WEB API's Lesson 14 – Pagination & Filtering | Dataplexa

Web APIs

I. API Fundamentals
1. Introduction to Web APIs 2. What is an API 3. API Types 4. Client–Server Model 5. HTTP Basics 6. HTTP Methods 7. HTTP Status Codes 8. Request and Response
II. RESTful APIs & HTTP
9. REST Architecture 10. REST Principles 11. Designing REST APIs 12. Resource Modeling 13. CRUD Operations 14. Pagination & Filtering 15. Versioning APIs 16. Error Handling in APIs
III. Advanced APIs & Security
17. Authentication Basics 18. Authorization 19. API Keys 20. OAuth Basics 21. JWT Authentication 22. CORS 23. Rate Limiting 24. API Security Best Practices
IV. Projects, Testing & Best Practices
25. API Documentation 26. OpenAPI & Swagger 27. Testing APIs 28. Postman 29. Monitoring & Logging 30. API Performance 31. Mini Project – REST API 32. Mini Project – Auth API 33. Mini Project – API Gateway 34. API Case Study 35. Real-World Use Cases 36. Project Planning 37. Final Project 38. Deployment 39. Course Review 40. Career Roadmap
Web APIs · Lesson 14

Pagination & Filtering

Transform overwhelming data dumps into precise, manageable API responses that scale from thousands to millions of records.

GitHub's repository search API handles 28 billion files across millions of repositories. Without pagination and filtering, a single request could crash browsers and overwhelm servers. Instead, they serve exactly what developers need, when they need it, in digestible chunks.

Raw data access kills user experience. When your API returns 50,000 user records in a single response, mobile apps freeze, network timeouts spike, and frustrated developers abandon integration. Smart APIs never dump everything at once.

Pagination splits large datasets into numbered pages, like chapters in a book. Filtering narrows results by specific criteria before pagination kicks in. Together, they transform unusable fire-hose APIs into precise, performant interfaces that developers love.

Real Performance Impact
Stripe's transaction API without pagination would return 2TB of data for enterprise customers. With 100-record pages and smart filtering, the same information loads in 200ms instead of never.

Understanding Pagination Strategies

Every API faces the same fundamental problem: how do you serve massive datasets without breaking the internet?

Three main pagination approaches dominate modern APIs. Offset-based pagination uses page numbers and record counts. Cursor-based pagination uses opaque tokens pointing to specific records. Token-based pagination combines timestamps or IDs with directional scanning.

Each approach solves different scale problems. Offset pagination works perfectly for small datasets where users jump between page 1, 5, and 12. Cursor pagination handles massive, constantly-changing datasets where traditional page numbers become meaningless.

1
Client requests first page with page size limit
2
API calculates total record count and available pages
3
Server returns page data plus navigation metadata
4
Client uses metadata to request next, previous, or specific pages
Concept
Pagination
Type
Data Access Pattern
Used for
Large Dataset Navigation
RFC/Spec
REST Conventions
Status
Production Standard
The APIForge Backend team faces a concrete challenge: their user dashboard needs to display team activity logs, but popular accounts generate 10,000+ events daily. Loading everything breaks mobile apps and costs bandwidth dollars.
Pagination Type What it does APIForge use case
Offset-based Uses page numbers and record skipping Team member list with 25 users per page
Cursor-based Uses opaque tokens for position tracking Real-time activity feed with continuous scroll
Token-based Uses timestamps or IDs for range queries Historical API usage reports by date ranges 
GET /api/v1/activity-logs?page=1&limit=50
Host: apiforge.dev
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...

# APIForge Backend team implements offset pagination
# Returns 50 activity records starting from the beginning
# Includes navigation metadata for client-side paging controls
HTTP/1.1 200 OK Content-Type: application/json X-Total-Count: 2847 X-Page-Count: 57 { "data": [ { "id": "log_3k9x2m", "user": "sarah.chen", "action": "api_key_created", "timestamp": "2024-01-15T14:23:12Z", "details": { "key_name": "staging_backend" } }, { "id": "log_3k9x1n", "user": "mike.torres", "action": "endpoint_deployed", "timestamp": "2024-01-15T14:20:45Z" } ], "pagination": { "current_page": 1, "total_pages": 57, "total_records": 2847, "per_page": 50, "has_next": true, "has_previous": false } }
What just happened?
The API returned 50 records from a 2,847 record dataset. The pagination object tells the client there are 56 more pages available, and provides navigation state for building next/previous buttons. Try this: Notice how the X-Total-Count header gives the client the full dataset size for progress indicators.

