Top 10 Spring Boot REST API Best Practices You MUST Know

what's going on guys Welcome to this video where  I want to talk to you about the top 10 Spring Boot REST API best practices So let me jump straight  into this video and if you want to learn about Spring Boot we've got tons of courses that cover  Spring Boot from start to finish and we also have a road map on our brand new platform So the very  first best practice that I want to cover here is to use consistent and restful resource naming  So in here have a look we have this resource So request mapping and actually I need to have  at rest control in here for this to handle HTTP requests But essentially here have a look user So  basically when the client issues the request there will be like https or http column forward slash localhost  colon and then the port which is 80 and then user All right So this is wrong So what you want  is you want this name in here You want to always use plural So users customers in here orders  transactions transactions so on and so forth All right So this means that so this let's just say  say users in here So users and now if I want to get all users for example all I do is I just have  a list in here of and then user and here I want to say get all users and then list of and then let's  just say empty for now right but basically I can say at and then get and then mapping and I don't  have to in here say forward slash and then get all users which have seen a lot of people doing  if you want to create a user for example So you just basically here say at and then post mapping  and then you don't have to say inside create dash and then user don't do this All right so this is  the first tip and there's something else uh that has to do with API versioning which I'll cover in  a second All right so let me just put s in here So the next thing that I want to cover is return the  correct HTTP status code So you see here so if we create a user most likely this will return a 200  status code But there's a better HTTP status codes that we can use for when a resource is created and  that is 201 So if you want to do that so you have to change this to response So response and then  entity and in here you just basically can have question mark and then here you would basically  say return and then response entity and then dot and you can see that we have okay we have created  dot and then status and then we can in here have the http and then status and you can see that we  can use all of these right so for us it's created and then dot and then you can build just like  that All right So now here you have full control of the response status code which is being sent  to the client So if you're handling um if you're working with 400 just make sure that it's a  400 or 404 uh depending on the category just make sure to use the correct status code Number  three is to use DTO's So in here have a look We have the request body This accepts a user And if  I look at this user this right here is an entity Now never do this All right So never expose your  entities because have a look So in this case we're receiving an entity But if you were to return  the entity to the client we would be exposing the password So what you want to do is to use a  DTO So here if I basically create a new class and I'm going to say user and then dto and let's just  make this a record This will have let's just say in here um integer ID comma and then let's just  say string and then name just like that So this would be what you would return to a client and if  you want to accept something So you would say user and then request for example So request where you  would have pretty much almost the same things in here And let's just make this a record just like  that There we go And then paste that And obviously the ID would be generated by the client or sorry  by the server and then string and then password and this is the best approach And now within your  controller you can just say user and then request in here All right So this is the first thing All  right Tip number four is to use bin validation So say that you want to accept So here let's just  say that user and then password and if we say dot is blank So basically you'd have an if statement  in here So if if this is the case then you want to throw an exception and then if and then here  user dot and then name and then dot is blank You want to do the exact same thing So please don't do  this All right So avoid unnecessary if statements So what you want to do instead is so you can use  be in validation So here you could say that at and then not and then blank just like that and  the same here So at and then not and then blank And you can see that this comes from Jakarta  validation constraints And if I show you the package itself So if I go to the package have a  look we have min max negative negative or zero past present pattern size so on and so forth email  as well um and then assert true decimal max and whatnot So here now when we receive the request  we can just say at so just make sure that this is at and then valid and then we can get rid of  all of this All right So very very crucial Number five you see that in here say that we had a bunch  of business logic right So here you can see that I'm actually doing all of this right within the  controller So what you want to do instead is you want to so in here you want to have the so here  I'm going to say Java class and you want to have a user and then service and also you want to have  the user repository So user and then repository There we go And you can see that here you have  separation of concerns So the controller only accepts only accepts the incoming requests and  then the service performs the business logic and then the repository handles data access So this  is the best practice All right So this will then go under So user service you then basically have a  method So let's just say public and then maybe int create and then user this will take the user and  then request for example just like that and then oops and then here let me just paste that and let  me just do this All right so and then you just say return for example one All right and obviously  you would have to inject the repository