Modern Petstore API: A New Gold Standard for OpenAPI
Building the API Example the Industry Deserves
The Problem with the Old Petstore#
For over a decade, every developer learning OpenAPI (formerly Swagger) has encountered the same example: the Petstore API. While it served its purpose as a teaching tool, the original Petstore has become outdated, failing to reflect modern API design practices and the full capabilities of OpenAPI 3.x specifications.π¨ Critical Issue: Violation of RESTful Principles#
The biggest problem? The old Petstore doesn't even follow basic RESTful design principles. This is catastrophic because it teaches developers anti-patterns that they carry into production systems.Here are the specific RESTful violations in the original Swagger Petstore:1. Plural vs Singular Resource Names#
Problem: Inconsistent naming confuses developers and breaks conventions.2. Non-RESTful URL Design#
Problem: URLs should represent resources (nouns), not actions (verbs).3. Missing Standard HTTP Status Codes#
Problem: Incorrect status codes confuse clients and break HTTP semantics.3. Wrong HTTP Methods for Authentication#
Problem: The old Petstore uses GET for login, which:Exposes passwords in URL query parameters (visible in browser history, server logs, referrer headers)
Violates the HTTP specification (GET must be safe and idempotent)
Creates a massive security vulnerability
Is NOT cacheable despite using GET
5. No Collection Wrappers#
β BAD (Old Petstore):
GET /pets β Returns bare array
[
{"id": "019b4132-70aa-764f-b315-e2803d882a24", "name": "Fluffy"},
{"id": "019b4127-54d5-76d9-b626-0d4c7bfce5b6", "name": "Buddy"}
]
β
GOOD (Modern Petstore):
GET /pets β Returns wrapped collection with metadata
{
"data": [...],
"pagination": {
"page": 1,
"limit": 20,
"totalItems": 45,
"totalPages": 3
},
"links": {
"self": "...",
"next": "..."
}
}
Other Critical Problems#
Beyond RESTful violations, the old Petstore has:Poor error handling: Generic error messages without structured validation
Weak security models: API keys in query parameters (another security disaster)
Missing standards: No RFC 9457 error format, outdated X-RateLimit headers
Incomplete examples: Lacks webhooks, SSE, polymorphic types
Non-production ready: No rate limiting, no proper validation, no real business logic
Introducing Modern Petstore API#
We've built a completely reimagined Petstore API from the ground upβone that showcases current best practices and demonstrates the full power of OpenAPI 3.2. This isn't just an update; it's a comprehensive reference implementation designed to be the new industry standard.Our Mission#
Create a pet store API that:β
Demonstrates every OpenAPI 3.2 feature with production-ready examples
β
Follows current web standards (RFC 9457, IETF rate limiting, ISO formats)
β
Provides realistic business logic (payments, webhooks, AI features)
β
Includes comprehensive code samples across multiple languages
β
Serves as a learning resource for API designers and developers
β
Can be deployed to production with minimal modifications
What Makes It Modern?#
β
Multi-Protocol Architecture#
Modern PetstoreAPI is the only reference implementation supporting multiple API protocols and specifications:Unlike the classic Petstore (REST-only) and other examples (typically REST-only), we provide a complete multi-protocol architecture:REST (OpenAPI 3.2) - Resource-oriented API following pure RESTful principles
Webhooks - Event-driven HTTP callbacks for asynchronous notifications
Callbacks - OpenAPI 3.x callback patterns for async request-response flows
SSE (Server-Sent Events) - Real-time streaming for live updates and AI responses
WebSocket - Full-duplex bidirectional real-time communication
Socket.IO - WebSocket with automatic fallback and enhanced features
MQTT - Lightweight publish-subscribe messaging protocol for IoT devices
MCP (Model Context Protocol) - AI assistant integration for Claude Desktop and other MCP clients
GraphQL - Flexible query language for complex data requirements
gRPC - High-performance RPC protocol for microservices
AsyncAPI 3.0 - Event-driven architecture specification
WSDL - SOAP web services for enterprise integration
WADL - Web Application Description Language support
β
First and Foremost: True RESTful Design#
This is the foundation everything else builds on. We follow RESTful principles rigorously:1. Correct HTTP Methods for Every Operation#
Every method follows HTTP semantics:GET: Safe (no side effects) and idempotent
POST: Create resources, submit forms, non-idempotent operations
PUT/PATCH: Idempotent updates
DELETE: Idempotent removal
2. Proper HTTP Status Codes#
We use the right status code for every situation:Example response with proper status code:3. Resource-Oriented URL Design#
URLs represent resources (nouns), not actions (verbs):For complex operations that don't fit CRUD, we use:Sub-resources: POST /orders/{id}/payment
Query parameters: GET /pets?status=AVAILABLE&species=DOG
QUERY method (OpenAPI 3.2): QUERY /pets/search with request body
4. Consistent Plural Nouns for Collections#
This consistency makes APIs predictable and intuitive.Why this matters: Clients can predict URL patterns without reading docs.Every collection endpoint returns a consistent structure:{
"data": [
{ "id": "pet_fYrZzCW9E1WIOyGw", "name": "Whiskers", ... },
{ "id": "pet_fYrZzCW9E1WIOyGw", "name": "Buddy", ... }
],
"pagination": {
"page": 1,
"limit": 20,
"totalItems": 145,
"totalPages": 8
},
"links": {
"self": "https://api.petstoreapi.com/v1/pets?page=1",
"next": "https://api.petstoreapi.com/v1/pets?page=2",
"prev": null,
"first": "https://api.petstoreapi.com/v1/pets?page=1",
"last": "https://api.petstoreapi.com/v1/pets?page=8"
}
}
Never break pagination: Add totalItems later without breaking clients
Navigation links: Clients follow links, not construct URLs
Consistent structure: Every collection works the same way
7. Navigation Links#
Every resource includes navigational links:{
"id": "pet_fYrZzCW9E1WIOyGw",
"name": "Whiskers",
"species": "CAT",
"status": "AVAILABLE",
"links": {
"self": "https://api.petstoreapi.com/v1/pets/pet_fYrZzCW9E1WIOyGw",
"adopt": "https://api.petstoreapi.com/v1/adoptions",
"images": "https://api.petstoreapi.com/v1/pets/pet_fYrZzCW9E1WIOyGw/images"
}
}
Discover available operations
Navigate without hardcoding URLs
Evolve independently from URL changes
8. Content Negotiation#
Support multiple representations:We standardize on JSON but the pattern supports future formats.9. Idempotency Where Required#
Operations that should be idempotent are:This allows safe retries on network failures.10. Caching Support#
We include proper cache headers:This reduces bandwidth and improves performance.
π OpenAPI 3.2 Exclusive Features#
Beyond RESTful fundamentals, we leverage the latest OpenAPI 3.2 specification features:Organize your API endpoints with structured tagging:This creates a clean hierarchy in documentation tools, making large APIs easier to navigate.QUERY HTTP Method#
For complex searches that exceed URL length limits:OAuth Device Flow#
Perfect for smart TVs, IoT devices, and kiosks:Reusable Path Items#
DRY principle for consistent resource patterns:
π Modern API Standards#
We don't just follow OpenAPIβwe implement current web standards across the board:RFC 9457: Problem Details for HTTP APIs#
No more generic error messages. Every error response follows the standard:{
"type": "https://petstoreapi.com/errors/validation-error",
"title": "Validation Error",
"status": 422,
"detail": "The request body contains validation errors",
"instance": "/v1/pets",
"errors": [
{
"field": "ageMonths",
"message": "Must be a positive number",
"code": "INVALID_FORMAT"
}
]
}
Structured field-level errors - developers know exactly what to fix
Unique error type URLs - link to detailed documentation
Machine-readable error codes - enable programmatic handling
X-RateLimit headers:ISO 3166-1 alpha-2: Country codes (US, GB, CA)
ISO 4217: Currency codes (USD, EUR, GBP)
ISO 8601 / RFC 3339: Timestamps (2025-12-17T08:00:00Z)
π¨ Real-World API Patterns#
Modern APIs aren't simple CRUD operations. We demonstrate complex, production-ready patterns:Polymorphic Payment Sources#
Support multiple payment methods with discriminators:{
"amount": 150.00,
"currency": "USD",
"source": {
"object": "CARD",
"name": "Jane Doe",
"number": "4242424242424242",
