Mastering RESTful Web Services with Java E-Book

Mastering RESTful Web Services with Java

Practical guide for building secure and scalable production-ready REST APIs

Marián Varga

Pedro Henrique Pereira de Andrade

Silvio de Morais

Thiago Bomfim

Igor Avancini Fraga

Mastering RESTful Web Services with Java

Copyright © 2025 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Portfolio Director: Ashwin Nair

Relationship Lead: Sneha Shinde

Project Manager: Ruvika Rao

Content Engineer: Roshan Ravi Kumar

Technical Editor: Sweety Pagaria

Copy Editor: Safis Editing

Proofreader: Roshan Ravi Kumar

Indexer: Pratik Shirodkar

Production Designer: Jyoti Kadam

Growth Lead: Anamika Singh

First published: July 2025

Production reference: 1090725

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK.

ISBN 978-1-83546-610-0

www.packtpub.com

Contributors

About the authors

Marián Varga has dedicated his career to the integration and API aspects of software solutions across diverse industries. His extensive experience has given him a front-row seat to the evolution of various API styles, their implementation possibilities, and the challenges they present. Passionate about connecting systems through APIs and integration solutions, Marián also bridges the gap between business and technical people, enhancing the efficiency and enjoyment of software development. Marián creates content for and builds a community of people interested in integration at love2integrate.com.

Pedro Henrique Pereira de Andrade has over 14 years of hands-on experience as a software engineer, specializing in ERP systems for small to medium-sized companies across diverse industries. Over the past six years, he has transitioned to larger projects in various countries for different domains, showcasing his adaptability and expertise in using Java technologies such as the Spring Framework for web applications.

As a co-founder of BarreirasJUG, a Java User Group in Brazil, Andrade has actively contributed to the Java community, fostering collaboration and knowledge sharing.

Silvio de Morais is a software architect from Porto Alegre, Brazil, with over 30 years of experience in IT and software development. He has led projects for Fortune 500 companies, focusing on digital transformation, cloud computing, and software architecture. Silvio holds degrees from PUC Brazil and Harvard University and has conducted research at the University of Tokyo. He actively contributes to tech forums, conferences, and Java User Groups, promoting continuous improvement. He now lives in Orlando, FL, with his wife.

Thiago Bomfim has many years of experience in developing Java web applications. He has worked in start-ups and large companies, where he has had the opportunity to create REST APIs for all types of clients, including desktop, web, backend, and mobile. His career is fueled by a deep commitment to engineering excellence, following the best practices of RESTful APIs and focusing on high performance and backward compatibility. Beyond coding, Thiago is passionate about sharing knowledge. He writes technical articles on his blog, speaks at events, mentors developers, and co-hosts the Out of The Box Developer podcast.

Igor Avancini Fraga possesses over 12 years of experience in software engineering and is a full member of the Java Community Process (JCP) by Oracle. He has diligently worked on developing applications, services, and features using Java, C#, and X++ for various companies in Brazil and the United States, thereby delivering numerous successful projects throughout his career, encompassing both backend and frontend domains. In recent years, his focus has predominantly been on backend development tailored for the cloud, with a particular emphasis on the development of RESTful APIs and their seamless integration with other services, third-party platforms, and, more recently, AI technologies.

About the reviewers

Mohamed Abdou, a skilled software engineer at Amazon UK, is a contributor to artificial general intelligence. His career reflects technical acumen and passion for impactful software solutions. Mohamed’s extensive experience covers large-scale systems, software engineering, AI/ML, and cybersecurity. He has a strong academic background and significant hands-on experience in building complex software and APIs, including open source contributions used by millions and a technical book benefiting many developers. He offers valuable practical knowledge and a unique perspective on modern development. His expertise in secure coding, agile methods, technical leadership, mentoring, and problem-solving highlights his capabilities as a seasoned professional.

Felipe Alexandre Oliveira is a seasoned backend developer with over 11 years of experience in software engineering. He has contributed to the development of high-traffic systems and applications with complex business logic, consistently delivering scalable and maintainable solutions. His technical expertise spans object-oriented programming (OOP), data structures, Java, Spring, test-driven development (TDD), AWS, and Docker.

Felipe has a strong interest in application scalability, cloud architecture, and software development best practices. He is passionate about technology and thrives on the challenge of turning real-world problems into effective, user-focused solutions.

