Skip to main content

REST API Conventions

All Ed-Fi API specifications are based on the Hypertext Transfer Protocol and follow the semantics described for that protocol. Furthermore, these API specifications follow the REST (REpresentational State Transfer) architectural style. These API Design Guidelines highlight particular aspects of these protocols as they apply to an Ed-Fi API.

Verbs

HTTP verbs communicate actions that can be taken against a resource. An Ed-Fi API can support only the GET verb, when providing a read-only interface. Otherwise, an Ed-Fi API must support the following HTTP verbs: POST, GET, PUT, and DELETE. Each verb has specific usage patterns with respect to URL construction, HTTP headers, request bodies, response bodies, and status codes. These are described in separate pages for each.

An HTTP PATCH performs a partial update on an existing individual resource. For a partial update, only the properties that are submitted will be updated on the target resource. The entire patch will be applied, or none of it will. The new representation of the entire resource is returned in the response body. Due to a lack of industry standard practice in the use of PATCH for REST APIs, it is not recommended that implementations support PATCH in Ed-Fi API applications.

Content Type

For all Ed-Fi API transactional requests and responses, JSON must be the default format. If a media-type header is not provided, "application/json" is presumed. Alternate packet formats may also be supported.

Authentication

To safeguard student data, an Ed-Fi API must require authentication and implement one or more authorization schemes. Exception: the Discovery API does not provide access to student data and must be accessible to anonymous clients. The API application must support the Authorization header and should support OAuth 2.0 style authentication using the client credentials grant.

For more detail on authentication and authorization, see the Handling Authentication and Authorization.

Status Codes

The list below contains the HTTP status codes most likely to be used in an Ed-Fi API; other canonical status codes may be used in appropriate circumstances.

CodeMeaningWhen to Use
200OKThe requested resource was successfully retrieved.
201CreatedThe item was created.
204No ContentThe resource was successfully updated or deleted.
304Not ModifiedThe item's ETag value matched the If-None-Match header value; the resource has not been modified.
400Bad RequestThe request was invalid and cannot be completed. See the response body for specific validation errors.
401UnauthorizedThe request requires authentication. The OAuth bearer token was either not provided or is invalid.
403ForbiddenThe request cannot be completed in the current authorization context.
404NotFoundThe resource could not be found.
405Not AllowedSpecial cases where a verb is not allowed, for example in a read-only API.
409ConflictThe request cannot be completed because it would result in an invalid state.
412Precondition FailedThe resource's current server-side ETag value does not match the supplied If-Match header value in the request.
429Too Many RequestsToo many requests have been received from the client (rate limiting).
500Server ErrorAn unhandled error occurred on the server.
502Bad GatewayA network resource is not available (e.g. web server misconfiguration; unreachable database).

Error Handling

Requests that result in an error must receive a standard HTTP status code in the response. The applicable status codes are listed in the sections for each verb. In situations where a response body is warranted, for providing detailed information on the error, the response should follow the Problem Details for HTTP APIs specification.

warning

When reporting on error details, the API implementation must carefully consider the potential for leakage of Personally Identifiable Information (PII) or other sensitive information.

ETags

ETags (Entity Tags) are mechanisms used to support optimistic concurrency and efficient bandwidth handling. The use of ETags is recommended for Ed-Fi REST API implementations.

Also see Handling Optimistic Concurrency with ETags for further guidance on implementing ETags.