When you need to explain how a REST API works to your team, a wall of text rarely does the job. A Mermaid sequence diagram turns that API call flow into a clear, visual conversation between client, server, and database written entirely in plain text. If you've ever struggled to document how requests and responses move through your system, this article gives you working code snippets you can copy, paste, and adapt right away.

What does a Mermaid sequence diagram for a REST API call flow actually show?

A sequence diagram in Mermaid.js maps out the interactions between different actors (or participants) over time. For a REST API call flow, it typically shows:

  • The client (browser, mobile app, or frontend service) sending an HTTP request
  • The server or API gateway receiving and processing that request
  • Internal services or databases that the server talks to behind the scenes
  • The response traveling back to the client, including status codes

Unlike hand-drawn diagrams, Mermaid code lives inside your repository. It stays versioned with your code, gets reviewed in pull requests, and never drifts out of date the way a Confluence drawing does. You write the diagram as text, and a renderer turns it into a visual.

How do you write a basic REST API call in Mermaid sequence diagram syntax?

Here's a minimal example showing a client making a GET request to fetch a list of users:

sequenceDiagram
 participant Client
 participant Server
 participant Database

 Client->>Server: GET /api/users
 Server->>Database: SELECT FROM users
 Database-->>Server: Return user records
 Server-->>Client: 200 OK (JSON user list)

A few things to note in this snippet:

  • ->> represents a solid arrow (a request or call)
  • -->> represents a dashed arrow (a response or return)
  • Participants are declared at the top and rendered left to right
  • Message text after the colon describes the action or data

This is the foundation. Every REST API diagram follows this same structure you just add more detail as the flow gets more complex.

Can you show a complete CRUD REST API flow in Mermaid?

Real APIs do more than just read data. Here's a sequence diagram that covers a typical create, read, update, and delete flow through a REST API:

sequenceDiagram
 participant Client
 participant API as API Gateway
 participant Service as User Service
 participant DB as PostgreSQL

 Note over Client,DB: CREATE - POST /api/users

 Client->>API: POST /api/users (JSON body)
 API->>Service: Validate & create user
 Service->>DB: INSERT INTO users
 DB-->>Service: User created (id: 42)
 Service-->>API: 201 Created
 API-->>Client: 201 Created { id: 42 }

 Note over Client,DB: READ - GET /api/users/42

 Client->>API: GET /api/users/42
 API->>Service: Fetch user by ID
 Service->>DB: SELECT FROM users WHERE id=42
 DB-->>Service: User record
 Service-->>API: User data
 API-->>Client: 200 OK { user object }

 Note over Client,DB: UPDATE - PUT /api/users/42

 Client->>API: PUT /api/users/42 (JSON body)
 API->>Service: Validate & update user
 Service->>DB: UPDATE users SET ...
 DB-->>Service: Rows affected: 1
 Service-->>API: User updated
 API-->>Client: 200 OK { updated user }

 Note over Client,DB: DELETE - DELETE /api/users/42

 Client->>API: DELETE /api/users/42
 API->>Service: Delete user
 Service->>DB: DELETE FROM users WHERE id=42
 DB-->>Service: Rows affected: 1
 Service-->>API: User deleted
 API-->>Client: 204 No Content

The Note over syntax adds labeled sections, which helps readers scan through longer diagrams without getting lost.

How do you handle authentication in a REST API sequence diagram?

Most production APIs require authentication. Showing the auth step makes the diagram much more realistic. Here's an example using JWT token-based authentication:

sequenceDiagram
 participant Client
 participant API
 participant Auth as Auth Service
 participant DB

 Client->>API: POST /api/auth/login { email, password }
 API->>Auth: Validate credentials
 Auth->>DB: SELECT user WHERE email = ...
 DB-->>Auth: User record + hashed password
 Auth->>Auth: Compare password hash
 Auth-->>API: Credentials valid
 API-->>Client: 200 OK { access_token, refresh_token }

 Note over Client,DB: Authenticated request

 Client->>API: GET /api/users/42 (Bearer token)
 API->>Auth: Verify JWT token
 Auth-->>API: Token valid (user_id: 42)
 API->>DB: SELECT FROM users WHERE id=42
 DB-->>API: User record
 API-->>Client: 200 OK { user object }

This shows two distinct phases: the login exchange and then a subsequent authenticated request. You can use fragments like alt and loop to show branching logic such as failed login attempts or token refresh cycles. We cover those patterns in more detail in our guide on alt and loop fragments in sequence diagrams.

