spring-boot-rest-api-standards

Name: spring-boot-rest-api-standards
Author: Giuseppe Trisciuoglio

Spring BootREST APIAPI DesignMicroservicesBackendJavaAPI StandardsError Handling

⭐ 282📄 MIT🕒 2026-06-15Source ↗

Install this skill

npx skills add giuseppe-trisciuoglio/developer-kit

Works across Claude Code, Cursor, Codex, Copilot & Antigravity

This skill focuses on establishing industry-aligned patterns for Spring Boot RESTful services. It enforces a clean separation between internal domain models and external API contracts using DTOs, ensuring that changes to database schemas do not leak into public API definitions. By implementing global exception handling via ControllerAdvice and standardized validation, the approach minimizes redundant boilerplate code in controller methods. The standards cover URI versioning, correct HTTP verb application, and structural conventions for pagination and error responses. Developers gain a blueprint for creating maintainable, predictable, and discoverable interfaces that adhere to established Spring ecosystem best practices. By following these architectural guidelines, teams reduce the likelihood of inconsistent API behavior and facilitate easier client-side integration.

When to Use This Skill

•Developing new microservice endpoints from scratch
•Refactoring legacy controllers into REST-compliant structures
•Establishing consistent validation rules across multiple services
•Standardizing error message formats for frontend consumption

How to Invoke This Skill

Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:

“How to structure Spring Boot REST controllers
“Best practices for Spring Boot API error handling
“Implement request validation in Spring Boot DTOs
“Standardize REST API responses with Spring Boot
“Use pagination in Spring Boot controllers

Pro Tips

💡Always generate a dedicated API documentation (e.g., OpenAPI/Swagger) alongside the code guided by this skill to ensure external consumers understand the standardized contracts.
💡Integrate automated API testing frameworks (like Postman, Rest-Assured) to validate adherence to the standards defined by this skill immediately after generation or modification.
💡Consider applying this skill iteratively, focusing on critical areas like error handling and DTO consistency first, then expanding to pagination and HATEOAS.

What this skill does

•Standardized global exception translation using ControllerAdvice
•Request validation via Jakarta constraints and @Valid
•DTO-based mapping to isolate internal entities
•Pagination and sorting integration using Spring Data Pageable
•Uniform response structure for successes and errors

When not to use it

✕GraphQL or gRPC-based service architectures
✕Internal CLI tools or scripts that do not require HTTP communication
✕Non-Spring Java applications lacking the web framework stack

Example workflow

Define immutable Request and Response DTOs with Jakarta validation annotations
Configure a GlobalExceptionHandler using @RestControllerAdvice to catch and map exceptions to status codes
Create the Controller class using @RequestMapping and appropriate HTTP verbs for CRUD operations
Inject the Service layer to perform business logic outside the controller
Apply @Valid to incoming request bodies to trigger automatic validation

Prerequisites

–Spring Boot Web starter
–Validation starter (Hibernate Validator)
–Java 17+ or similar JDK

Pitfalls & limitations

!Exposing internal database entities directly in the API response
!Over-reliance on default error responses instead of descriptive, domain-specific errors
!Mixing business logic directly inside the Controller class

FAQ

Should I expose database entities directly in my API?

No, you should always use DTOs to decouple your internal database schema from the external API contract.

How do I handle validation errors globally?

Create a class annotated with @RestControllerAdvice that catches MethodArgumentNotValidException and returns a formatted JSON error response.

When is it appropriate to use PUT versus PATCH?

Use PUT when replacing the entire resource state, while PATCH is intended for partial updates to specific fields.

Why is @Valid necessary in my controller?

It triggers the Jakarta Validation mechanism, ensuring that incoming JSON payloads meet the constraints defined on your DTO fields before reaching your service layer.

How it compares

While manual implementation leads to inconsistent status codes and fragmented error handling across teams, this skill enforces a centralized configuration that ensures architectural uniformity across all endpoints.

Source & trust

⭐ 282 stars📄 MIT🕒 Updated 2026-06-15

View original skill on GitHub →

📄 Full skill instructions — original source: giuseppe-trisciuoglio/developer-kit

# Spring Boot REST API Standards

This skill provides comprehensive guidance for building RESTful APIs in Spring Boot applications with consistent design patterns, proper error handling, validation, and architectural best practices based on REST principles and Spring Boot conventions.

## Overview

Spring Boot REST API standards establish consistent patterns for building production-ready REST APIs. These standards cover resource-based URL design, proper HTTP method usage, status code conventions, DTO patterns, validation, error handling, pagination, security headers, and architectural layering. Implement these patterns to ensure API consistency, maintainability, and adherence to REST principles.

