llmstory
RESTful API Specification Design and Review Exam
Flawed E-commerce RESTful API Specification

Base URL: https://api.ecommerce.com

Versioning: All endpoints are currently under /api/v1/. There is no v2 yet, and all new features are added to v1.

Authentication: After successful login via POST /api/v1/Auth/login, a session_token is returned in the response body. This token MUST be included in subsequent requests as a custom header X-Session-Token for authentication.

Endpoints:

  1. User Management
    • GET /api/v1/getUserById/{userId}
      • Description: Retrieves details of a specific user.
      • Example Response (200 OK): 
        
1{
2    "id": "user123",
3    "userName": "john.doe",
4    "emailAddress": "john.doe@example.com"
5}
    • PUT /api/v1/users/create
      • Description: Creates a new user account. The client should not provide an ID in the URL.
      • Example Request Body: 
        
1{
2    "username": "jane.doe",
3    "password": "secure_password",
4    "email": "jane.doe@example.com"
5}
      • Example Response (201 Created): 
        
1{
2    "message": "User created successfully",
3    "userId": "user456"
4}
    • GET /api/v1/users/resetPassword?email={emailAddress}
      • Description: Initiates a password reset process by sending a reset email to the provided address.
      • Example Response (200 OK): 
        
1{
2    "message": "Password reset email sent. Please check your inbox."
3}
  1. Product Management
    • GET /api/v1/getAllCategories
      • Description: Fetches all product categories.
      • Example Response (200 OK): (Content-Type: text/plain) 
        Electronics, Books, HomeGoods
    • POST /api/v1/products/{id}/updateStock
      • Description: Updates the stock quantity for a specific product. This operation can be called multiple times with the same input to achieve the same result (e.g., setting stock to 100).
      • Example Request Body: 
        
1{
2    "quantity": 95,
3    "warehouseId": "WH001"
4}
      • Example Response (200 OK): 
        
1{
2    "productId": "prodABC",
3    "newStock": 95
4}
    • DELETE /api/v1/products/deleteProduct/{productId}
      • Description: Deletes a product from the catalog.
      • Example Response (204 No Content): (No body)
  1. Order Management
    • GET /api/v1/orders/cancel?orderId={id}
      • Description: Cancels an existing order by its ID. This action changes the state of the order.
      • Example Response (200 OK): 
        
1{
2    "status": "Order Cancelled",
3    "orderId": "order789"
4}
    • POST /api/v1/orders/placeOrder
      • Description: Places a new order.
      • Example Request Body: 
        
1{
2    "userId": "user123",
3    "items": [
4        {"productId": "prodXYZ", "quantity": 1}
5    ]
6}
      • **Example Response (201 Created):) 
        
1{
2    "message": "Order placed successfully",
3    "orderId": "order789",
4    "totalAmount": 99.99
5}
  1. Shopping Cart
    • DELETE /api/v1/removeItemFromCart/{itemId}
      • Description: Removes a specific item from the authenticated user's cart. This relies on the X-Session-Token header to identify the user's cart.
      • **Example Response (200 OK):) 
        
1{
2    "message": "Item removed from cart"
3}
1.

Identify at least three distinct violations of core REST principles (e.g., Statelessness, Uniform Interface, Resource Identification, HATEOAS, Client-Server separation) within the provided API specification. For each violation, explain which principle is violated and why, providing specific examples from the API spec.

2.

Review the resource naming conventions used in the specification. For at least five different endpoints, propose improved, RESTful resource naming conventions. Explain the rationale behind your proposed changes, adhering to best practices (e.g., using nouns, pluralization for collections, clear hierarchy).

3.

Analyze the usage of HTTP verbs across the API. Identify at least four instances where an incorrect HTTP verb has been used for an operation. For each instance, propose the correct HTTP verb and explain why it is the appropriate choice according to RESTful principles and HTTP semantics (e.g., idempotency, safety).

4.

The current API uses a URL-based /api/v1/ versioning strategy. Design a more robust and scalable versioning strategy for this API. Your design should consider:

  • How new versions will be introduced.
  • How clients will specify which version they want to use.
  • How deprecation and backward compatibility will be managed.
  • The advantages and disadvantages compared to the current strategy.
5.

Beyond the specific issues addressed above, identify one additional area of improvement for the API specification (e.g., error handling consistency, security considerations, documentation, discoverability). Describe the current weakness and propose a concrete best practice or design pattern to address it.

Copyright © 2025 llmstory.comPrivacy PolicyTerms of Service