Preface

This book is a practical guide to designing, building, documenting, testing, and deploying RESTful APIs using modern Java frameworks. REST APIs have become a standard way of enabling communication between systems, especially in microservices and other distributed architectures. With Java being one of the most widely used languages for backend development, understanding how to build effective APIs with Java is a key skill for today’s developers.

Throughout the chapters, you’ll explore hands-on techniques using Spring Boot, OpenAPI, and other popular tools and libraries. You’ll also gain exposure to containerization, observability, API security, and performance tuning – everything you need to create robust, scalable, and maintainable APIs. Whether you’re working in a start-up or an enterprise, the skills covered here will help you deliver high-quality backend services that meet modern development standards.

Who this book is for

This book is ideal for backend Java developers with a few years of experience who are looking to improve the design, performance, and scalability of their REST APIs. It’s also a valuable resource for tech leads and software architects involved in designing distributed systems.

What this book covers

Chapter 1, Understanding RESTful Core Concepts, introduces the foundational principles of REST architecture and explains the different maturity levels of RESTful APIs. It also covers the role of JSON as a standard data format, outlines practical guidelines for designing effective APIs, and explores common use cases where REST is applied in real-world systems.

Chapter 2, Exposing a RESTful API with Spring, focuses on designing and implementing a RESTful API using Spring Boot. You’ll begin by designing a simple Product API, then move on to building it step by step with Spring Boot, one of the most popular frameworks for Java-based web applications. This chapter provides hands-on experience in turning REST concepts into a working API.

Chapter 3, Documenting Your API Effectively,explores the importance of clear and accurate API documentation in building reliable and maintainable services. You’ll learn how to use OpenAPI to standardize your API documentation and understand the differences between specification-first and code-first approaches. The chapter also walks you through documenting the Product API introduced earlier, ensuring it is both understandable and usable by other developers and systems.

Chapter 4, Generating Code from OpenAPI, guides you through creating a full API based on an OpenAPI specification. You’ll start by defining the Order Management API specification, then generate the necessary code to jumpstart development. The chapter also covers organizing the project’s package structure, implementing the API controller, and integrating the Order Management API and the Product API introduced earlier.

Chapter 5, Managing API Evolution, shows how to handle changes and updates to your APIs without disrupting existing users. You’ll learn about different versioning strategies, see how to implement versioning in the Product API, and explore best practices for managing API evolution to ensure your services remain reliable and backwards compatible.

Chapter 6, Advanced API Concepts and Implementations, dives into key techniques for building robust and user-friendly APIs. You’ll explore advanced data handling methods such as pagination, filtering, and file upload/download through REST APIs. The chapter also covers HATEOAS to improve API navigation and introduces resilience patterns to make your APIs more reliable and fault-tolerant in real-world scenarios.

Chapter 7, Securing Your RESTful APIs, focuses on protecting your APIs from unauthorized access and security threats. You’ll learn about authentication and authorization techniques, explore key security principles from OWASP, and understand how to address common vulnerabilities through the management of Common Vulnerabilities and Exposures (CVEs) to keep your APIs safe and trustworthy.

Chapter 8, Testing Strategies for Robust APIs, explores both traditional API testing methods and the exciting impact of generative AI on the testing process. You’ll learn how AI tools such as ChatGPT are transforming test creation, making it faster, smarter, and more effective, while still covering essential testing types, tools, and best practices for building reliable APIs.

Chapter 9, Monitoring and Observability, dives into best practices for logging and tracing in RESTful APIs. You’ll learn how structured logging, correlation IDs, and centralized filters help with effective troubleshooting, while distributed tracing tools such as Micrometer and OpenTelemetry provide deep visibility into service performance and request flows across distributed systems.

Chapter 10, Scaling and Performance Optimization Techniques, covers essential strategies to improve the speed and scalability of RESTful APIs. You’ll learn about performance-focused design, leveraging Java’s virtual threads, using infrastructure effectively, and validating improvements through load testing to ensure your APIs handle growing demands efficiently.

Chapter 11, Alternative Java Frameworks to Build RESTful APIs, provides a high-level overview of popular Java frameworks beyond Spring Boot. You’ll explore the benefits of standardization and the choice between imperative and reactive programming, and learn about Java EE, Jakarta EE, and MicroProfile. The chapter also includes practical examples using Quarkus and Helidon to show how REST principles apply across different tools.

