Ashvara
Blog/Engineering
Engineering

How to design an API that lasts (2026)

How to design an API that survives real use: REST vs GraphQL, versioning from day one, and the backward-compatibility rules that stop you breaking clients.

S
Sahil Jain
Engineering · Ashvara
Jul 2, 2026
3 min read
API design

A durable API comes down to three habits: version it from day one, never break clients within a version, and pick the style (REST or GraphQL) that matches who's calling it. Most API pain isn't performance - it's breaking changes that quietly shatter the apps and partners depending on you.

REST or GraphQL? (usually REST, sometimes both)

They aren't enemies. In 2026, REST still powers about 83% of public APIs - it's cache-friendly, debuggable, and the right default for anything public or partner-facing. GraphQL has settled into 61%+ of enterprises, most often as a backend-for-frontend layer where diverse clients (web, mobile) each need different data shapes and you want to eliminate over-fetching.

Rough rule:

  • REST for public/partner APIs, resource-oriented data, and easy caching - off-the-shelf tooling just works.
  • GraphQL for internal frontend-to-backend APIs where clients need flexible, client-specified data. It needs more custom monitoring and query-complexity handling, which is real time and cost.

Plenty of teams run both: REST for the public surface, GraphQL as an internal aggregation layer.

Version from day one

The single most important habit: ship /v1/ from the start. It costs nothing now and saves you when the first breaking change arrives. Common approaches:

  • URL path (/v1/users, /v2/users) - explicit and simple, the usual REST default.
  • Header-based (a date-stamped X-Api-Version, as GitHub uses) - keeps URLs clean.

GraphQL takes a different route: it avoids versions entirely - you add new fields, mark old ones @deprecated with a reason, and delete only after monitoring shows zero usage.

The rule that actually matters: don't break clients

Within a version, stay backward-compatible:

  • Add, don't change or remove. New optional fields are safe; renaming or removing a field, or changing its type, is a breaking change.
  • When you must break, cut a new version and ship a migration guide.
  • Deprecate loudly: a Sunset header and a generous window (12 months is a good norm) so consumers migrate on their schedule, not in a panic.
  • Catch breaks before they ship: diff your API definition in CI so an accidental breaking change never reaches production.

An API's real product isn't the endpoints - it's the promise that today's integration still works next year. Break that once and partners stop trusting your platform.

The unglamorous essentials

Longevity also rides on the basics every durable API shares:

  • Documentation that's versioned and generated from the source of truth, not hand-maintained and stale.
  • Consistent conventions - naming, errors, pagination, filtering - so a developer who learns one endpoint can guess the rest.
  • Auth, rate limiting, and idempotency on writes, so a retry doesn't double-charge.
  • Observability - know which endpoints and versions are actually used before you deprecate anything.

Our opinion

Default to REST unless you have a specific reason for GraphQL - many teams adopt GraphQL and inherit monitoring and complexity they didn't need. And treat versioning and backward compatibility as non-negotiable from commit one: nearly free early, brutally expensive to retrofit. The teams whose APIs "just keep working" aren't smarter - they refused to make breaking changes.

How Ashvara helps

We design and build APIs meant to be built on: clear, consistent contracts, versioning and backward-compatibility rules from day one, generated docs, auth, and observability - so your apps and partners aren't broken by your next release. Pair that with the right stack (Node.js vs NestJS) and it holds up for years. That's our backend & API development practice - tell us what you're building.


REST/GraphQL adoption and versioning practices reflect 2026 API-design analyses (e.g. Postman and Fern).

S
Sahil Jain

Founder at Ashvara, a studio that builds software end to end - mobile, web, AI, and the systems behind them. Writes about shipping products that last.

Building something? Let's talk.