Design a Clean REST API for a New Resource
Get a complete REST endpoint design with shapes, errors, and idempotency notes.
This prompt designs a full set of REST endpoints for a new resource, returning method, path, request and response shapes, error codes, and idempotency notes for each — and crucially, flagging cases where REST is the wrong fit. Reach for it at the start of building a new resource when you want a conventional, predictable API surface before writing controllers. The instruction to flag awkward cases is what keeps it honest: it'll tell you when an action doesn't map cleanly to CRUD and a different style would serve you better.
Design REST endpoints for a new resource: [RESOURCE NAME]. Use cases: [LIST]. Authentication style: [JWT/API KEY/OAUTH]. For each endpoint provide: method, path, request body shape (TypeScript or JSON), response shape, possible error codes, idempotency notes. Follow REST conventions strictly. Flag any case where REST is awkward and a different style would be better.
What you can expect back
POST /invoices
Auth: Bearer JWT
Body: { customerId: string; lineItems: { description: string; amountCents: number }[]; dueDate: string }
Response 201: { id: string; status: 'draft'; totalCents: number; createdAt: string }
Errors: 400 invalid body, 401 no/expired token, 404 customer not found, 422 empty line items
Idempotency: not idempotent; support an Idempotency-Key header to dedupe retries.
GET /customers/{customerId}/invoices
Response 200: { data: Invoice[]; nextCursor?: string }
Errors: 401, 404
POST /invoices/{id}/pay <-- REST-awkward
'Mark paid' is an action, not a resource. Modeled as a sub-action endpoint.
Response 200: { id; status: 'paid'; paidAt }
Errors: 401, 404, 409 already paid/voided
Flag: state transitions (pay/void) don't map cleanly to CRUD; consider a status PATCH or an explicit action endpoint — documented here as the latter.
GET /invoices/{id}/pdf
Returns application/pdf; note: binary download, not JSON.Illustrative example — your results will vary by tool and inputs.
Get sharper results
- 01List your use cases as verbs and watch which ones don't fit CRUD — 'pay,' 'void,' 'send,' and 'export' are the ones that expose where REST gets awkward, and naming them up front gets you better guidance.
- 02Ask it to be explicit about pagination, filtering, and sorting on list endpoints; these are the details that get retrofitted painfully later.
- 03Have it specify which write operations need idempotency keys versus which are naturally idempotent (PUT, DELETE) so retries don't double-charge or double-create.
- 04Request consistent error envelope shapes across all endpoints, not just status codes, so clients can parse failures uniformly.
- 05If several of your actions are non-CRUD, ask whether the resource is better served by RPC-style endpoints or GraphQL before you commit to forcing everything into REST.
Adapt it for your case
Ask it to output the design as an OpenAPI 3 YAML document instead of prose so you can drop it straight into tooling.
Add a requirement to include a versioning strategy and how to deprecate endpoints without breaking existing clients.
Ask it to also sketch the equivalent GraphQL schema and recommend which fits your use cases better.
Common questions
What does it mean when it flags an endpoint as 'REST-awkward'?
It means the operation is an action or state transition (like 'pay' or 'send') that doesn't map to a clean noun-and-verb CRUD pattern. The flag is a prompt to consider a sub-action endpoint, a status PATCH, or RPC.
Should every write endpoint support idempotency keys?
Non-idempotent creates (POST) benefit most, since a retried request could create duplicates. PUT and DELETE are idempotent by nature. The design will tell you which is which.
Can it design the database schema too?
Yes — add 'and propose the underlying table schema' and it will, but keep API design and storage design as separate concerns so the API isn't a thin wrapper over your tables.
You may also need
Perform a Thorough Code Review on a Pull Request
Get a senior-engineer-style code review with categorized, file-referenced feedback.
Refactor Code for Readability and Maintainability
Refactor any code for readability and maintainability without changing its behavior.
Audit Code for Performance Bottlenecks
Identify performance bottlenecks in code and get ranked, impact-focused optimization suggestions.
Run a Security Review on Code
Get an OWASP-aligned security review with severity ratings and remediation snippets.