System Design (LLD)API Versioning

API Versioning

LevelIntermediate

Duration60 mins

TopicAPI Versioning

2 / 5

Versioning Strategies

Choosing How to Version

Having established why versioning is essential, we now face a practical question: how do you actually implement version management in your API?

Several well-established strategies exist, each with distinct characteristics, tradeoffs, and ideal use cases. There's no universally 'correct' approach—the right choice depends on your API's nature, your consumers' needs, and your operational constraints.

This page provides a comprehensive analysis of each major strategy, examining:

How the version is communicated between client and server
The impact on URL design and caching
Tooling and infrastructure implications
Consumer experience
Real-world adoption and examples

By the end, you'll be equipped to make an informed versioning decision for any API you design.

The Four Major Strategies

We'll examine: (1) URL Path Versioning — the most visible and widely adopted approach, (2) Query Parameter Versioning — a simple but limited alternative, (3) Header Versioning — a 'pure' but less discoverable approach, and (4) Content Negotiation — the most sophisticated but complex option. Each has legitimate uses depending on context.

URL Path Versioning

URL Path Versioning embeds the version number directly in the URL path, typically as a prefix segment:

https://api.example.com/v1/users/123
https://api.example.com/v2/users/123
https://api.example.com/v3/users/123

This is the most widely adopted versioning strategy, used by major APIs including Twitter, GitHub, Stripe, and Google Cloud. Its popularity stems from several advantageous characteristics.

How It Works:

The version identifier becomes part of the resource address. Clients specify which version they want simply by constructing the appropriate URL. The server routes requests based on the URL path.

From an implementation perspective, this can be handled through:

Separate routers per version (clear separation, some duplication)
Version-aware routing middleware (shared logic, version switching)
Reverse proxy routing (infrastructure-level, completely separated deployments)

Advantages

•Maximum visibility — Version is immediately apparent in any URL, log, or documentation
•Browser-friendly — URLs can be tested directly in a browser; no special headers needed
•Excellent cacheability — Different versions have different URLs, so caching is straightforward
•Tooling compatibility — Virtually all HTTP tools, proxies, and load balancers work naturally
•Easy to understand — Even non-technical stakeholders grasp the versioning scheme
•Documentation clarity — API docs can organize by version with distinct base URLs

Disadvantages

•Not 'RESTfully pure' — The resource identity (/users/123) should arguably be version-independent
•URL proliferation — Every endpoint multiplied by versions; can complicate routing
•Client code coupling — Upgrading versions requires changing URLs throughout client code
•Hypermedia challenges — Links returned in responses must be version-aware
•No partial versioning — Difficult to version individual endpoints independently

url-path-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Express.js URL Path Versioning Example
import express from 'express';
 
const app = express();
 
// Version 1 API routes
const v1Router = express.Router();
v1Router.get('/users/:id', (req, res) => {
    // V1 returns a simple user object
    const user = {
        id: req.params.id,
        name: "John Doe",
        email: "john@example.com"
    };
    res.json(user);
});
 
// Version 2 API routes
const v2Router = express.Router();
v2Router.get('/users/:id', (req, res) => {
    // V2 returns a richer, restructured response
    const user = {
        id: req.params.id,
        profile: {
            displayName: "John Doe",
            avatar: "https://cdn.example.com/avatars/123.jpg"
        },
        contact: {
            email: "john@example.com",
            emailVerified: true
        },
        metadata: {
            createdAt: "2024-01-15T10:30:00Z",
            updatedAt: "2024-06-20T14:22:00Z"
        }
    };
    res.json(user);
});
 
// Mount versioned routers
app.use('/v1', v1Router);
app.use('/v2', v2Router);
 
// Requests to /v1/users/123 get V1 format
// Requests to /v2/users/123 get V2 format

Real-World Usage:

GitHub API: Uses /repos/octocat/Hello-World pattern with version communicated separately, but moved toward path versioning for newer APIs
Twitter API v2: Explicitly uses /2/tweets path structure
Stripe API: Uses the pattern https://api.stripe.com/v1/charges for core versioning

When to Choose URL Path Versioning:

Public APIs where discoverability and simplicity matter
APIs consumed by diverse clients (mobile, web, IoT, third-party)
When you expect major version changes to be infrequent (annually or less)
When caching by URL is important for your performance model
When you want version to be visible in logs, monitoring, and debugging

Query Parameter Versioning

Query Parameter Versioning places the version identifier as a query parameter:

https://api.example.com/users/123?version=1
https://api.example.com/users/123?v=2
https://api.example.com/users/123?api-version=2024-01-15

This approach treats version as a parameter rather than a structural part of the URL. While less common than URL path versioning, it has specific use cases where it shines.

How It Works:

The version parameter is parsed from the query string on each request. If absent, the server typically defaults to either the latest version or a specified default. The same endpoint handler may serve multiple versions, switching behavior based on the parameter.

