [ ] Don't use GET with side effects

### Status Codes ‚úÖ
- [ ] Use 200 for successful GET, PUT, PATCH
- [ ] Use 201 for successful POST (creation)
- [ ] Use 204 for successful DELETE
- [ ] Use 400 for bad requests
- [ ] Use 401 for unauthorized
- [ ] Use 403 for forbidden
- [ ] Use 404 for not found
- [ ] Use 409 for conflicts
- [ ] Use 422 for validation errors
- [ ] Use 500 for server errors

### Response Format ‚úÖ
- [ ] Consistent response structure
- [ ] Use standard error format
- [ ] Include metadata (pagination, etc.)
- [ ] Include links (HATEOAS) when helpful
- [ ] Use proper Content-Type headers

### Security ‚úÖ
- [ ] Always use HTTPS
- [ ] Implement authentication
- [ ] Implement authorization
- [ ] Validate all input
- [ ] Use rate limiting
- [ ] Set security headers
- [ ] Sanitize output

### Documentation ‚úÖ
- [ ] Document all endpoints
- [ ] Include request/response examples
- [ ] Document error codes
- [ ] Document authentication
- [ ] Keep documentation up to date

## Part 21: Practice Exercises üèãÔ∏è

Try these exercises to build your confidence!

### Exercise 1: Design REST Endpoints

Design REST endpoints for a Blog API with:
- Users can create posts
- Users can comment on posts
- Users can like posts

What would the URLs look like?

In [None]:
# Exercise: Design Blog API Endpoints

# Solution:
blog_endpoints = {
    "Users": [
        "GET    /users              # List all users",
        "GET    /users/{id}         # Get specific user",
        "POST   /users              # Create new user",
        "PUT    /users/{id}          # Update user",
        "DELETE /users/{id}          # Delete user",
    ],
    "Posts": [
        "GET    /posts              # List all posts",
        "GET    /posts/{id}         # Get specific post",
        "POST   /posts              # Create new post",
        "PUT    /posts/{id}         # Update post",
        "DELETE /posts/{id}         # Delete post",
    ],
    "Nested Resources": [
        "GET    /users/{id}/posts           # Get user's posts",
        "POST   /users/{id}/posts           # Create post for user",
        "GET    /posts/{id}/comments        # Get post's comments",
        "POST   /posts/{id}/comments        # Add comment to post",
        "POST   /posts/{id}/like            # Like a post (action)",
        "DELETE /posts/{id}/like            # Unlike a post",
    ],
    "Filtering": [
        "GET    /posts?author={user_id}     # Filter by author",
        "GET    /posts?category={cat}       # Filter by category",
        "GET    /posts?page=1&limit=10      # Pagination",
    ]
}

print("‚úÖ Blog API Endpoint Design:\n")
for category, endpoints in blog_endpoints.items():
    print(f"{category}:")
    for endpoint in endpoints:
        print(f"  {endpoint}")
    print()

### Exercise 2: Choose Correct Status Codes

For each scenario, choose the correct status code:
1. User successfully created
2. User not found
3. Invalid email format provided
4. Email already exists
5. User successfully deleted
6. Missing required field

In [None]:
# Exercise: Status Codes

# Solution:
status_codes = {
    "User successfully created": 201,  # Created
    "User not found": 404,            # Not Found
    "Invalid email format provided": 422,  # Unprocessable Entity
    "Email already exists": 409,      # Conflict
    "User successfully deleted": 204,  # No Content
    "Missing required field": 400,   # Bad Request
}

print("‚úÖ Status Code Answers:\n")
for scenario, code in status_codes.items():
    print(f"{scenario:35} ‚Üí {code} {get_status_name(code)}")

def get_status_name(code: int) -> str:
    """Get status code name"""
    names = {
        201: "Created",
        404: "Not Found",
        422: "Unprocessable Entity",
        409: "Conflict",
        204: "No Content",
        400: "Bad Request"
    }
    return names.get(code, "")

### Exercise 3: Fix Bad API Design

Fix these poorly designed endpoints:
1. `GET /getUserById/123`
2. `POST /updateUser/123`
3. `GET /users/active`
4. `POST /deleteUser/123`
5. `GET /createUser`

In [None]:
# Exercise: Fix Bad API Design

# Solution:
fixes = [
    ("GET /getUserById/123", "GET /users/123", "Remove verb, use resource + ID"),
    ("POST /updateUser/123", "PUT /users/123", "Use PUT for updates, remove verb"),
    ("GET /users/active", "GET /users?status=active", "Use query parameter for filtering"),
    ("POST /deleteUser/123", "DELETE /users/123", "Use DELETE method, remove verb"),
    ("GET /createUser", "POST /users", "Use POST for creation, remove verb"),
]

print("‚úÖ Fixed API Design:\n")
for bad, good, reason in fixes:
    print(f"‚ùå {bad}")
    print(f"‚úÖ {good}")
    print(f"   Reason: {reason}\n")

## Part 22: Key Takeaways & Summary üìù

### REST Principles
‚úÖ **6 Constraints**: Client-Server, Stateless, Cacheable, Uniform Interface, Layered System, Code on Demand  
‚úÖ **Resource-based**: Everything is a resource identified by URI  
‚úÖ **HTTP Methods**: GET, POST, PUT, PATCH, DELETE  
‚úÖ **Stateless**: Each request is independent  
‚úÖ **Standard**: Works with HTTP protocol  

### HTTP Methods
‚úÖ **GET**: Retrieve (safe, idempotent)  
‚úÖ **POST**: Create (not idempotent)  
‚úÖ **PUT**: Replace (idempotent)  
‚úÖ **PATCH**: Partial update (not idempotent)  
‚úÖ **DELETE**: Remove (idempotent)  

### Status Codes
‚úÖ **2xx**: Success (200, 201, 204)  
‚úÖ **4xx**: Client errors (400, 401, 403, 404, 409, 422)  
‚úÖ **5xx**: Server errors (500, 503)  

### URL Design
‚úÖ Use nouns, not verbs  
‚úÖ Use plural nouns  
‚úÖ Use lowercase  
‚úÖ Use hierarchical structure  
‚úÖ Use query parameters for filtering  

### Best Practices
1. ‚úÖ Use proper HTTP methods
2. ‚úÖ Use appropriate status codes
3. ‚úÖ Consistent response format
4. ‚úÖ Proper error handling
5. ‚úÖ API versioning
6. ‚úÖ Security (HTTPS, auth, validation)
7. ‚úÖ Documentation

### FastAPI Integration
‚úÖ FastAPI makes REST easy with decorators  
‚úÖ Automatic OpenAPI documentation  
‚úÖ Type hints for validation  
‚úÖ Async support for performance  
‚úÖ Built-in error handling  

---

## üéâ Congratulations!

You now understand:
- ‚úÖ What REST is and its principles
- ‚úÖ HTTP methods and when to use them
- ‚úÖ Status codes and their meanings
- ‚úÖ URL design best practices
- ‚úÖ Request/response formats
- ‚úÖ Filtering, sorting, and pagination
- ‚úÖ How to build RESTful APIs with FastAPI
- ‚úÖ Security and best practices
- ‚úÖ Common mistakes to avoid

**You're ready to design and build professional RESTful APIs!** üöÄ

### Next Steps:
1. Design REST APIs for your projects
2. Build APIs with FastAPI
3. Practice with real-world scenarios
4. Study existing REST APIs (GitHub, Twitter, etc.)
5. Build complete RESTful applications

Keep practicing and building! üí™