Filtering Strategies That Scale

Pagination without filtering is like having a library with perfect shelves but no search system.

Effective filtering happens at the database level before pagination calculations begin. When a client requests active users from the last 30 days, your API shouldn't paginate through inactive accounts from 2019. The filter narrows the dataset, then pagination organizes the results.

Query parameters handle simple filters. POST requests with filter objects handle complex scenarios. Some APIs support SQL-like expressions, while others use predefined filter presets. The key principle remains constant: filter first, paginate second.

Simple Query Filters
Use URL parameters for basic field matching, date ranges, and boolean flags
Complex Filter Objects
Use POST requests with JSON filter expressions for multiple conditions and operators
Predefined Filter Sets
Offer named filter combinations that users commonly request
Search Integration
Combine full-text search with structured filters for comprehensive discovery
The APIForge Security team monitors API access patterns across thousands of endpoints. They need filtered views showing failed authentication attempts, specific IP ranges, and time-based incident correlation. Raw logs contain millions of entries, but filtered results pinpoint actual threats. 
GET /api/v1/security-logs?status=failed&ip_range=203.45.67.0/24&since=2024-01-15T00:00:00Z&page=1&limit=25
Host: apiforge.dev
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...

# APIForge Security team filters for failed auth attempts
# From specific IP subnet in the last 24 hours
# Returns paginated results for security dashboard
HTTP/1.1 200 OK Content-Type: application/json X-Total-Count: 127 X-Filtered-From: 2847391 { "data": [ { "id": "sec_8x4m2p", "timestamp": "2024-01-15T23:45:12Z", "ip_address": "203.45.67.142", "status": "failed", "reason": "invalid_api_key", "endpoint": "/api/v1/users", "user_agent": "curl/7.68.0" }, { "id": "sec_8x4m1q", "timestamp": "2024-01-15T23:44:58Z", "ip_address": "203.45.67.089", "status": "failed", "reason": "rate_limit_exceeded" } ], "filters_applied": { "status": "failed", "ip_range": "203.45.67.0/24", "since": "2024-01-15T00:00:00Z" }, "pagination": { "current_page": 1, "total_pages": 6, "total_records": 127, "per_page": 25 } }
What just happened?
The API filtered 2.8 million security logs down to 127 matching records, then paginated those results. The filters_applied object confirms exactly what criteria were used, preventing client-side confusion. The X-Filtered-From header shows the original dataset size. Try this: Notice how multiple filter parameters combine with AND logic by default.

Cursor-Based Pagination for Scale

Traditional page numbers break when datasets change constantly, but cursors stay stable no matter what.

Imagine paginating through a Twitter feed using page numbers. While you browse page 2, new tweets push older content to page 3. You'd see duplicates or miss posts entirely. Cursor pagination solves this by using opaque tokens that point to specific records, regardless of insertions or deletions.

Cursors typically encode record IDs, timestamps, or compound keys. The API returns next and previous cursor values with each response. Clients treat cursors as black boxes, never parsing or constructing them manually. This approach scales to billions of records without performance degradation.

Why Cursors Beat Offset
Facebook's Graph API uses cursors because offset-based pagination fails at scale. Requesting page 100,000 forces the database to count and skip 2.5 million records. Cursor pagination jumps directly to the target location.
The APIForge DevOps team tracks real-time deployment events across hundreds of microservices. New deployments happen every few minutes, making traditional pagination unreliable. Cursor-based pagination ensures the deployment timeline stays consistent, even during high-activity periods. 
GET /api/v1/deployments?limit=20&cursor=eyJpZCI6ImRlcGxfOHg0bTJwIiwidHMiOiIyMDI0LTAxLTE1VDIzOjQ1OjEyWiJ9
Host: apiforge.dev
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...