Advantages

•Simple implementation — Just parse a query parameter; minimal routing changes
•Optional by default — Easy to provide a default version when parameter is omitted
•Flexible versioning schemes — Can use dates, semver, or any string format
•Preserves URL structure — Resource URLs remain clean and version-independent
•Easy client upgrade — Clients can experiment by changing a single parameter

Disadvantages

•Caching complications — Cache keys must include query parameters, which some caches ignore
•Less visible — Version can be easily overlooked in URLs and logs
•Query parameter pollution — Adds clutter alongside other parameters
•Default version ambiguity — If the default changes, clients without explicit version break
•Optional invites omission — Clients may forget to specify, causing inconsistent behavior

query-param-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
// Express.js Query Parameter Versioning
import express from 'express';
 
const app = express();
 
// Version resolution middleware
const resolveApiVersion = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const version = req.query.version || req.query.v || req.query['api-version'];
    
    // Default to latest stable version if not specified
    req.apiVersion = version ? parseInt(version as string) : 2;
    
    // Validate version
    const supportedVersions = [1, 2, 3];
    if (!supportedVersions.includes(req.apiVersion)) {
        return res.status(400).json({
            error: 'UNSUPPORTED_VERSION',
            message: `Version ${req.apiVersion} is not supported. Supported: ${supportedVersions.join(', ')}`,
            suggestedVersion: 2
        });
    }
    
    next();
};
 
app.use(resolveApiVersion);
 
// Single endpoint handles all versions
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    
    switch (req.apiVersion) {
        case 1:
            // V1: Simple flat structure
            return res.json({
                id: userId,
                name: "John Doe",
                email: "john@example.com"
            });
            
        case 2:
            // V2: Nested structure with more fields
            return res.json({
                id: userId,
                profile: {
                    displayName: "John Doe",
                    email: "john@example.com"
                },
                createdAt: "2024-01-15T10:30:00Z"
            });
            
        case 3:
            // V3: HATEOAS links, richer metadata
            return res.json({
                data: {
                    id: userId,
                    type: "user",
                    attributes: {
                        displayName: "John Doe",
                        email: "john@example.com"
                    }
                },
                links: {
                    self: `/users/${userId}?version=3`,
                    posts: `/users/${userId}/posts?version=3`
                }
            });
    }
});
 
// Requests:
// GET /users/123?version=1  → V1 response
// GET /users/123?v=2        → V2 response
// GET /users/123            → V2 response (default)

The Default Version Trap

A critical design decision with query parameter versioning is the default behavior. If you default to 'latest' and a client doesn't specify a version, they'll silently receive a new version when you release it—potentially breaking. Always default to a specific, stable version and require explicit opt-in for new versions.

Real-World Usage:

AWS APIs: Many AWS services use ?Version=2012-12-01 format with date-based versions
Azure APIs: Often use ?api-version=2023-05-01 pattern
Google APIs: Some use ?v=2 for simpler version specification

When to Choose Query Parameter Versioning:

APIs with frequent, fine-grained version changes
When you want to provide a sensible default for casual usage
Internal APIs where discoverability is less critical
When your caching layer properly handles query parameters
APIs that already have rich query parameter usage (version fits naturally)

Header Versioning

Header Versioning communicates the version through a custom HTTP header:

GET /users/123 HTTP/1.1
Host: api.example.com
X-API-Version: 2

---

GET /users/123 HTTP/1.1
Host: api.example.com
Api-Version: 2024-01-15

This approach keeps URLs completely clean of version information, placing versioning in the metadata layer of HTTP. It's considered more 'RESTfully pure' by some practitioners.

How It Works:

The server reads a custom header on each request to determine which version of the API to invoke. If the header is missing, the server may return an error, use a default, or prompt the client to specify.

Common header names include:

X-API-Version (the 'X-' prefix is technically deprecated but widely used)
Api-Version (cleaner, modern approach)
Accept-Version (mirrors content negotiation patterns)

Advantages

•Clean URLs — Resource identifiers remain pure and version-independent
•REST purity — Version is metadata, not part of the resource address
•Flexible versioning — Can combine with content negotiation for sophisticated schemes
•Easy header propagation — SDK clients can set version once and forget
•No URL changes on upgrade — Clients change only the header value

Disadvantages

•Not browser-friendly — Can't test in browser address bar; requires tools like curl or Postman
•Less discoverable — Version is invisible when sharing or logging URLs
•Caching complexity — Caches must be configured to Vary on the version header
•CORS considerations — Custom headers may require preflight OPTIONS requests
•Documentation burden — Must clearly document header requirement and values

header-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Express.js Header Versioning
import express from 'express';
 
const app = express();
 
// CORS configuration to allow custom version header
app.use((req, res, next) => {
    res.header('Access-Control-Allow-Headers', 'Api-Version, Content-Type, Authorization');
    res.header('Access-Control-Expose-Headers', 'Api-Version');
    next();
});
 
// Version extraction middleware
const extractApiVersion = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // Check multiple possible header names
    const versionHeader = 
        req.headers['api-version'] || 
        req.headers['x-api-version'] || 
        req.headers['accept-version'];
    
    if (!versionHeader) {
        return res.status(400).json({
            error: 'VERSION_REQUIRED',
            message: 'Api-Version header is required',
            example: 'Api-Version: 2',
            supportedVersions: ['1', '2', '3']
        });
    }
    
    const version = parseInt(versionHeader as string);
    
    if (isNaN(version) || version < 1 || version > 3) {
        return res.status(400).json({
            error: 'INVALID_VERSION',
            message: `Version '${versionHeader}' is not valid`,
            supportedVersions: ['1', '2', '3']
        });
    }
    
    req.apiVersion = version;
    