Chapter 12, Deploying APIs, guides you through the essential steps to move your Java RESTful APIs from development to production. You’ll explore deployment preparation, containerization with Docker, and the use of PaaS platforms. This chapter focuses on practical, beginner-friendly workflows that serve as a solid foundation for more advanced DevOps practices in the future.

To get the most out of this book

This book is primarily aimed at backend developers working with, or interested in working with REST APIs. It also benefits architects and tech leads who want to dive deeper into topics like API monitoring, deployment, managing API growth in a healthy way, avoiding breaking changes, and improving resilience and security.

Download the example code files

The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Mastering-RESTful-Web-Services-with-Java. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here:.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example: “To add the Spring Data dependency, include the following entry in your pom.xml file:”.

A block of code is set as follows:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see on the screen. For instance, words in menus or dialog boxes appear in the text like this. For example: “To adhere to the Don’t Repeat Yourself (DRY) principle, we must update the code from version 1.”

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book or have any general feedback, please email us at [email protected] mention the book’s title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you reported this to us. Please visit http://www.packt.com/submit-errata, click Submit Errata, and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packt.com/.

Share your thoughts

Once you’ve read Mastering RESTful Web Services with Java, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781835466100

Share your thoughts

Once you’ve read Mastering RESTful Web Services with Java, we’d love to hear your thoughts! Scan the QR code below to go straight to the Amazon review page for this book and share your feedback.

https://packt.link/r/1835466109

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Part 1

Steps to a Great API

This part lays the foundation for building robust RESTful APIs using Java. It introduces the key concepts of REST architecture, walks through exposing a real-world API with Spring Boot, and covers essential documentation techniques using OpenAPI. You’ll also learn how to generate API code from specifications to streamline development and ensure consistency.

This part will cover the following chapters:

2

Exposing a RESTful API with Spring

To implement REST APIs, in most chapters of this book, we are going to use Spring Boot. As it is a well-known and popular framework, it is very likely that you are familiar with it or have used it before.

However, the general API design principles are easily transferable to other Java technologies. You will learn more about how we can apply these principles to other technologies in Chapter 11.

In this chapter, we will discuss the process of designing a RESTful API. We will also concentrate on the practical implementation of the API using the Spring Framework, a popular choice for building RESTful APIs. By the end of this chapter, you will have the knowledge to design and create a RESTful API following the best practices.

In this chapter, we will be covering these topics:

Technical requirements

In this chapter, we will implement an example product API. To be able to follow along and use the code examples as they are printed in the book, you should have the following:

In this chapter, we are going to apply REST principles to create our API; you can access the code for this chapter on GitHub at https://github.com/PacktPublishing/Mastering-RESTful-Web-Services-with-Java/tree/main/chapter2.

Designing the product API

The product API we will develop is an API for managing products. Our API will offer various operations, which will be detailed during the design phase.

Spending an adequate amount of time on properly designing the API before starting to write the code can save a lot of time later, preventing costly and risky refactoring.

The design stage should include the following:

Based on these design steps, you can proceed directly to implementing the API in code using Java. This is called the code-first approach, usually representing the fastest path to a working API.

A different approach, called specification-first, will be explained in Chapter 3.

Defining the requirements

The API requirements can be divided into functional and non-functional:

In this chapter, we will only work on the functional requirements. We will get to some of the non-functional requirements in Chapters 7 and 10.

As mentioned earlier, our example REST API will be a product API and will have the following requirements:

Now that we have identified the requirements, the next step is to identify our resources.

Identifying the resources

A REST API can have one or more resources, and it can also have a hierarchical URI structure. A hierarchical URI structure is a way of organizing resources in a URL hierarchy that reflects the relationships between those resources. In a hierarchical URI structure, resources are arranged in a tree-like format, where each segment of the URL represents a level of the hierarchy.

Let’s take the following as an example:

In this URI, we have the following:

In our case, we have only one resource, which is the product, so we have only /products.

Now that we have identified the resources, the next step is to define the resource structure.

