What are the 3 types of REST?

May 7, 2024 ยท 2 min read

Representational State Transfer (REST) is a popular architectural style for building web APIs. There are 3 main types of REST APIs:

1. Public REST APIs

Public REST APIs are open and available for any client to access. For example, Twitter, YouTube, and Reddit all offer public REST APIs that allow developers to access their data and build applications.

Some key traits of public REST APIs:

  • No authentication required
  • Usage limits to prevent abuse
  • Detailed documentation for ease of integration
  • Changes communicated via changelog to avoid breaking clients
  • Public REST APIs need to be designed carefully as they can be accessed by anyone on the internet. Rate limiting and input validation is important to prevent abuse.

    GET https://api.example.com/public/resources

    2. Private REST APIs

    Private REST APIs are only accessible to authenticated and authorized clients within a trusted network. For example, banks, healthcare providers, and enterprises often build private APIs for internal applications to access sensitive data.

    Some key traits of private REST APIs:

  • Authentication via API keys, OAuth, etc.
  • Fine-grained access control for data security
  • Internal documentation for authorized dev teams
  • More control over changes as only internal clients are impacted
  • Private APIs provide more flexibility as you control both the clients and servers. But appropriate access controls are still vital for data security and compliance.

    GET https://api.company.com/private/data
    Authorization: Bearer <jwt-token>

    3. Partner REST APIs

    Partner REST APIs allow limited external access for business partners under contractual agreements. For example, Stripe's API gives partners access to payment data for their customers.

    Some key traits of partner REST APIs:

  • API keys or OAuth authorization
  • Rate limits based on partnership agreements
  • Selective endpoints exposed to partners
  • Legal agreements to allow external data access
  • Building successful partner APIs involves navigating business, legal and technical complexities around data sharing with outside parties. Strong governance is essential.

    GET https://api.partner.com/data
    X-API-Key: <partner-key>

    The type of API dictates the appropriate design, security and management strategy. Public APIs require input sanitization, rate limits and comprehensive docs. Private and partner APIs need proper access controls and contracts before sharing sensitive data externally.

    Browse by tags:

    Browse by language:

    The easiest way to do Web Scraping

    Get HTML from any page with a simple API call. We handle proxy rotation, browser identities, automatic retries, CAPTCHAs, JavaScript rendering, etc automatically for you

    Try ProxiesAPI for free

    curl "http://api.proxiesapi.com/?key=API_KEY&url=https://example.com"

    <!doctype html>
        <title>Example Domain</title>
        <meta charset="utf-8" />
        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />


    Don't leave just yet!

    Enter your email below to claim your free API key: