Online REST API for Testing and Prototyping

data | real responses | 24/7 online

Resources

`https://gorest.co.in/public-api/users`	1908
`https://gorest.co.in/public-api/posts`	1249
`https://gorest.co.in/public-api/comments`	1221
`https://gorest.co.in/public-api/todos`	1940
`https://gorest.co.in/public-api/categories`	14
`https://gorest.co.in/public-api/products`	209
`https://gorest.co.in/public-api/product-categories`	691

Trying it Out

`POST /public-api/users`	Create a new user
`GET /public-api/users/123`	Get user details
`PATCH /public-api/users/123`	Update user details
`PUT /public-api/users/123`	Update user details
`DELETE /public-api/users/123`	Delete user
`OPTIONS /public-api/users`	Preflight request
`HEAD /public-api/users`	Headers only

Nested Resources

`GET /public-api/users/123/posts`	Retrieves user posts
`GET /public-api/posts/123/comments`	Retrieves post comments
`GET /public-api/users/123/todos`	Retrieves user todos

`POST /public-api/users/123/posts`	Creates a user post
`POST /public-api/posts/123/comments`	Creates a post comment
`POST /public-api/users/123/todos`	Creates a user todo

For paged results parameter 'page' should be passed in url ex: GET /public-api/users?page=5
Do not save/post your personal data like name, email, phone, photo etc...
Request methods PUT, POST, PATCH, DELETE needs access token, which needs to be passed in "Authorization" header as Bearer token.
Click here to get your access token

Features

Fully secured quick prototyping.
Response format negotiation. (supporting JSON and XML add ".json" or ".xml" to api end point)
Proper formatting of collection data, validation errors and meta data.
Support for the OPTIONS and HEAD verbs.
Full search support on all fields. Ex: https://gorest.co.in/public-api/users?name=varma

Authentication

Unlike Web applications, RESTful APIs are usually stateless, which means sessions or cookies should not be used. Therefore, each request should come with some sort of authentication credentials. A common practice is to send a secret access token with each request to authenticate the user. Since an access token can be used to uniquely identify and authenticate a user, API requests should always be sent via HTTPS to prevent man-in-the-middle (MitM) attacks.

There are different ways to send an access token:

HTTP Basic Auth: the access token is sent as the username.
Query parameter: the access token is sent as a query parameter in the API URL.
e.g. https://gorest.co.in/public-api/users?access-token=xxx
OAuth 2: the access token is obtained by the consumer from an authorization server and sent to the API server via HTTP Bearer Tokens , according to the OAuth2 protocol.
This API supports only HTTP Bearer Tokens

cUrl Examples

1. List users

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -XGET "https://gorest.co.in/public-api/users"

2. Create user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public-api/users" -d '{"name":"Tenali Ramakrishna", "gender":"Male", "email":"tenali.ramakrishna@15ce.com", "status":"Active"}'

3. Update user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPATCH "https://gorest.co.in/public-api/users/123" -d '{"name":"Allasani Peddana", "email":"allasani.peddana@15ce.com", "status":"Active"}'

4. Delete user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XDELETE "https://gorest.co.in/public-api/users/123"

Http Response Codes Summary

200: OK. Everything worked as expected.
201: A resource was successfully created in response to a POST request. The Location header contains the URL pointing to the newly created resource.
204: The request was handled successfully and the response contains no body content (like a DELETE request).
304: The resource was not modified. You can use the cached version.
400: Bad request. This could be caused by various actions by the user, such as providing invalid JSON data in the request body, providing invalid action parameters, etc.
401: Authentication failed.
403: The authenticated user is not allowed to access the specified API endpoint.
404: The requested resource does not exist.
405: Method not allowed. Please check the Allow header for the allowed HTTP methods.
415: Unsupported media type. The requested content type or version number is invalid.
422: Data validation failed (in response to a POST request, for example). Please check the response body for detailed error messages.
429: Too many requests. The request was rejected due to rate limiting.
500: Internal server error. This could be caused by internal program errors.