"expMonth": 12,
"expYear": 2025,
"cvc": "123"
}
}
{
"amount": 150.00,
"currency": "USD",
"source": {
"object": "BANK_ACCOUNT",
"accountHolderName": "Jane Doe",
"routingNumber": "110000000",
"accountNumber": "000123456789",
"accountType": "CHECKING"
}
}
object type:Collection Wrappers & Navigation#
Never return bare arrays. Every collection response includes:{
"data": [
{
"id": "pet_fYrZzCW9E1WIOyGw",
"species": "CAT",
"name": "Whiskers",
"links": {
"self": "https://api.petstoreapi.com/v1/pets/pet_fYrZzCW9E1WIOyGw",
"adopt": "https://api.petstoreapi.com/v1/adoptions"
}
}
],
"pagination": {
"page": 1,
"limit": 20,
"totalItems": 45,
"totalPages": 3
},
"links": {
"self": "https://api.petstoreapi.com/v1/pets?page=1",
"next": "https://api.petstoreapi.com/v1/pets?page=2",
"last": "https://api.petstoreapi.com/v1/pets?page=3"
}
}
Pagination metadata - clients know exactly where they are
Navigation links - API is self-documenting and discoverable
Consistent structure - all collections follow the same pattern
Webhooks for Event-Driven Architecture#
OpenAPI 3.x supports webhook definitions. We demonstrate real-world events:Your application receives events when important actions occurβno polling needed.Server-Sent Events (SSE) for Real-Time Streaming#
AI features need streaming responses. We demonstrate with a Pet Adoption Advisor:The OpenAPI spec documents the SSE format with text/event-stream media type.
π» Developer Experience#
Great APIs are easy to use. We've focused heavily on developer experience:Multi-Language Code Examples#
Every major operation includes x-codeSamples with ready-to-use examples:Workflow Descriptions#
Every operation includes business context, not just technical details:External Documentation Links#
Complex features link to detailed guides:
Technical Architecture#
Built for Scalability#
We've chosen a modern, performant stack:Node.js: Industry-standard runtime
Hono: Fast, lightweight web framework
TypeScript: End-to-end type safety
Docker: Containerized deployment anywhere
Type Safety Everywhere#
Comprehensive Validation#
We use unevaluatedProperties: false to catch unexpected fields:This prevents clients from sending invalid data and makes API evolution explicit.
Comparison: Old vs. New#
Let's see how we stack up against the original Swagger Petstore and other modern examples. RESTful compliance is listed first as it's the foundation:| Feature | Old Petstore | Train Travel API | Modern Petstore |
|---|
| π΄ RESTful: HTTP Methods | β GET for login/logout | β
POST for mutations | β
Correct methods everywhere |
| π΄ RESTful: Status Codes | β 200 for POST/DELETE | β
Proper codes | β
201/204/4xx/5xx properly |
| π΄ RESTful: URL Design | β /findByStatus (verbs) | β
Resource-oriented | β
Pure resource nouns |
| π΄ RESTful: Plural Resources | β /pet (singular) | β
/trips (plural) | β
/pets, /users, /orders |
| π΄ RESTful: Path Parameters | β /user/{username} mixed | β
Consistent | β
{id} uniformly |
| π΄ RESTful: Collections | β Bare arrays | β
Wrapped | β
Wrapped + pagination + links |
| π΄ RESTful: Idempotency | β Not documented | β
Documented | β
Explicit + safe retries |
| OpenAPI Version | 2.0 | 3.1.0 | 3.2.0 β
|
| Error Standard | Custom | RFC 9457 | RFC 9457 + Field Details β
|
| Rate Limiting | X-RateLimit | RateLimit-* | RateLimit-* β
|
| Auth Methods | API Key in URL | OAuth | OAuth + Bearer/JWT β
|
| OAuth Flows | None | Authorization Code | Auth Code + Device Flow β
|
| Webhooks | None | Basic | Complete with Security β
|
| Real-time (SSE) | None | None | Full SSE Implementation β
|
| QUERY Method | None | None | Yes (OpenAPI 3.2) β
|
| Hierarchical Tags | None | Flat | Full Hierarchy β
|
| Code Samples | None | Basic | Multi-language x-codeSamples β
|
| Polymorphic Types | None | Basic | Discriminators with Mapping β
|
| Protocol Support | REST only | REST only | REST + SSE + MCP + GraphQL + gRPC + AsyncAPI + WSDL + WADL β
|
| Production Ready | No | Partial | Fully Deployable β
|
Result: We lead in every category, with RESTful compliance being our strongest differentiator.The Modern Petstore follows 100% of RESTful principles plus modern extensions like QUERY method and structured navigation.