    // Echo version back in response for clarity
    res.header('Api-Version', version.toString());
    
    next();
};
 
app.use(extractApiVersion);
 
// Versioned endpoint
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    const version = req.apiVersion;
    
    // Set Vary header for caching
    res.header('Vary', 'Api-Version');
    
    // Version-specific response logic
    if (version === 1) {
        return res.json({
            id: userId,
            name: "John Doe",
            email: "john@example.com"
        });
    }
    
    if (version === 2) {
        return res.json({
            user: {
                id: userId,
                displayName: "John Doe",
                email: "john@example.com",
                createdAt: "2024-01-15T10:30:00Z"
            }
        });
    }
    
    // Version 3
    return res.json({
        data: {
            type: "user",
            id: userId,
            attributes: {
                displayName: "John Doe",
                email: "john@example.com"
            }
        },
        meta: {
            requestedVersion: 3
        }
    });
});
 
// Client usage with curl:
// curl -H "Api-Version: 2" https://api.example.com/users/123

Vary Header is Critical

When using header versioning, always include Vary: Api-Version (or your header name) in responses. This tells caches that responses differ based on this header, preventing cache poisoning where one version's response is incorrectly served to a client requesting another version.

Real-World Usage:

GitHub API: Originally used custom X-GitHub-Api-Version header (now moving toward other approaches)
Stripe API: Uses Stripe-Version header alongside other mechanisms
Microsoft Graph: Supports api-version header for version specification

When to Choose Header Versioning:

APIs consumed primarily through SDKs that can set headers automatically
When URL cleanliness is important for your use case
When you're committed to proper caching configuration
Internal APIs where tooling requirements are controlled
APIs where CORS isn't a concern (same-origin or backend-to-backend)

Content Negotiation (Accept Header Versioning)

Content Negotiation Versioning uses the standard HTTP Accept header with a custom media type that includes version information:

GET /users/123 HTTP/1.1
Host: api.example.com
Accept: application/vnd.example.v2+json

---

GET /users/123 HTTP/1.1
Host: api.example.com
Accept: application/vnd.example.user-v2+json

This approach leverages HTTP's built-in content negotiation mechanism, treating different API versions as different representations of the same resource—exactly what content negotiation was designed for.

How It Works:

The Accept header uses a vendor media type (indicated by vnd.) that embeds version information. The server parses this media type and returns the appropriate version. The response Content-Type header echoes the version served.

Media type formats vary:

application/vnd.company.v2+json — Version in media type
application/vnd.company+json; version=2 — Version as parameter
application/vnd.company.resource.v2+json — Resource-specific versioning

Advantages

•Most RESTful — Uses HTTP mechanisms as designed; version is truly a representation variant
•Resource-level versioning — Can version specific resources independently
•Full content negotiation — Can combine version with format (JSON, XML) negotiation
•Clean URLs — Resource identifiers remain completely pure
•Standards-based — Uses well-understood HTTP content negotiation semantics

Disadvantages

•Highest complexity — Parsing Accept headers correctly is non-trivial
•Least discoverable — Version is deeply buried in header content
•Browser testing impossible — Requires programmatic tools for any testing
•Caching even more complex — Vary on Accept; many caches struggle
•Steep learning curve — Many developers unfamiliar with content negotiation

content-negotiation-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Express.js Content Negotiation Versioning
import express from 'express';
 
const app = express();
 
interface MediaTypeInfo {
    vendor: string;
    version: number;
    format: string;
}
 
// Parse vendor media type to extract version
function parseVendorMediaType(accept: string): MediaTypeInfo | null {
    // Matches: application/vnd.example.v2+json
    // or: application/vnd.example+json; version=2
    
    const patterns = [
        // vnd.company.v2+json format
        /application\/vnd\.([a-z]+)\.v(\d+)\+([a-z]+)/i,
        // vnd.company+json; version=2 format  
        /application\/vnd\.([a-z]+)\+([a-z]+);\s*version=(\d+)/i,
    ];
    
    for (const pattern of patterns) {
        const match = accept.match(pattern);
        if (match) {
            if (pattern === patterns[0]) {
                return {
                    vendor: match[1],
                    version: parseInt(match[2]),
                    format: match[3]
                };
            } else {
                return {
                    vendor: match[1],
                    version: parseInt(match[3]),
                    format: match[2]
                };
            }
        }
    }
    
    return null;
}
 
// Content negotiation middleware
const negotiateContent = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const accept = req.headers.accept || '';
    
    // Check for vendor media type
    const mediaInfo = parseVendorMediaType(accept);
    
    if (!mediaInfo) {
        // Check if they specified any Accept header
        if (accept && !accept.includes('*/*') && !accept.includes('application/json')) {
            return res.status(406).json({
                error: 'NOT_ACCEPTABLE',
                message: 'Unsupported media type. Use: application/vnd.example.v{VERSION}+json',
                supportedMediaTypes: [
                    'application/vnd.example.v1+json',
                    'application/vnd.example.v2+json',
                    'application/vnd.example.v3+json'
                ]
            });
        }
        
