API Guide

REST API & JSON – How JSON Powers Modern APIs

JSON has become the universal language of REST APIs. Nearly every modern web service — from payment processors to social media platforms to cloud providers — uses JSON to exchange data. This guide explains how JSON is used in REST APIs, covering request and response formats, HTTP headers, status codes, authentication, and design best practices.

Why REST APIs Use JSON

Lightweight — JSON is much smaller than XML, reducing bandwidth and improving response times
Native browser support — JavaScript can parse JSON directly without any library
Human-readable — developers can read and debug JSON responses easily
Language-agnostic — every major programming language has JSON parsing built in
Flexible structure — JSON supports nested objects and arrays for complex data models

JSON Request Format

When sending data to a REST API (POST, PUT, PATCH), the request body is typically JSON. You must set the Content-Type header to tell the server what format you're sending.

POST /api/users HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer eyJhbGci...

{
  "name": "Alice",
  "email": "alice@example.com",
  "role": "admin"
}

JSON Response Format

The server responds with JSON and sets the Content-Type: application/json header. A well-designed API response includes the data, status information, and metadata.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "usr_abc123",
  "name": "Alice",
  "email": "alice@example.com",
  "role": "admin",
  "createdAt": "2025-01-01T00:00:00Z"
}

HTTP Status Codes with JSON APIs

2xx — Success

200 OK — successful GET, PUT, PATCH
201 Created — successful POST that created a resource
204 No Content — successful DELETE with no body

4xx — Client Errors

400 Bad Request — invalid JSON or missing fields
401 Unauthorized — missing or invalid authentication
403 Forbidden — authenticated but not authorized
404 Not Found — resource doesn't exist
422 Unprocessable — validation errors

5xx — Server Errors

500 Internal Server Error — unexpected server failure
502 Bad Gateway — upstream service failure
503 Service Unavailable — server overloaded or down

Error Response Format

{
  "error": "validation_failed",
  "message": "Email is required",
  "field": "email",
  "code": 422
}

JSON API Authentication

Most JSON APIs use one of these authentication methods:

Bearer Token (JWT) — Authorization: Bearer <token> — most common for modern APIs
API Key — X-API-Key: your-key or as a query parameter
Basic Auth — Authorization: Basic <base64(user:pass)>
OAuth 2.0 — token-based authorization for third-party access

REST API JSON Best Practices

Use consistent naming — stick to camelCase (firstName) or snake_case (first_name) throughout your API
Always return JSON errors — never return HTML error pages from a JSON API
Use ISO 8601 for dates — "2025-01-01T00:00:00Z" is unambiguous and timezone-aware
Paginate large responses — include page, limit, and total in list responses
Version your API — use /api/v1/ in the URL to allow breaking changes
Validate incoming JSON — always validate request bodies before processing
Set CORS headers — allow browsers to make cross-origin requests to your API

Common JSON API Patterns

// Pagination response
{
  "data": [...],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 150,
    "hasNext": true
  }
}

// Envelope pattern
{
  "success": true,
  "data": { "id": 1, "name": "Alice" },
  "meta": { "requestId": "req_abc123" }
}

Debug your API JSON responses

Paste API responses into JSONHack to format and validate them instantly.

Open JSON Formatter →