Real-World Use Cases#
This isn't just an exampleβit's a template for building production APIs:The obvious use case. Organizations can fork this and customize:Add shelter locations with geospatial search
Integrate with local regulations and licensing
Add foster care management
Implement application review workflows
π₯ Healthcare Appointment Systems#
The patterns translate perfectly:Adoption Status β Appointment Status
Medical Info β Patient Records
Webhooks for appointment reminders
Species/Breed β Categories
Polymorphic payments already implemented
π Resource Booking Systems#
Libraries, equipment rentals, room bookings:Availability Status β Booking Status
User accounts and authentication ready
Search and filtering patterns established
Getting Started#
Quick Start#
Explore the API#
View Documentation#
Learning Resources#
For API Designers#
Study our OpenAPI spec to learn:How to structure complex schemas with discriminators
When to use readOnly vs writeOnly
How to document workflows with descriptions
How to organize tags hierarchically
When to use references vs inline schemas
For API Developers#
Learn implementation patterns:Structured error handling with RFC 9457
Webhook delivery with retries
SSE streaming for real-time data
For Technical Writers#
Complex authentication flows
Multi-step business workflows
Error scenarios with examples
Code samples in multiple languages
Design Principles#
These principles guided every decision:1. Standards Over Custom#
We prefer established standards (RFC 9457, ISO codes, IETF headers) over inventing our own. Standards are:2. Production-Ready Over Simplified#
Examples that are "too simple" teach bad habits. We include:3. Realistic Over Theoretical#
We model actual business logic:Payment processing with multiple methods
Multi-step workflows (adoption application β approval β completion)
4. Modern Over Compatible#
We target the latest specifications:OpenAPI 3.2 (not 3.0 or 2.0)
5. Complete Over Minimal#
Every feature is fully implemented:No "TODO" comments or stub implementations.
What's Next?#
We're continuously improving the Modern Petstore API:Coming Soon#
AsyncAPI 3.0 Specification: Complete async/event documentation
Arazzo Workflows: Step-by-step workflow definitions
GraphQL Endpoint: Demonstrate REST + GraphQL coexistence
More Code Samples: Go, Java, PHP, Ruby
Performance Benchmarks: Quantified edge performance metrics
Video Tutorials: Walkthrough of key features
GitHub Discussions: Share use cases and ask questions
Issues: Report bugs or request features
Pull Requests: Contribute improvements
Blog Posts: Write about how you're using the API
Translations: Help document in other languages
Conclusion#
The Modern Petstore API isn't just an updateβit's a reimagining of what an API example should be:β
Complete OpenAPI 3.2 showcase
β
Current web standards throughout
β
Production-ready architecture
β
Real-world business patterns
β
Comprehensive documentation
β
Multi-language code samples
β
Deployable to Docker/Node.jsWhether you're learning OpenAPI, designing a new API, evaluating API tools, or teaching others, the Modern Petstore API provides a comprehensive, realistic reference.The classic Petstore served us well for over a decade. Now it's time for a new standard.
Try It Now#
Give it a star β if you find it useful!
About the Project#
The Modern Petstore API is an open-source project created to demonstrate best practices in API design. It's maintained by the community and welcomes contributions from developers worldwide.
Last updated: December 2025 Modified atΒ 2026-01-06 09:25:30
