java-api-reviewlisted

Review the REST API design of the provided Java controller or endpoint code. Detect Spring Boot version from `pom.xml` to tailor advice. ## Step 1 — HTTP method and status code correctness - `GET` must be idempotent and return `200 OK` (or `404` if not found) — never `201` - `POST` for creation → return `201 Created` with `Location` header pointing to the new resource - `PUT` for full replacement → `200 OK` or `204 No Content` - `PATCH` for partial update → `200 OK` with updated resource or `204 No Content` - `DELETE` → `204 No Content` (not `200` with body) - Flag returning `200 OK` with `null` body when resource not found → must be `404` - Flag returning `200 OK` for all errors → each error needs an appropriate 4xx/5xx code ## Step 2 — URL naming conventions - Use plural nouns for resources: `/users` not `/user`, `/orders` not `/getOrders` - Use kebab-case for multi-word paths: `/user-profiles` not `/userProfiles` - Flag verbs in URLs: `/getUser`, `/createOrder`, `/deleteItem` → use HTTP method instead - Nested resources: `/users/{userId}/orders` — max 2 levels deep; beyond that use query params - Flag `/api/v1/users` inconsistency — version should be consistent across all endpoints ## Step 3 — Request/response design - Flag endpoints returning raw entity classes (`@Entity`) directly → use DTOs - Flag missing `@Valid` on `@RequestBody` parameters → no input validation - Flag `@RequestBody Map<String, Object>` → use typed DTOs instead - Flag missing pagination on list end