REST API Overview
REST API Overview
Section titled “REST API Overview”The Banyan Platform automatically generates RESTful HTTP endpoints for all service commands and queries without any additional code or configuration.
Key Concepts
Section titled “Key Concepts”Automatic Endpoint Generation
Section titled “Automatic Endpoint Generation”Every command and query contract automatically creates a REST endpoint with proper HTTP semantics:
- Commands generate POST endpoints (state-changing operations)
- Queries generate GET endpoints (read-only operations)
- URLs follow RESTful resource patterns
- Authentication handled automatically via JWT tokens
- Validation enforced from contract definitions
Zero Configuration Required
Section titled “Zero Configuration Required”No manual routing, controller classes, or HTTP-specific code needed. The API Gateway:
- Discovers all service contracts via service discovery
- Generates appropriate HTTP endpoints automatically
- Translates HTTP requests to message bus commands/queries
- Returns responses in standard JSON format
- Handles errors with proper HTTP status codes
RESTful Patterns
Section titled “RESTful Patterns”Command → POST Endpoints
Section titled “Command → POST Endpoints”Commands represent state-changing operations and always use POST:
@Command({ description: 'Create a new user account', permissions: ['users:create']})export class CreateUserCommand { email!: string; firstName!: string; lastName?: string;}Generates:
POST /api/usersContent-Type: application/jsonAuthorization: Bearer <token>
{ "email": "user@example.com", "firstName": "John", "lastName": "Doe"}Query → GET Endpoints
Section titled “Query → GET Endpoints”Queries represent read operations and use GET with URL parameters:
@Query({ description: 'Retrieve user by ID', permissions: ['users:read']})export class GetUserQuery { userId!: string;}Generates:
GET /api/users/:userIdAuthorization: Bearer <token>Or with query parameters:
GET /api/users?userId=user-123Authorization: Bearer <token>Base URL
Section titled “Base URL”All API endpoints are served from the API Gateway:
Development: http://localhost:3003Production: https://api.your-domain.comAll endpoints are prefixed with /api/:
POST /api/users- Create userGET /api/users/:userId- Get userPUT /api/users/:userId- Update user
HTTP Methods
Section titled “HTTP Methods”The platform maps commands and queries to appropriate HTTP methods:
| Operation | HTTP Method | Idempotent | Cacheable |
|---|---|---|---|
| Create | POST | No | No |
| Read | GET | Yes | Yes |
| Update | PUT | Yes | No |
| Delete | DELETE | Yes | No |
| List | GET | Yes | Yes |
Request/Response Format
Section titled “Request/Response Format”Request Format
Section titled “Request Format”All requests use JSON:
POST /api/usersContent-Type: application/jsonAuthorization: Bearer <token>
{ "email": "user@example.com", "firstName": "John"}Response Format
Section titled “Response Format”All responses return JSON:
{ "userId": "user-123", "email": "user@example.com", "firstName": "John", "createdAt": "2025-11-15T12:00:00Z"}Error Format
Section titled “Error Format”Errors follow a consistent structure:
{ "error": "Validation failed", "code": "VALIDATION_ERROR", "details": { "email": "Invalid email format" }}Authentication
Section titled “Authentication”All requests require authentication via JWT tokens (except public endpoints):
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...See Authentication Reference for details.
Development Mode
Section titled “Development Mode”For local development only:
X-Dev-User-Id: dev-user-123X-Dev-Permissions: users:create,users:readWARNING: Development mode bypasses all authentication. Never use in production.
HTTP Headers
Section titled “HTTP Headers”Required Headers
Section titled “Required Headers”Content-Type: application/json # For POST/PUT requestsAuthorization: Bearer <token> # Production authenticationOptional Headers
Section titled “Optional Headers”X-Correlation-Id: custom-trace-id # For distributed tracingAccept: application/json # Response format preferenceResponse Headers
Section titled “Response Headers”The API Gateway includes helpful headers in responses:
X-Correlation-Id: abc-123-def # Request correlation IDX-Request-Id: req-456-ghi # Unique request IDContent-Type: application/jsonCORS Configuration
Section titled “CORS Configuration”CORS is automatically configured for browser clients:
Access-Control-Allow-Origin: *Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSAccess-Control-Allow-Headers: Authorization, Content-Type, X-Dev-User-Id, X-Dev-PermissionsAccess-Control-Max-Age: 86400Rate Limiting
Section titled “Rate Limiting”When rate limiting is configured, responses include headers:
X-RateLimit-Limit: 1000 # Requests allowed per windowX-RateLimit-Remaining: 999 # Remaining requestsX-RateLimit-Reset: 1700056800 # Window reset timestampNext Steps
Section titled “Next Steps”- Endpoint Catalog - Complete list of available endpoints
- API Examples - Working code examples in multiple languages
- GraphQL Alternative - Query language option
- WebSocket API - Real-time events