        // Default to latest version with JSON
        req.apiVersion = 3;
        req.responseFormat = 'json';
    } else {
        if (mediaInfo.vendor !== 'example') {
            return res.status(406).json({
                error: 'UNKNOWN_VENDOR',
                message: `Unknown vendor: ${mediaInfo.vendor}`
            });
        }
        
        if (mediaInfo.version < 1 || mediaInfo.version > 3) {
            return res.status(406).json({
                error: 'UNSUPPORTED_VERSION',
                message: `Version ${mediaInfo.version} is not supported`,
                supportedVersions: [1, 2, 3]
            });
        }
        
        req.apiVersion = mediaInfo.version;
        req.responseFormat = mediaInfo.format;
    }
    
    next();
};
 
app.use(negotiateContent);
 
// Versioned endpoint
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    const version = req.apiVersion;
    
    // Set Content-Type to reflect negotiated version
    res.header('Content-Type', `application/vnd.example.v${version}+json`);
    res.header('Vary', 'Accept');
    
    switch (version) {
        case 1:
            return res.json({
                id: userId,
                name: "John Doe",
                email: "john@example.com"
            });
            
        case 2:
            return res.json({
                user: {
                    id: userId,
                    profile: {
                        displayName: "John Doe"
                    },
                    contact: {
                        email: "john@example.com"
                    }
                }
            });
            
        case 3:
            return res.json({
                type: "user",
                id: userId,
                attributes: {
                    displayName: "John Doe",
                    email: "john@example.com"
                },
                links: {
                    self: `/users/${userId}`
                }
            });
    }
});
 
// Client usage:
// curl -H "Accept: application/vnd.example.v2+json" https://api.example.com/users/123

Real-World Usage:

GitHub API (original): Used application/vnd.github.v3+json format
Kubernetes API: Uses group/version in Accept headers for resource versioning
Some Google APIs: Support content negotiation for version selection

When to Choose Content Negotiation:

When RESTful purity is important to your architecture
APIs that already use content negotiation for format (JSON/XML)
When you need resource-level versioning (different endpoints at different versions)
Sophisticated API consumers who understand content negotiation
When you have full control over caching infrastructure

Strategy Comparison Matrix

With all four strategies covered, let's compare them systematically across key dimensions to help inform your decision:

Versioning Strategies: Comprehensive Comparison
Dimension	URL Path	Query Param	Header	Content Neg.
Visibility	★★★★★	★★★☆☆	★★☆☆☆	★☆☆☆☆
Browser Testing	★★★★★	★★★★★	★☆☆☆☆	★☆☆☆☆
Caching Simplicity	★★★★★	★★★☆☆	★★☆☆☆	★★☆☆☆
URL Cleanliness	★★☆☆☆	★★★☆☆	★★★★★	★★★★★
REST Purity	★★☆☆☆	★★★☆☆	★★★★☆	★★★★★
Implementation Complexity	★★★★☆	★★★★★	★★★☆☆	★★☆☆☆
CORS Friendliness	★★★★★	★★★★★	★★★☆☆	★★★☆☆
Resource-level Versioning	★☆☆☆☆	★★☆☆☆	★★★☆☆	★★★★★
Wide Adoption	★★★★★	★★★★☆	★★★☆☆	★★☆☆☆

The Pragmatic Choice

For most production APIs, URL Path Versioning is the pragmatic default. Its visibility, tooling compatibility, and simplicity outweigh the theoretical benefits of 'purer' approaches. Choose alternatives only when you have specific requirements that URL versioning doesn't meet.

Decision Framework:

Choose URL Path when:

Building a public API for diverse consumers
Discoverability and documentation clarity matter
You want minimal caching surprises

Choose Query Parameter when:

You have frequent, date-based version releases
Providing a sensible default is important
The API already has rich query parameter usage

Choose Header when:

Consumers use SDKs that handle headers automatically
URL aesthetics are important to your design
You're in a controlled environment (internal APIs, known clients)

Choose Content Negotiation when:

RESTful architecture is a core value
You need resource-level versioning
Your consumers are technically sophisticated
You have complex content type requirements

Hybrid and Alternative Approaches

In practice, many APIs use hybrid approaches or variations that don't fit neatly into the four categories above.

Date-Based Versioning:

Some APIs use dates instead of numbers:

/users/123?api-version=2024-01-15
Stripe-Version: 2024-01-15

This approach ties versions to release dates, making it clear when the version was released and enabling frequent releases without confusing version number inflation. Stripe pioneered this approach.

Pin to Version + Default Latest:

Some APIs let you 'pin' a version but default to latest:

# Account setting locks API version
Stripe-Version: 2024-01-15

# Or, without setting, you get the latest

This reduces friction for new integrators while protecting existing ones.

Multi-Strategy Support:

Some APIs support multiple versioning mechanisms simultaneously:

# URL version  
/v2/users/123

# OR Query parameter
/users/123?version=2

# OR Header
Api-Version: 2

The server uses precedence rules: Header > Query > URL (or similar). This provides flexibility but adds implementation complexity.

GraphQL Versioning:

GraphQL APIs challenge traditional versioning because the query language allows clients to request exactly what they need. GraphQL philosophy suggests:

Avoid versions entirely through field deprecation
Add new fields without removing old ones
Mark deprecated fields in schema
Eventually remove after sufficient migration time

This works well when you control client and server, but may not suit all contexts.

Stripe's Date-Based Model

Stripe's approach deserves special attention: they use date-stamped versions (e.g., 2024-01-15) set via header, with dashboard configuration to pin your account's default version. When you upgrade, you see exactly what changed since your pinned date. This model enables continuous API evolution without traditional major version bumps.

