@RestController = @Controller + @ResponseBody. Every method return value is serialised to JSON (via Jackson) and written directly to the HTTP response body.

@RequestMapping at class level sets the base path. Constructor injection in controllers — @Autowired on the field is wrong here too.

One-sentence mental model: the front controller that routes all HTTP requests to the correct @RestController method based on URL, HTTP method, and content type.

• @PathVariable — identity: /users/{id}
• @RequestParam — filter/option: /users?status=active
• Rule of thumb: identity → path, filter/option → query param

• @RequestBody — JSON → Java object via Jackson. Requires Content-Type: application/json.
• @RequestHeader — reading a specific header value

Return type choices: plain object (Spring picks 200 OK) vs ResponseEntity<T> when you need to control status code, headers, or conditional body.

@Valid on @RequestBody triggers Bean Validation. Put constraint annotations on the DTO fields, not the entity.

• @NotNull / @NotBlank — null vs empty string distinction
• @Size(min, max) — string length or collection size
• @Min / @Max — numeric bounds
• @Email / @Pattern — format validation

@Validated supports group validation and works on the service layer too. @Valid is the standard JSR-303 annotation — works on @RequestBody params. Without a handler, validation failures return a noisy 400 — you want to intercept this.

Global exception handler — applies to all controllers. @ExceptionHandler(SomeException.class) maps an exception type to a structured error response. Specific handlers win over general ones.

The pattern: timestamp, status, error, message, path. Spring Boot 3.x supports Problem Details (RFC 7807) natively via ProblemDetail.