## When to Use This Skill

Use this skill when:
- Creating new REST endpoints and API routes
- Designing request/response DTOs and API contracts
- Planning HTTP methods and status codes
- Implementing error handling and validation
- Setting up pagination, filtering, and sorting
- Designing security headers and CORS policies
- Implementing HATEOAS (Hypermedia As The Engine Of Application State)
- Reviewing REST API architecture and design patterns
- Building microservices with consistent API standards
- Documenting API endpoints with clear contracts

## Instructions

### To Build RESTful API Endpoints

Follow these steps to create well-designed REST API endpoints:

1. **Design Resource-Based URLs**
- Use plural nouns for resource names
- Follow REST conventions: GET /users, POST /users, PUT /users/{id}
- Avoid action-based URLs like /getUserList

2. **Implement Proper HTTP Methods**
- GET: Retrieve resources (safe, idempotent)
- POST: Create resources (not idempotent)
- PUT: Replace entire resources (idempotent)
- PATCH: Partial updates (not idempotent)
- DELETE: Remove resources (idempotent)

3. **Use Appropriate Status Codes**
- 200 OK: Successful GET/PUT/PATCH
- 201 Created: Successful POST with Location header
- 204 No Content: Successful DELETE
- 400 Bad Request: Invalid request data
- 404 Not Found: Resource doesn't exist
- 409 Conflict: Duplicate resource
- 500 Internal Server Error: Unexpected errors

4. **Create Request/Response DTOs**
- Separate API contracts from domain entities
- Use Java records or Lombok @Data/@Value
- Apply Jakarta validation annotations
- Keep DTOs immutable when possible

5. **Implement Validation**
- Use @Valid annotation on @RequestBody parameters
- Apply validation constraints (@NotBlank, @Email, @Size, etc.)
- Handle validation errors with MethodArgumentNotValidException

6. **Set Up Error Handling**
- Use @RestControllerAdvice for global exception handling
- Return standardized error responses with status, error, message, and timestamp
- Use ResponseStatusException for specific HTTP status codes

7. **Configure Pagination**
- Use Pageable for large datasets
- Include page, size, sort parameters
- Return metadata with total elements, totalPages, etc.

8. **Add Security Headers**
- Configure CORS policies
- Set content security policy
- Include X-Frame-Options, X-Content-Type-Options

## Examples

### Basic CRUD Controller

@RestController
@RequestMapping("/v1/users")
@RequiredArgsConstructor
@Slf4j
public class UserController {
    private final UserService userService;

    @GetMapping
    public ResponseEntity<Page<UserResponse>> getAllUsers(
            @RequestParam(defaultValue = "0") int page,
            @RequestParam(defaultValue = "10") int pageSize) {
        log.debug("Fetching users page {} size {}", page, pageSize);
        Page<UserResponse> users = userService.getAll(page, pageSize);
        return ResponseEntity.ok(users);
    }

    @GetMapping("/{id}")
    public ResponseEntity<UserResponse> getUserById(@PathVariable Long id) {
        return ResponseEntity.ok(userService.getById(id));
    }

    @PostMapping
    public ResponseEntity<UserResponse> createUser(@Valid @RequestBody CreateUserRequest request) {
        UserResponse created = userService.create(request);
        return ResponseEntity.status(HttpStatus.CREATED).body(created);
    }

    @PutMapping("/{id}")
    public ResponseEntity<UserResponse> updateUser(
            @PathVariable Long id,
            @Valid @RequestBody UpdateUserRequest request) {
        return ResponseEntity.ok(userService.update(id, request));
    }

    @DeleteMapping("/{id}")
    public ResponseEntity<Void> deleteUser(@PathVariable Long id) {
        userService.delete(id);
        return ResponseEntity.noContent().build();
    }
}

### Request/Response DTOs

// Request DTO
@Data
@NoArgsConstructor
@AllArgsConstructor
public class CreateUserRequest {
    @NotBlank(message = "User name cannot be blank")
    private String name;

    @Email(message = "Valid email required")
    private String email;
}

// Response DTO
@Data
@NoArgsConstructor
@AllArgsConstructor
public class UserResponse {
    private Long id;
    private String name;
    private String email;
    private LocalDateTime createdAt;
}

### Global Exception Handler

@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler {

    @ExceptionHandler(MethodArgumentNotValidException.class)
    public ResponseEntity<ErrorResponse> handleValidationException(
            MethodArgumentNotValidException ex, WebRequest request) {
        String errors = ex.getBindingResult().getFieldErrors().stream()
                .map(f -> f.getField() + ": " + f.getDefaultMessage())
                .collect(Collectors.joining(", "));

        ErrorResponse errorResponse = new ErrorResponse(
                HttpStatus.BAD_REQUEST.value(),
                "Validation Error",
                "Validation failed: " + errors,
                request.getDescription(false).replaceFirst("uri=", "")
        );
        return new ResponseEntity<>(errorResponse, HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler(ResponseStatusException.class)
    public ResponseEntity<ErrorResponse> handleResponseStatusException(
            ResponseStatusException ex, WebRequest request) {
        ErrorResponse error = new ErrorResponse(
            ex.getStatusCode().value(),
            ex.getStatusCode().toString(),
            ex.getReason(),
            request.getDescription(false).replaceFirst("uri=", "")
        );
        return new ResponseEntity<>(error, ex.getStatusCode());
    }
}

## Best Practices

### 1. Use Constructor Injection

@Service
@RequiredArgsConstructor
public class UserService {
    private final UserRepository userRepository;
    private final EmailService emailService;
    // Dependencies are explicit and testable
}