Summary: Choosing Your Strategy

We've covered the full landscape of API versioning strategies. Let's consolidate the key insights:

Key Takeaways

•URL Path Versioning is the most visible, cacheable, and widely adopted approach—the safe default for public APIs.
•Query Parameter Versioning works well for date-based or frequent version schemes with sensible defaults.
•Header Versioning keeps URLs clean but sacrifices discoverability and browser testability.
•Content Negotiation is the most RESTful but also most complex; suited for sophisticated environments.
•Hybrid approaches combine strategies or use innovations like date-based versions for specific benefits.
•The right choice depends on context — consumer sophistication, caching needs, tooling constraints, and API philosophy.

What's Next:

Knowing how to version is only half the challenge. The next page addresses a critical question: what changes require a new version? We'll explore the crucial distinction between breaking and non-breaking changes—the classification that determines whether you can evolve within a version or must bump to a new one.

Page Complete

You now understand the major API versioning strategies and their tradeoffs. Each approach has valid use cases, but for most APIs, URL Path Versioning provides the best balance of simplicity, visibility, and tooling compatibility. Next, we'll explore what kinds of changes require version bumps.

2 / 5

Loading learning content...

System Design (LLD)API Versioning

API Versioning

LevelIntermediate

Duration60 mins

TopicAPI Versioning

2 / 5

Versioning Strategies

Choosing How to Version

Having established why versioning is essential, we now face a practical question: how do you actually implement version management in your API?

This page provides a comprehensive analysis of each major strategy, examining:

How the version is communicated between client and server
The impact on URL design and caching
Tooling and infrastructure implications
Consumer experience
Real-world adoption and examples

By the end, you'll be equipped to make an informed versioning decision for any API you design.

The Four Major Strategies

URL Path Versioning

URL Path Versioning embeds the version number directly in the URL path, typically as a prefix segment:

https://api.example.com/v1/users/123
https://api.example.com/v2/users/123
https://api.example.com/v3/users/123

This is the most widely adopted versioning strategy, used by major APIs including Twitter, GitHub, Stripe, and Google Cloud. Its popularity stems from several advantageous characteristics.

How It Works:

The version identifier becomes part of the resource address. Clients specify which version they want simply by constructing the appropriate URL. The server routes requests based on the URL path.

From an implementation perspective, this can be handled through:

Separate routers per version (clear separation, some duplication)
Version-aware routing middleware (shared logic, version switching)
Reverse proxy routing (infrastructure-level, completely separated deployments)

Advantages

•Maximum visibility — Version is immediately apparent in any URL, log, or documentation
•Browser-friendly — URLs can be tested directly in a browser; no special headers needed
•Excellent cacheability — Different versions have different URLs, so caching is straightforward
•Tooling compatibility — Virtually all HTTP tools, proxies, and load balancers work naturally
•Easy to understand — Even non-technical stakeholders grasp the versioning scheme
•Documentation clarity — API docs can organize by version with distinct base URLs

Disadvantages

•Not 'RESTfully pure' — The resource identity (/users/123) should arguably be version-independent
•URL proliferation — Every endpoint multiplied by versions; can complicate routing
•Client code coupling — Upgrading versions requires changing URLs throughout client code
•Hypermedia challenges — Links returned in responses must be version-aware
•No partial versioning — Difficult to version individual endpoints independently

url-path-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Express.js URL Path Versioning Example
import express from 'express';
 
const app = express();
 
// Version 1 API routes
const v1Router = express.Router();
v1Router.get('/users/:id', (req, res) => {
    // V1 returns a simple user object
    const user = {
        id: req.params.id,
        name: "John Doe",
        email: "john@example.com"
    };
    res.json(user);
});
 
// Version 2 API routes
const v2Router = express.Router();
v2Router.get('/users/:id', (req, res) => {
    // V2 returns a richer, restructured response
    const user = {
        id: req.params.id,
        profile: {
            displayName: "John Doe",
            avatar: "https://cdn.example.com/avatars/123.jpg"
        },
        contact: {
            email: "john@example.com",
            emailVerified: true
        },
        metadata: {
            createdAt: "2024-01-15T10:30:00Z",
            updatedAt: "2024-06-20T14:22:00Z"
        }
    };
    res.json(user);
});
 
// Mount versioned routers
app.use('/v1', v1Router);
app.use('/v2', v2Router);
 
// Requests to /v1/users/123 get V1 format
// Requests to /v2/users/123 get V2 format

Real-World Usage:

GitHub API: Uses /repos/octocat/Hello-World pattern with version communicated separately, but moved toward path versioning for newer APIs
Twitter API v2: Explicitly uses /2/tweets path structure
Stripe API: Uses the pattern https://api.stripe.com/v1/charges for core versioning

When to Choose URL Path Versioning:

Public APIs where discoverability and simplicity matter
APIs consumed by diverse clients (mobile, web, IoT, third-party)
When you expect major version changes to be infrequent (annually or less)
When caching by URL is important for your performance model
When you want version to be visible in logs, monitoring, and debugging

Query Parameter Versioning

Query Parameter Versioning places the version identifier as a query parameter:

https://api.example.com/users/123?version=1
https://api.example.com/users/123?v=2
https://api.example.com/users/123?api-version=2024-01-15

This approach treats version as a parameter rather than a structural part of the URL. While less common than URL path versioning, it has specific use cases where it shines.

