Spring Boot REST API Standards

Overview

REST API design standards for Spring Boot covering URL design, HTTP methods, status codes, DTOs, validation, error handling, pagination, and security headers.

When to Use

• Creating REST endpoints and API routes
• Designing DTOs and API contracts
• Implementing error handling and validation
• Setting up pagination and filtering
• Configuring security headers and CORS
• Reviewing REST API architecture

Instructions

To Build RESTful API Endpoints

Follow these steps to create well-designed REST API endpoints:

1. Design Resource-Based URLs

   • Use plural nouns for resource names
   • Follow REST conventions: GET /users, POST /users, PUT /users/{id}
   • Avoid action-based URLs like /getUserList

2. Implement Proper HTTP Methods

   • GET: Retrieve resources (safe, idempotent)
   • POST: Create resources (not idempotent)
   • PUT: Replace entire resources (idempotent)
   • PATCH: Partial updates (not idempotent)
   • DELETE: Remove resources (idempotent)

3. Use Appropriate Status Codes

   • 200 OK: Successful GET/PUT/PATCH
   • 201 Created: Successful POST with Location header
   • 204 No Content: Successful DELETE
   • 400 Bad Request: Invalid request data
   • 404 Not Found: Resource doesn't exist
   • 409 Conflict: Duplicate resource
   • 500 Internal Server Error: Unexpected errors

4. Create Request/Response DTOs

   • Separate API contracts from domain entities
   • Use Java records or Lombok @Data/@Value
   • Apply Jakarta validation annotations
   • Keep DTOs immutable when possible

5. Implement Validation

   • Use @Valid annotation on @RequestBody parameters
   • Apply validation constraints (@NotBlank, @Email, @Size, etc.)
   • Handle validation errors with MethodArgumentNotValidException

6. Set Up Error Handling

   • Use @RestControllerAdvice for global exception handling
   • Return standardized error responses with status, error, message, and timestamp
   • Use ResponseStatusException for specific HTTP status codes

7. Configure Pagination

   • Use Pageable for large datasets
   • Include page, size, sort parameters
   • Return metadata with total elements, totalPages, etc.

8. Add Security Headers

   • Configure CORS policies
   • Set content security policy
   • Include X-Frame-Options, X-Content-Type-Options

Validation checkpoints:

• After step 1-2: Verify URL structure follows REST conventions (/users not /getUsers)
• After step 3: Test each endpoint returns correct status codes
• After step 4-5: Validate DTOs with curl or HTTPie before proceeding
• After step 6: Confirm error responses match standardized format

Examples

Basic CRUD Controller

@RestController
@RequestMapping("/v1/users")
@RequiredArgsConstructor
@Slf4j
public class UserController {
    private final UserService userService;

    @GetMapping
    public ResponseEntity<Page<UserResponse>> getAllUsers(
            @RequestParam(defaultValue = "0") int page,
            @RequestParam(defaultValue = "10") int pageSize) {
        log.debug("Fetching users page {} size {}", page, pageSize);
        Page<UserResponse> users = userService.getAll(page, pageSize);
        return ResponseEntity.ok(users);
    }

    @GetMapping("/{id}")
    public ResponseEntity<UserResponse> getUserById(@PathVariable Long id) {
        return ResponseEntity.ok(userService.getById(id));
    }

    @PostMapping
    public ResponseEntity<UserResponse> createUser(@Valid @RequestBody CreateUserRequest request) {
        UserResponse created = userService.create(request);
        return ResponseEntity.status(HttpStatus.CREATED).body(created);
    }

    @PutMapping("/{id}")
    public ResponseEntity<UserResponse> updateUser(
            @PathVariable Long id,
            @Valid @RequestBody UpdateUserRequest request) {
        return ResponseEntity.ok(userService.update(id, request));
    }

    @DeleteMapping("/{id}")
    public ResponseEntity<Void> deleteUser(@PathVariable Long id) {
        userService.delete(id);
        return ResponseEntity.noContent().build();
    }
}

Request/Response DTOs

// Request DTO
@Data
@NoArgsConstructor
@AllArgsConstructor
public class CreateUserRequest {
    @NotBlank(message = "User name cannot be blank")
    private String name;

    @Email(message = "Valid email required")
    private String email;
}

// Response DTO
@Data
@NoArgsConstructor
@AllArgsConstructor
public class UserResponse {
    private Long id;
    private String name;
    private String email;
    private LocalDateTime createdAt;
}

Global Exception Handler

@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler {

    @ExceptionHandler(MethodArgumentNotValidException.class)
    public ResponseEntity<ErrorResponse> handleValidationException(
            MethodArgumentNotValidException ex, WebRequest request) {
        String errors = ex.getBindingResult().getFieldErrors().stream()
                .map(f -> f.getField() + ": " + f.getDefaultMessage())
                .collect(Collectors.joining(", "));

        ErrorResponse errorResponse = new ErrorResponse(
                HttpStatus.BAD_REQUEST.value(),
                "Validation Error",
                "Validation failed: " + errors,
                request.getDescription(false).replaceFirst("uri=", "")
        );
        return new ResponseEntity<>(errorResponse, HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler(ResponseStatusException.class)
    public ResponseEntity<ErrorResponse> handleResponseStatusException(
            ResponseStatusException ex, WebRequest request) {
        ErrorResponse error 
how to use spring-boot-rest-api-standards
CursorClaude CodeClineCodexWindsurfGooseGitHub CopilotVS CodeGemini CLIKiloOpencodeKimi CLIRoo ClineAiderContinueZedBolt.newLovablev0Replit AgentSweepSmol DeveloperDevinCavemanAmpAntigravity
How to use spring-boot-rest-api-standards on Cursor
AI-first code editor with Composer
1
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
›Cursor installed and configured on your development machine
›Node.js version 16.0+ with npm package manager (verify with node --version)
›Active project directory or workspace where you want to add spring-boot-rest-api-standards
2
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
$npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill spring-boot-rest-api-standardscopy
The skills CLI fetches spring-boot-rest-api-standards from GitHub repository giuseppe-trisciuoglio/developer-kit and configures it for Cursor.
3
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
◆ Which agents do you want to install to?
│
│ ── Universal (.agents/skills) ── always included ────
│   • Amp
│   • Antigravity
│   • Cline
│   • Codex
│ ●Cursor(selected)
│   • Cursor
│   • Windsurf
4
Verify installation
Confirm successful installation by checking the skill directory location:
.cursor/skills/spring-boot-rest-api-standards
Reload or restart Cursor to activate spring-boot-rest-api-standards. Access the skill through slash commands (e.g., /spring-boot-rest-api-standards) or your agent's skill management interface.
⚠
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
Additional Resources
›View source code on GitHub›Skills CLI documentation›Learn more about Cursor›What are agent skills?