How do you show error handling and conditional flows?

Not every API call succeeds. A good diagram shows what happens when things go wrong. Mermaid's alt fragment lets you draw two branches the happy path and the error path:

sequenceDiagram
 participant Client
 participant API
 participant DB

 Client->>API: GET /api/users/999

 alt User found
 API->>DB: SELECT FROM users WHERE id=999
 DB-->>API: User record
 API-->>Client: 200 OK { user }
 else User not found
 API->>DB: SELECT FROM users WHERE id=999
 DB-->>API: No results
 API-->>Client: 404 Not Found { error: "User not found" }
 end

You can nest alt blocks and combine them with opt (optional) or loop (repeating) fragments depending on how detailed you need the flow to be.

What common mistakes break Mermaid REST API diagrams?

Working with these diagrams regularly reveals a few recurring issues:

  • Missing arrow types. Using ->> everywhere instead of -->> for responses makes the diagram hard to read. Solid arrows mean calls; dashed arrows mean returns.
  • Too many participants on one diagram. Once you pass six or seven participants, the diagram gets wide and messy. Split it into multiple diagrams if needed.
  • Forgetting the end keyword on fragments. Every alt, loop, or opt block must close with end. Omitting it gives you a syntax error with no helpful message.
  • Writing vague message labels. "Do stuff" or "process request" tells the reader nothing. Be specific: "Validate JWT token" or "Insert order record."
  • No status codes in responses. Including HTTP status codes (200, 201, 404, 500) in your response messages makes the diagram actually useful for debugging.

For broader habits around writing diagrams as code, our article on sequence diagram as code best practices covers patterns that apply to any text-based diagramming tool.

How do you keep API sequence diagrams readable as they grow?

Real-world microservice architectures involve many services talking to each other. A few techniques keep the diagrams manageable:

  1. Use participant aliases. Write participant US as User Service so you can keep the diagram compact while using descriptive names in the legend.
  2. Add section notes. The Note over syntax groups related interactions and acts as visual headings within a long diagram.
  3. Split by endpoint or use case. One diagram per API endpoint or user story is easier to maintain than one massive diagram for the entire system.
  4. Use activation boxes. The + and - syntax shows when a participant is actively processing, which helps clarify timing in async flows.
  5. Render early and often. Mermaid syntax errors give poor feedback. Use the Mermaid Live Editor to check your diagram as you write it.

Where can you embed Mermaid sequence diagrams?

Mermaid diagrams render natively in many tools developers already use:

  • GitHub Mermaid blocks in Markdown files and issues render automatically
  • GitLab Same native support in Markdown
  • Notion Using a Mermaid code block or integration
  • VS Code Preview with the Mermaid extension
  • Confluence Via the Mermaid diagram plugin
  • Static site generators Tools like MkDocs, Docusaurus, and Hugo all support Mermaid rendering

This portability is the main reason teams choose text-based diagrams over drag-and-drop tools. The diagram code travels with your documentation wherever it goes.

Quick reference checklist for your next REST API diagram

  1. List all participants (client, gateway, services, databases) before writing the flow
  2. Map out the HTTP method, path, and body for each request
  3. Include HTTP status codes in every response message
  4. Use alt/else blocks to show error and success paths
  5. Add Note over sections to label major phases (auth, data access, etc.)
  6. Test your code in the Mermaid Live Editor before committing it
  7. Keep each diagram focused on one endpoint or one user journey

Start by writing a diagram for the single API endpoint your team debates most. Share it in your next pull request or architecture review. You'll be surprised how quickly a 30-line text snippet clears up confusion that Slack messages and emails never could.