How It Works:

Advantages

•Simple implementation — Just parse a query parameter; minimal routing changes
•Optional by default — Easy to provide a default version when parameter is omitted
•Flexible versioning schemes — Can use dates, semver, or any string format
•Preserves URL structure — Resource URLs remain clean and version-independent
•Easy client upgrade — Clients can experiment by changing a single parameter

Disadvantages

•Caching complications — Cache keys must include query parameters, which some caches ignore
•Less visible — Version can be easily overlooked in URLs and logs
•Query parameter pollution — Adds clutter alongside other parameters
•Default version ambiguity — If the default changes, clients without explicit version break
•Optional invites omission — Clients may forget to specify, causing inconsistent behavior

query-param-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
// Express.js Query Parameter Versioning
import express from 'express';
 
const app = express();
 
// Version resolution middleware
const resolveApiVersion = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const version = req.query.version || req.query.v || req.query['api-version'];
    
    // Default to latest stable version if not specified
    req.apiVersion = version ? parseInt(version as string) : 2;
    
    // Validate version
    const supportedVersions = [1, 2, 3];
    if (!supportedVersions.includes(req.apiVersion)) {
        return res.status(400).json({
            error: 'UNSUPPORTED_VERSION',
            message: `Version ${req.apiVersion} is not supported. Supported: ${supportedVersions.join(', ')}`,
            suggestedVersion: 2
        });
    }
    
    next();
};
 
app.use(resolveApiVersion);
 
// Single endpoint handles all versions
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    
    switch (req.apiVersion) {
        case 1:
            // V1: Simple flat structure
            return res.json({
                id: userId,
                name: "John Doe",
                email: "john@example.com"
            });
            
        case 2:
            // V2: Nested structure with more fields
            return res.json({
                id: userId,
                profile: {
                    displayName: "John Doe",
                    email: "john@example.com"
                },
                createdAt: "2024-01-15T10:30:00Z"
            });
            
        case 3:
            // V3: HATEOAS links, richer metadata
            return res.json({
                data: {
                    id: userId,
                    type: "user",
                    attributes: {
                        displayName: "John Doe",
                        email: "john@example.com"
                    }
                },
                links: {
                    self: `/users/${userId}?version=3`,
                    posts: `/users/${userId}/posts?version=3`
                }
            });
    }
});
 
// Requests:
// GET /users/123?version=1  → V1 response
// GET /users/123?v=2        → V2 response
// GET /users/123            → V2 response (default)

The Default Version Trap

Real-World Usage:

AWS APIs: Many AWS services use ?Version=2012-12-01 format with date-based versions
Azure APIs: Often use ?api-version=2023-05-01 pattern
Google APIs: Some use ?v=2 for simpler version specification

When to Choose Query Parameter Versioning:

APIs with frequent, fine-grained version changes
When you want to provide a sensible default for casual usage
Internal APIs where discoverability is less critical
When your caching layer properly handles query parameters
APIs that already have rich query parameter usage (version fits naturally)

Header Versioning

Header Versioning communicates the version through a custom HTTP header:

GET /users/123 HTTP/1.1
Host: api.example.com
X-API-Version: 2

---

GET /users/123 HTTP/1.1
Host: api.example.com
Api-Version: 2024-01-15

This approach keeps URLs completely clean of version information, placing versioning in the metadata layer of HTTP. It's considered more 'RESTfully pure' by some practitioners.

How It Works:

Common header names include:

X-API-Version (the 'X-' prefix is technically deprecated but widely used)
Api-Version (cleaner, modern approach)
Accept-Version (mirrors content negotiation patterns)

Advantages

•Clean URLs — Resource identifiers remain pure and version-independent
•REST purity — Version is metadata, not part of the resource address
•Flexible versioning — Can combine with content negotiation for sophisticated schemes
•Easy header propagation — SDK clients can set version once and forget
•No URL changes on upgrade — Clients change only the header value

Disadvantages

•Not browser-friendly — Can't test in browser address bar; requires tools like curl or Postman
•Less discoverable — Version is invisible when sharing or logging URLs
•Caching complexity — Caches must be configured to Vary on the version header
•CORS considerations — Custom headers may require preflight OPTIONS requests
•Documentation burden — Must clearly document header requirement and values

header-versioning-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Express.js Header Versioning
import express from 'express';
 
const app = express();
 
// CORS configuration to allow custom version header
app.use((req, res, next) => {
    res.header('Access-Control-Allow-Headers', 'Api-Version, Content-Type, Authorization');
    res.header('Access-Control-Expose-Headers', 'Api-Version');
    next();
});
 
// Version extraction middleware
const extractApiVersion = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // Check multiple possible header names
    const versionHeader = 
        req.headers['api-version'] || 
        req.headers['x-api-version'] || 
        req.headers['accept-version'];
    
    if (!versionHeader) {
        return res.status(400).json({
            error: 'VERSION_REQUIRED',
            message: 'Api-Version header is required',
            example: 'Api-Version: 2',
            supportedVersions: ['1', '2', '3']
        });
    }
    
    const version = parseInt(versionHeader as string);
    
    if (isNaN(version) || version < 1 || version > 3) {
        return res.status(400).json({
            error: 'INVALID_VERSION',
            message: `Version '${versionHeader}' is not valid`,
            supportedVersions: ['1', '2', '3']
        });
    }
    
    req.apiVersion = version;
    