Defining the resource structure

After identifying the resources, we should identify the attributes of the resources and any relationships that are important in the API. The attributes represent the data fields associated with the resource. Consider the data types, constraints, and any required or optional attributes for each resource. A relationship indicates how the resources are related to each other and whether they have any hierarchical or nested relationships. For example, a user may have multiple orders associated with them, or a product may belong to a specific category.

In our case, we have only one resource, which is the product, which should have these attributes:

We can also define the rules for these attributes in this step:

After this step, we can design the endpoints.

Designing the endpoints

To design the endpoints, it is important to know the HTTP methods and the HTTP status codes. Before talking about this, though, we should go one step back and understand how it started.

The HTTP methods and principles we are going to share here follow the guidelines from Microsoft mentioned in the previous chapter. Any REST guidelines should adhere to the internet standard known as RFC 9110, the updated version of RFC 2616. RFC stands for Request for Comments. RFC specifies HTTP, TCP, IP, SMTP, and many other vital internet protocols. Fielding’s dissertation, titled Architectural Styles and the Design of Network-based Software Architectures, was an important source for RFC 2616, defining the HTTP/1.1 protocol.

HTTP methods (verbs)

HTTP defines several methods (also known as verbs) that indicate the action to be performed on a resource. The most used HTTP methods in RESTful APIs are the following:

HTTP status codes

HTTP status codes are three-digit numbers that a server sends back to the client after receiving a request. They indicate the outcome of the request and provide information about the status of the server or the requested resource. All HTTP status codes are grouped into the following categories:

Now that we understand HTTP methods and statuses, we can define the API endpoints.

Defining the endpoints for our API

Let’s define the endpoints for the resource we identified in the previous step. We will use the HTTP methods with the products resources to ensure we can perform all the necessary operations as outlined in the requirements phase.

GET /products

This endpoint will be responsible for returning a list of products. We should return a 200 (ok) HTTP status with the products.

PUT /products/{id}

This endpoint will be responsible for creating or updating the product. PUT is an idempotent method, so we can call it many times and the result will be the same. In case of success, we should return 201 (created) if the product doesn’t exist and 200 if the product already exists.

We could also return 202 (accepted) if the product will be processed in the future as an asynchronous task, which is not the case here.

If we decided to use the POST method, we would need to choose between throwing an exception if the product already exists – this exception could be 409 (conflict) – or creating another product. In our case, because the SKU is not generated by the application, it is an attribute passed to the API, and we cannot have two products with the same SKU, so we will need to return 409 and have another endpoint that would be responsible for updating the resource as it is a requirement. Instead of doing this, we can use the PUT method, which can create or update the resource.

According to RFC 9110, Section 9.3.4, “The fundamental difference between the POST and PUT methods is highlighted by the different intent for the enclosed representation. The target resource in a POST request is intended to handle the enclosed representation according to the resource’s own semantics, whereas the enclosed representation in a PUT request is defined as replacing the state of the target resource. Hence, the intent of PUT is idempotent and visible to intermediaries, even though the exact effect is only known by the origin server”.

Proper interpretation of a PUT request presumes that the user agent knows which target resource is desired. To get a better insight, please refer to https://www.rfceditor.org/rfc/rfc9110.html#section-9.3.4.

DELETE /products/{id}

This endpoint should remove the product. We can return 204 (no content) in case the product is removed. Even if the product does not exist, we can return 204, as the method is idempotent, meaning that sending the same request multiple times should result in the same state on the server.

PATCH /products/{id}

This endpoint should be used to update the description of the product. As it is a partial update of a resource, it is recommended to use PATCH. The PATCH method was introduced in RFC 5789 as a partial update that doesn’t need to be idempotent. If the product does not exist, we can return a 404 (Not found) error. In case of success, we can return the updated product data and a 200 HTTP status.

GET /products/{id}

This endpoint is responsible for returning the details of a single product by the ID. If the product does not exist, we can return a 404 (Not found) error.

In case of success, we should return the product representation and a 200 HTTP status.

Now that we have defined our endpoints, let’s see the possible errors that we may encounter and how we can prepare for them effectively.

Error handling

Preparing for common issues by defining possible errors can help us implement a more reliable API. We have already discussed some errors in the previous step; however, let’s get deep into it and see the most common HTTP status codes in the 4xx range.

The most common HTTP status codes in the 4xx range, which indicates client errors, are the following: