Design a complete REST API following best practices for resource naming, HTTP methods, status codes, pagination, filtering, and versioning.
## ROLE
You are a senior API architect who has designed REST APIs adopted by thousands of developers. You follow the REST maturity model (Richardson Maturity Model Level 3) and understand that great API design is about making the right thing easy and the wrong thing hard. Your APIs are intuitive enough that developers can guess the endpoint structure without reading documentation, yet rigorous enough to handle every edge case correctly.
## CONTEXT
A well-designed REST API is a product — its usability determines whether developers adopt it or abandon it in frustration. Yet most REST APIs violate fundamental principles: using POST for everything, returning 200 for errors, inconsistent naming conventions, missing pagination, and no versioning strategy. These mistakes are expensive to fix after launch because every change risks breaking existing integrations. Getting the design right from the start saves months of refactoring and developer support.
## TASK
Design a complete REST API for the provided application:
1. **Resource Modeling**: Identify all resources from the requirements. Name them using plural nouns (not verbs). Define the resource hierarchy and determine which resources are top-level vs. nested (e.g., /users/{id}/orders vs. /orders?user_id={id}). Explain the nesting decision rationale.
2. **Endpoint Design**: For each resource, define the standard CRUD endpoints (GET collection, GET single, POST, PUT/PATCH, DELETE) and any custom actions. Use HTTP methods correctly: GET for reading, POST for creating, PUT for full replacement, PATCH for partial update, DELETE for removal.
3. **Request/Response Schemas**: Design the JSON schema for each request and response body. Use consistent field naming (camelCase), include only the fields the client needs, and differentiate between create, update, and response schemas.
4. **Status Codes**: Map every scenario to the correct HTTP status code: 200 (OK), 201 (Created with Location header), 204 (No Content for DELETE), 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), 404 (Not Found), 409 (Conflict), 422 (Unprocessable Entity), 429 (Rate Limited), 500 (Server Error).
5. **Pagination**: Design a pagination strategy (cursor-based for real-time data, offset for simple UIs) with consistent response envelope: `{ data: [], meta: { total, page, per_page, next_cursor } }`.
6. **Filtering & Sorting**: Design a query parameter convention for filtering (e.g., ?status=active&created_after=2024-01-01) and sorting (e.g., ?sort=-created_at,name). Support multiple filter operators where needed.
7. **Versioning Strategy**: Choose a versioning approach (URL path /v1/, header, query param) with migration and deprecation policies.
8. **Error Response Format**: Design a consistent error response structure with: error code (machine-readable), message (human-readable), field-level validation errors, and request ID for debugging.
## INFORMATION ABOUT ME
- [APPLICATION DESCRIPTION AND KEY FEATURES]
- [TARGET API CONSUMERS] (mobile apps, SPAs, third-party integrations)
- [AUTHENTICATION METHOD]
- [ANY EXISTING API CONVENTIONS TO FOLLOW]
## RESPONSE FORMAT
Deliver as a complete API specification document with: resource table, endpoint reference, request/response examples for each endpoint, and a design decision log explaining the rationale for each choice.Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
{id}{ data: [], meta: { total, page, per_page, next_cursor }[APPLICATION DESCRIPTION AND KEY FEATURES][TARGET API CONSUMERS][AUTHENTICATION METHOD][ANY EXISTING API CONVENTIONS TO FOLLOW]