but you get the gist Perfect Moving on to six So if I go  back to in here within the controller So what we want to do also is so on a new line here So we  want to use pagionation when returning data So here for example when returning data to our  clients So pagionation as well as limiting the results that a client requests All right So if  they say get all users say that you have a million users you don't want to return 1 million users  because otherwise you'll just consume the entire memory and then the server goes down and there  we go you got uh you know a set of one or two um uh that you have to deal with right So instead  what you want to do is you want to use so you want to pass the page I think it's page request um I  think page like this And if you look at this page request or is it page request or pageable Page  Yeah I think it's pageable So pageable and this right here So internally uh it means that you can  pass the page number the size and then the sort All right So the request would be something  like here you'd say size equals to 1 and and then page equals to oops and then whatever page  that you want comma or sorry and then and then oops and then sort and then you get the gist  All right so I cover all of this within the spring data JPA course that we have So if you're  returning um data like this always make sure to uh use pagionation All right And also make sure  to limit the uh data that goes back to the client So there's obviously a lot more that we have to  do here but this just gives you the best practice All right moving on usually within your services  in here you basically throw so you throw and then maybe I don't know a legal argument exception  or a legal state exception or your own custom exception right so if you're throwing a bunch of  exceptions then what you want to do is you want to have a centralized place so here I'm going to  say java class and then global exception handler and this guy right here will have the at and then  controller advice and then within here you can say public and then response and then entity which  you've seen and this right here you could return pretty much anything you want So here let's  say that I want to handle so handle and then validation errors for example All right So  which means that now here I can say at and then exceptionial exception handler and then the  exception that I want to So here maybe method argument and then not valid exception.class So  if you want to capture more than one you're more than welcome to do so in here You could just  do this and then comma But in here it means that you have a centralized place So let me just  say return and then no So here it means that you have a centralized place where you're handling  the exceptions right So you can throw except exceptions from all these different places but  this is how you control the response the status code that goes back to the client Cool Let's move  on to security And here basically I'm not going to implement security but with any API that you  build you want to make sure that you have security around so people don't abuse And especially if  it's an internal um API or it requires some sort of authentication then you definitely want  to learn you know different ways of securing um APIs right so you have JT you have or you have  basic and um other other ways or if you want to delegate authentication to an external provider  you can do it but obviously I don't have time to implement uh security in here but it's something  that you should definitely definitely be aware so the Other one is you see here where I've got  users So usually you want to version your API So API slash and then v1/ users right So then if  you know there's some changes on your on your API you can keep this existing one and then old  users can still consume the API while you have a second one in here working in parallel and then  you can slowly migrate everyone to version one to version two All right So very very important  API versioning And finally um I'm not going to implement as well but you have to document  your API So you've got stuff like Swagger and Open API that you could use to document your API  So then basically you provide uh instructions on how to consume your um APIs All right cool So I'm  going to leave it here If you have any questions feel free to let me know And um I'm going to  leave a link where you can find all of these best practices that I've just said uh on the blog  on the website so that you can have access to it If you have any questions feel free to let me  know Otherwise I'll see you in the next one Uh

Want to build clean, scalable, and secure REST APIs with Spring Boot? In this video, you'll learn the top 10 best practices every Java developer should follow when building RESTful APIs using Spring Boot. From HTTP status codes to DTOs, pagination, exception handling, and security. Free Spring Boot Course - https://bit.ly/44DjbYn Don't Forget to =========================================== 💯 Subscribe to Amigoscode - http://bit.ly/2HpF5V8 💯 Courses Available for free here - https://amigoscode.com/courses 💯 Join Private Facebook Group and Discord - https://amigoscode.com/community ⭐ Table Of Contents ⭐ =========================================== 00:00 - Introduction 00:24 - #1 Use Consistent & RESTful Resource Naming 02:25 - #2 Return the Correct HTTP Status Codes 03:26 - #3 Use DTOs Instead of Entities 05:10 - #4 Use Bean Validation 06:37 - #5 Apply Separation of Concerns (Controller, Service, Repository) 08:29 - #6 Use Pagination & Limit Results 10:12 - #7 Centralized Exception Handling 11:45 - #8 Secure Your API 12:21 - #9 API Versioning 12:58 - #10 Document Your API (Swagger / OpenAPI) 13:20 - Wrap-Up & Final Thoughts ► Recommended Books =========================================== - Clean Code - https://amzn.to/2UGDPlX - HTTP: The Definitive Guide - https://amzn.to/2JDVi8s - Clean Architecture - https://amzn.to/2xOBNXW P.S =========================================== 💯 Don't forget to subscribe | http://bit.ly/2HpF5V8 💯 Join Private Facebook Group and Discord - https://amigoscode.com/community 💯 Follow me on Instagram | http://bit.ly/2TSkA9w ❤️ Thanks for watching #java #springboot #programming