    // Echo version back in response for clarity
    res.header('Api-Version', version.toString());
    
    next();
};
 
app.use(extractApiVersion);
 
// Versioned endpoint
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    const version = req.apiVersion;
    
    // Set Vary header for caching
    res.header('Vary', 'Api-Version');
    
    // Version-specific response logic
    if (version === 1) {
        return res.json({
            id: userId,
            name: "John Doe",
            email: "john@example.com"
        });
    }
    
    if (version === 2) {
        return res.json({
            user: {
                id: userId,
                displayName: "John Doe",
                email: "john@example.com",
                createdAt: "2024-01-15T10:30:00Z"
            }
        });
    }
    
    // Version 3
    return res.json({
        data: {
            type: "user",
            id: userId,
            attributes: {
                displayName: "John Doe",
                email: "john@example.com"
            }
        },
        meta: {
            requestedVersion: 3
        }
    });
});
 
// Client usage with curl:
// curl -H "Api-Version: 2" https://api.example.com/users/123

Vary Header is Critical

Real-World Usage:

GitHub API: Originally used custom X-GitHub-Api-Version header (now moving toward other approaches)
Stripe API: Uses Stripe-Version header alongside other mechanisms
Microsoft Graph: Supports api-version header for version specification

When to Choose Header Versioning:

APIs consumed primarily through SDKs that can set headers automatically
When URL cleanliness is important for your use case
When you're committed to proper caching configuration
Internal APIs where tooling requirements are controlled
APIs where CORS isn't a concern (same-origin or backend-to-backend)

Content Negotiation (Accept Header Versioning)

Content Negotiation Versioning uses the standard HTTP Accept header with a custom media type that includes version information:

GET /users/123 HTTP/1.1
Host: api.example.com
Accept: application/vnd.example.v2+json

---

GET /users/123 HTTP/1.1
Host: api.example.com
Accept: application/vnd.example.user-v2+json

How It Works:

Media type formats vary:

application/vnd.company.v2+json — Version in media type
application/vnd.company+json; version=2 — Version as parameter
application/vnd.company.resource.v2+json — Resource-specific versioning

Advantages

•Most RESTful — Uses HTTP mechanisms as designed; version is truly a representation variant
•Resource-level versioning — Can version specific resources independently
•Full content negotiation — Can combine version with format (JSON, XML) negotiation
•Clean URLs — Resource identifiers remain completely pure
•Standards-based — Uses well-understood HTTP content negotiation semantics

Disadvantages

•Highest complexity — Parsing Accept headers correctly is non-trivial
•Least discoverable — Version is deeply buried in header content
•Browser testing impossible — Requires programmatic tools for any testing
•Caching even more complex — Vary on Accept; many caches struggle
•Steep learning curve — Many developers unfamiliar with content negotiation

content-negotiation-example
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Express.js Content Negotiation Versioning
import express from 'express';
 
const app = express();
 
interface MediaTypeInfo {
    vendor: string;
    version: number;
    format: string;
}
 
// Parse vendor media type to extract version
function parseVendorMediaType(accept: string): MediaTypeInfo | null {
    // Matches: application/vnd.example.v2+json
    // or: application/vnd.example+json; version=2
    
    const patterns = [
        // vnd.company.v2+json format
        /application\/vnd\.([a-z]+)\.v(\d+)\+([a-z]+)/i,
        // vnd.company+json; version=2 format  
        /application\/vnd\.([a-z]+)\+([a-z]+);\s*version=(\d+)/i,
    ];
    
    for (const pattern of patterns) {
        const match = accept.match(pattern);
        if (match) {
            if (pattern === patterns[0]) {
                return {
                    vendor: match[1],
                    version: parseInt(match[2]),
                    format: match[3]
                };
            } else {
                return {
                    vendor: match[1],
                    version: parseInt(match[3]),
                    format: match[2]
                };
            }
        }
    }
    
    return null;
}
 
// Content negotiation middleware
const negotiateContent = (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const accept = req.headers.accept || '';
    
    // Check for vendor media type
    const mediaInfo = parseVendorMediaType(accept);
    
    if (!mediaInfo) {
        // Check if they specified any Accept header
        if (accept && !accept.includes('*/*') && !accept.includes('application/json')) {
            return res.status(406).json({
                error: 'NOT_ACCEPTABLE',
                message: 'Unsupported media type. Use: application/vnd.example.v{VERSION}+json',
                supportedMediaTypes: [
                    'application/vnd.example.v1+json',
                    'application/vnd.example.v2+json',
                    'application/vnd.example.v3+json'
                ]
            });
        }
        
        // Default to latest version with JSON
        req.apiVersion = 3;
        req.responseFormat = 'json';
    } else {
        if (mediaInfo.vendor !== 'example') {
            return res.status(406).json({
                error: 'UNKNOWN_VENDOR',
                message: `Unknown vendor: ${mediaInfo.vendor}`
            });
        }
        
        if (mediaInfo.version < 1 || mediaInfo.version > 3) {
            return res.status(406).json({
                error: 'UNSUPPORTED_VERSION',
                message: `Version ${mediaInfo.version} is not supported`,
                supportedVersions: [1, 2, 3]
            });
        }
        
        req.apiVersion = mediaInfo.version;
        req.responseFormat = mediaInfo.format;
    }
    
    next();
};
 
app.use(negotiateContent);
 