# APIForge DevOps team requests deployment history
# Using cursor token from previous response
# Guarantees consistent timeline view during active deployments
HTTP/1.1 200 OK Content-Type: application/json { "data": [ { "id": "depl_9y5n3q", "service": "user-auth-api", "version": "v2.1.3", "status": "successful", "deployed_at": "2024-01-15T23:42:18Z", "deployed_by": "mike.torres" }, { "id": "depl_9y5n2r", "service": "payment-gateway", "version": "v1.8.7", "status": "rollback", "deployed_at": "2024-01-15T23:38:45Z" } ], "pagination": { "next_cursor": "eyJpZCI6ImRlcGxfOXk1bjJyIiwidHMiOiIyMDI0LTAxLTE1VDIzOjM4OjQ1WiJ9", "previous_cursor": "eyJpZCI6ImRlcGxfOXk1bjNxIiwidHMiOiIyMDI0LTAxLTE1VDIzOjQyOjE4WiJ9", "has_next": true, "has_previous": true } }
What just happened?
The API returned deployments using cursor-based pagination. The next_cursor and previous_cursor tokens let clients navigate forward and backward through the timeline. Even if new deployments happen between requests, the cursor position stays stable. Try this: Cursors are typically base64-encoded JSON containing ID and timestamp information.

Advanced Filtering Patterns

Simple field matching handles 80% of filtering needs, but complex business logic demands sophisticated query capabilities.

Range queries filter numeric and date fields between minimum and maximum values. Text searches support exact matching, prefix matching, and full-text search across multiple fields. Relationship filters navigate connected data, like finding users with specific role assignments or project memberships.

Compound filters combine multiple conditions using AND, OR, and NOT operators. Some APIs support nested filter groups for complex business rules. The challenge lies in translating URL-friendly query syntax into efficient database queries without security vulnerabilities.

The APIForge Product team analyzes user engagement metrics across different subscription tiers and geographic regions. They need filtered views showing trial users who've made API calls but haven't upgraded, segmented by usage patterns and signup dates. 
// APIForge Product team uses POST-based filtering for complex queries
const filterRequest = {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGc...'
  },
  body: JSON.stringify({
    filters: {
      and: [
        { subscription_tier: 'trial' },
        { api_calls_count: { gte: 100 } },
        { signup_date: { gte: '2024-01-01', lte: '2024-01-31' } },
        { 
          or: [
            { region: 'us-east' },
            { region: 'eu-west' }
          ]
        }
      ]
    },
    pagination: {
      limit: 50,
      cursor: null
    }
  })
}
HTTP/1.1 200 OK Content-Type: application/json { "data": [ { "user_id": "usr_5k8p2m", "email": "sarah@startup.io", "subscription_tier": "trial", "api_calls_count": 847, "signup_date": "2024-01-12T10:30:00Z", "region": "us-east", "last_api_call": "2024-01-15T14:25:33Z" }, { "user_id": "usr_5k8p1n", "email": "alex@techcorp.com", "subscription_tier": "trial", "api_calls_count": 234, "signup_date": "2024-01-08T16:45:00Z", "region": "eu-west" } ], "metadata": { "total_matching": 89, "filter_execution_time": "127ms", "next_cursor": "eyJ1c2VyX2lkIjoidXNyXzVrOHAxbiJ9" } }
What just happened?
The API processed a complex filter combining AND/OR logic across multiple fields. Trial users with 100+ API calls from January in specific regions were returned. The filter_execution_time helps monitor query performance as filter complexity grows. Try this: Notice how nested boolean logic creates precise user segments for targeted analysis.

Performance Optimization Strategies

Poorly optimized pagination and filtering can transform fast APIs into unusable bottlenecks.

Database indexes make the difference between millisecond and second response times. Every filterable field needs appropriate indexing strategy. Composite indexes handle multi-field filters efficiently. But too many indexes slow down write operations, creating a delicate balance.

Caching strategies vary by data volatility. Static reference data can cache for hours. User-specific results might cache for minutes. Real-time data skips caching entirely. The key insight: cache the expensive database operations, not necessarily the final API responses.

Without Optimization
Full table scans for every filter
No query result caching
Client requests duplicate data
Response times spike with dataset growth
Database CPU maxes out during peak usage
With Optimization
Strategic indexes for common filters
Query result caching by filter signature
ETags prevent unnecessary data transfer
Consistent sub-100ms response times
Database handles 10x traffic volume
Index Strategy Warning
Every additional database index speeds up reads but slows down writes. Monitor write performance when adding indexes for new filter fields. Sometimes query optimization beats adding more indexes.
The APIForge Backend team optimizes their user search API that handles 10,000 requests per minute during peak hours. Without proper indexing and caching, response times degraded from 50ms to 3+ seconds as their user base grew past 100,000 accounts. 
GET /api/v1/users/search?q=sarah&role=admin&active=true&limit=20
Host: apiforge.dev
If-None-Match: "d85f2a4c8b1e3f7a9c6d4e2f8a1b5c3d"
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...

# APIForge Backend team adds ETag caching
# Composite index on (role, active, search_vector) fields  
# Query result cached by filter combination hash
HTTP/1.1 200 OK Content-Type: application/json ETag: "f93e8a2d7c4b1e6f9a3c5d2e8b1a4f7c" Cache-Control: private, max-age=300 X-Query-Time: 23ms { "data": [ { "user_id": "usr_7m3k9p", "name": "Sarah Chen", "email": "sarah.chen@apiforge.dev", "role": "admin", "active": true, "last_login": "2024-01-15T14:20:15Z" } ], "search_meta": { "query": "sarah", "total_matches": 3, "index_used": "users_role_active_search_idx", "cache_status": "miss" } }
What just happened?
The API executed a filtered search in 23ms using a composite database index. The ETag header enables client-side caching - future identical requests return 304 Not Modified responses. The search_meta object helps debug performance issues by showing which index was used. Try this: Compare response times before and after adding appropriate database indexes.

Client-Side Integration Patterns

Pagination and filtering APIs are only valuable when clients can integrate them smoothly into user interfaces.

Infinite scroll interfaces use cursor-based pagination, loading new content as users reach the bottom. Traditional pagination UI works best with offset-based approaches that support jumping to specific pages. Search interfaces combine filtering with debounced input handling to avoid excessive API calls.

State management becomes crucial when clients need to maintain filter state, pagination position, and cached results across navigation. URL synchronization keeps filter and page state shareable and bookmarkable. Loading states and optimistic updates keep interfaces responsive during API calls.

The APIForge Frontend team builds dashboard components that display filtered, paginated data with smooth user experience. Their challenge: keeping filter state synchronized between URL parameters, component state, and API requests while handling loading states gracefully. 
// APIForge Frontend team implements debounced search with state sync
class DataTable {
  constructor() {
    this.filters = this.parseFiltersFromURL();
    this.pagination = { page: 1, limit: 25 };
    this.debounceTimer = null;
  }

  updateFilters(newFilters) {
    clearTimeout(this.debounceTimer);
    this.debounceTimer = setTimeout(() => {
      this.filters = { ...this.filters, ...newFilters };
      this.pagination.page = 1; // Reset to first page
      this.updateURL();
      this.fetchData();
    }, 300);
  }

  async fetchData() {
    const params = new URLSearchParams({
      ...this.filters,
      page: this.pagination.page,
      limit: this.pagination.limit
    });
    
    const response = await fetch(`/api/v1/users?${params}`);
    return await response.json();
  }
}
// Example component usage with state synchronization const dataTable = new DataTable(); // User types in search box - debounced API call dataTable.updateFilters({ q: 'sarah', role: 'admin' }); // URL updates to: /dashboard?q=sarah&role=admin&page=1&limit=25 // API request: GET /api/v1/users?q=sarah&role=admin&page=1&limit=25 // User clicks page 3 - immediate API call dataTable.pagination.page = 3; dataTable.fetchData(); // URL updates to: /dashboard?q=sarah&role=admin&page=3&limit=25 // Filter state maintained across page navigation
What just happened?
The client-side component manages filter state, pagination state, and URL synchronization. Debounced search prevents excessive API calls while the user types. Resetting to page 1 after filter changes prevents showing empty results from non-existent pages. Try this: Add loading states and error handling to provide complete user feedback during API interactions.

Conclusion

Smart pagination and filtering transform overwhelming APIs into precise, usable interfaces that scale with your data growth.

The techniques covered here handle everything from simple user lists to complex business intelligence queries. Offset pagination serves traditional page-based interfaces. Cursor pagination scales to massive, real-time datasets. Advanced filtering enables sophisticated data exploration without overwhelming clients or servers.

Performance optimization through strategic indexing, intelligent caching, and client-side state management creates APIs that stay fast as data volumes explode. Your users get exactly the data they need, when they need it, without the bloat.

Remember: Great pagination and filtering feels invisible to end users. They simply find what they need quickly, without thinking about the elegant engineering that makes it possible.

Quiz

1. The APIForge DevOps team needs to paginate through deployment logs that get new entries every few minutes. Why would cursor-based pagination work better than offset-based pagination?

2. When implementing filtering with pagination, what's the correct order of operations for optimal performance?

3. The APIForge Frontend team builds a user interface where users can filter data and navigate between pages. When a user changes a filter, what should happen to maintain good user experience?

Up Next
Versioning APIs
APIForge Backend team plans API evolution strategies that keep existing integrations working while rolling out new features.
← Previous Course Index Next →