### 2. Prefer Immutable DTOs

// Java records (JDK 16+)
public record UserResponse(Long id, String name, String email, LocalDateTime createdAt) {}

// Lombok @Value for immutability
@Value
public class UserResponse {
    Long id;
    String name;
    String email;
    LocalDateTime createdAt;
}

### 3. Validate Input Early

@PostMapping
public ResponseEntity<UserResponse> createUser(@Valid @RequestBody CreateUserRequest request) {
    // Validation happens automatically before method execution
    return ResponseEntity.status(HttpStatus.CREATED).body(userService.create(request));
}

### 4. Use ResponseEntity Flexibly

return ResponseEntity.status(HttpStatus.CREATED)
    .header("Location", "/api/users/" + created.getId())
    .header("X-Total-Count", String.valueOf(userService.count()))
    .body(created);

### 5. Implement Proper Transaction Management

@Service
@Transactional
public class UserService {

    @Transactional(readOnly = true)
    public Optional<User> findById(Long id) {
        return userRepository.findById(id);
    }

    @Transactional
    public User create(User user) {
        return userRepository.save(user);
    }
}

### 6. Add Meaningful Logging

@Slf4j
@Service
public class UserService {
    public User create(User user) {
        log.info("Creating user with email: {}", user.getEmail());
        return userRepository.save(user);
    }
}

### 7. Document APIs with Javadoc

/**
 * Retrieves a user by id.
 *
 * @param id the user id
 * @return ResponseEntity containing a UserResponse
 * @throws ResponseStatusException with 404 if user not found
 */
@GetMapping("/{id}")
public ResponseEntity<UserResponse> getUserById(@PathVariable Long id)

## Constraints

### 1. Never Expose Entities Directly
Use DTOs to separate API contracts from domain models. This prevents accidental exposure of internal data structures and allows API evolution without database schema changes.

### 2. Follow REST Conventions Strictly
- Use nouns for resource names, not verbs
- Use correct HTTP methods for operations
- Use plural resource names (/users, not /user)
- Return appropriate HTTP status codes for each operation

### 3. Handle All Exceptions Globally
Use @RestControllerAdvice to catch all exceptions consistently. Don't let raw exceptions bubble up to clients.

### 4. Always Paginate Large Result Sets
For GET endpoints that might return many results, implement pagination to prevent performance issues and DDoS vulnerabilities.

### 5. Validate All Input Data
Never trust client input. Use Jakarta validation annotations on all request DTOs to validate data at the controller boundary.

### 6. Use Constructor Injection Exclusively
Avoid field injection (@Autowired) for better testability and explicit dependency declaration.

### 7. Keep Controllers Thin
Controllers should only handle HTTP request/response adaptation. Delegate business logic to service layers.

## References

- See references/ directory for comprehensive reference material including HTTP status codes, Spring annotations, and detailed examples
- Refer to agents/spring-boot-code-review-specialist.md for code review guidelines
- Review spring-boot-dependency-injection/SKILL.md for dependency injection patterns
- Check junit-test-patterns/SKILL.md for testing REST APIs

By Giuseppe Trisciuoglio

How to Use This Skill Unit

Option A: Project-Specific (Recommended)

Click "Download" above
In your project, create the directory: .agent/skills/spring-boot-rest-api-standards/
Save the file as SKILL.md
The agent will automatically discover the skill based on its description.

Option B: Global Installation (All Agents)

Save the file to these locations to make it available across all projects:

Claude Code: ~/.claude/skills/giuseppe-trisciuoglio/developer-kit/spring-boot-rest-api-standards/SKILL.md
Cursor: ~/.cursor/skills/giuseppe-trisciuoglio/developer-kit/spring-boot-rest-api-standards/SKILL.md
Antigravity: ~/.gemini/antigravity/skills/giuseppe-trisciuoglio/developer-kit/spring-boot-rest-api-standards/SKILL.md

🚀 Install with CLI:
npx skills add giuseppe-trisciuoglio/developer-kit

Read the Master Guide: Mastering Agent Skills →

Recommended Rules

View more rules →

Recommended Workflows

View more workflows →

Error Boundary Implementation

ReactError HandlingUX

--- description: Prevent white screens of death with a fallback UI --- 1. **Create Component**: - Create `src/components/ErrorBoundary.tsx`. ``...

Fix CORS Issues

APICORSBackend

--- description: Resolve Cross-Origin Resource Sharing errors in API calls --- 1. **Understand the Error**: - CORS errors occur when frontend (htt...

Custom 404/500 Pages

UXNext.jsError Handling

--- description: Create branded error pages --- 1. **Create Not Found**: - Create `src/app/not-found.tsx`. ```tsx import Link from 'next/lin...

Recommended MCP Servers

View more MCP servers →

Spring Initializr

Community

This MCP allows an LLM to create Spring Boot projects with custom configurations. Instead of manually visiting start.spring.io, you can now ask your AI assistant to generate projects with specific dependencies, Java versions, and project structures.

CloudBase

Official

One-stop backend services for WeChat Mini-Programs and full-stack apps with serverless cloud functions and databases by [Tencent CloudBase](https://tcb.cloud.tencent.com/)