// Versioned endpoint
app.get('/users/:id', (req, res) => {
    const userId = req.params.id;
    const version = req.apiVersion;
    
    // Set Content-Type to reflect negotiated version
    res.header('Content-Type', `application/vnd.example.v${version}+json`);
    res.header('Vary', 'Accept');
    
    switch (version) {
        case 1:
            return res.json({
                id: userId,
                name: "John Doe",
                email: "john@example.com"
            });
            
        case 2:
            return res.json({
                user: {
                    id: userId,
                    profile: {
                        displayName: "John Doe"
                    },
                    contact: {
                        email: "john@example.com"
                    }
                }
            });
            
        case 3:
            return res.json({
                type: "user",
                id: userId,
                attributes: {
                    displayName: "John Doe",
                    email: "john@example.com"
                },
                links: {
                    self: `/users/${userId}`
                }
            });
    }
});
 
// Client usage:
// curl -H "Accept: application/vnd.example.v2+json" https://api.example.com/users/123

Real-World Usage:

GitHub API (original): Used application/vnd.github.v3+json format
Kubernetes API: Uses group/version in Accept headers for resource versioning
Some Google APIs: Support content negotiation for version selection

When to Choose Content Negotiation:

When RESTful purity is important to your architecture
APIs that already use content negotiation for format (JSON/XML)
When you need resource-level versioning (different endpoints at different versions)
Sophisticated API consumers who understand content negotiation
When you have full control over caching infrastructure

Strategy Comparison Matrix

With all four strategies covered, let's compare them systematically across key dimensions to help inform your decision:

Versioning Strategies: Comprehensive Comparison
Dimension	URL Path	Query Param	Header	Content Neg.
Visibility	★★★★★	★★★☆☆	★★☆☆☆	★☆☆☆☆
Browser Testing	★★★★★	★★★★★	★☆☆☆☆	★☆☆☆☆
Caching Simplicity	★★★★★	★★★☆☆	★★☆☆☆	★★☆☆☆
URL Cleanliness	★★☆☆☆	★★★☆☆	★★★★★	★★★★★
REST Purity	★★☆☆☆	★★★☆☆	★★★★☆	★★★★★
Implementation Complexity	★★★★☆	★★★★★	★★★☆☆	★★☆☆☆
CORS Friendliness	★★★★★	★★★★★	★★★☆☆	★★★☆☆
Resource-level Versioning	★☆☆☆☆	★★☆☆☆	★★★☆☆	★★★★★
Wide Adoption	★★★★★	★★★★☆	★★★☆☆	★★☆☆☆

The Pragmatic Choice

Decision Framework:

Choose URL Path when:

Building a public API for diverse consumers
Discoverability and documentation clarity matter
You want minimal caching surprises

Choose Query Parameter when:

You have frequent, date-based version releases
Providing a sensible default is important
The API already has rich query parameter usage

Choose Header when:

Consumers use SDKs that handle headers automatically
URL aesthetics are important to your design
You're in a controlled environment (internal APIs, known clients)

Choose Content Negotiation when:

RESTful architecture is a core value
You need resource-level versioning
Your consumers are technically sophisticated
You have complex content type requirements

Hybrid and Alternative Approaches

In practice, many APIs use hybrid approaches or variations that don't fit neatly into the four categories above.

Date-Based Versioning:

Some APIs use dates instead of numbers:

/users/123?api-version=2024-01-15
Stripe-Version: 2024-01-15

This approach ties versions to release dates, making it clear when the version was released and enabling frequent releases without confusing version number inflation. Stripe pioneered this approach.

Pin to Version + Default Latest:

Some APIs let you 'pin' a version but default to latest:

# Account setting locks API version
Stripe-Version: 2024-01-15

# Or, without setting, you get the latest

This reduces friction for new integrators while protecting existing ones.

Multi-Strategy Support:

Some APIs support multiple versioning mechanisms simultaneously:

# URL version  
/v2/users/123

# OR Query parameter
/users/123?version=2

# OR Header
Api-Version: 2

The server uses precedence rules: Header > Query > URL (or similar). This provides flexibility but adds implementation complexity.

GraphQL Versioning:

GraphQL APIs challenge traditional versioning because the query language allows clients to request exactly what they need. GraphQL philosophy suggests:

Avoid versions entirely through field deprecation
Add new fields without removing old ones
Mark deprecated fields in schema
Eventually remove after sufficient migration time

This works well when you control client and server, but may not suit all contexts.

Stripe's Date-Based Model

Summary: Choosing Your Strategy

We've covered the full landscape of API versioning strategies. Let's consolidate the key insights:

Key Takeaways

•URL Path Versioning is the most visible, cacheable, and widely adopted approach—the safe default for public APIs.
•Query Parameter Versioning works well for date-based or frequent version schemes with sensible defaults.
•Header Versioning keeps URLs clean but sacrifices discoverability and browser testability.
•Content Negotiation is the most RESTful but also most complex; suited for sophisticated environments.
•Hybrid approaches combine strategies or use innovations like date-based versions for specific benefits.
•The right choice depends on context — consumer sophistication, caching needs, tooling constraints, and API philosophy.

What's Next:

Page Complete

2 / 5