TechBlueprints Quick Reference
| Aspect | REST | GraphQL |
|---|---|---|
| Data Fetching | Multiple endpoints, fixed structure | Single endpoint, client specifies |
| Over/Under-fetching | Common problem | Solved by design |
| Caching | HTTP caching built-in | More complex |
| Versioning | URL or header versioning | Schema evolution |
| Best For | Simple CRUD, public APIs | Complex, nested data |
| Pattern | Example | Pros/Cons |
|---|---|---|
| Offset | ?offset=20&limit=10 | Simple / Slow on large offsets |
| Cursor | ?cursor=abc123&limit=10 | Efficient, consistent / Can't jump to page |
| Keyset | ?after_id=100&limit=10 | Very efficient / Needs indexed column |
Rule of thumb: Use offset for small datasets, cursor/keyset for large or real-time feeds.
Tokens added at fixed rate. Request consumes token.
✓ Allows bursts up to bucket size
✓ Smooth average rate
Count requests in rolling time window.
✓ More accurate than fixed window
✓ Smooth rate enforcement
Count requests per time window (e.g., per minute).
✓ Simple to implement
✗ Burst at window edges
Queue requests, process at fixed rate.
✓ Very smooth output
✗ No bursting allowed
| Method | Use Case | Notes |
|---|---|---|
| API Key | Server-to-server, simple | Easy to implement, no user context |
| JWT | Stateless auth, microservices | Self-contained, can't revoke easily |
| OAuth 2.0 | Third-party access, SSO | Standard for delegated auth |
| Session Cookie | Web apps, browsers | Server-side state, easy to revoke |
Definition: Same request can be made multiple times with the same effect as making it once.
Idempotency-Key: uuid header. Server stores result keyed by that UUID."For this API, I'd use [REST/GraphQL] because [reason]. For pagination, I'd use [cursor-based] since we have [high volume/real-time feed]. I'd implement rate limiting with [token bucket] to allow bursts while protecting the backend."