Richardson Maturity Model

1. What is Richardson Maturity Model

Leonard Richardson analyzed a hundred different web service designs and divided these designs into four categories. These categories are based on how much the web services are REST compliant.

This model of division of REST services to identify their maturity level – is called Richardson Maturity Model.

The levels of maturity according to Richardson’s model

Richardson used three main factors to decide the maturity of a service. These factors are

  1. URI,
  2. HTTP Methods,
  3. HATEOAS (Hypermedia)

The more a service employs these factors – the more mature it shall be considered.

2. Maturity Levels

In his analysis, Richardson described total 4 maturity levels as given below:

Richardson Maturity Model
  • Level Zero
  • Level One
  • Level Two
  • Level Three

Note that Roy Fielding has already made it very clear that level 3 RMM is a pre-condition of REST.

2.1. Level Zero

Level zero of maturity does not make use of any of URI, HTTP Methods, and HATEOAS capabilities.

The services at zero maturity level have a single URI and use a single HTTP method (typically POST).

For example, most SOAP Web Services use a single URI to identify an endpoint, and HTTP POST to transfer SOAP-based payloads, effectively ignoring the rest of the HTTP verbs.

Similarly, XML-RPC-based services send data as Plain Old XML (POX).

These are the most primitive ways of building SOA applications with a single POST method endpoint and using XML to communicate between the client and the server.

2.2. Level One

Level one of maturity makes use of URIs, but does not use the HTTP Methods, and HATEOAS.

The services at maturity level one employ many URIs but only a single HTTP verb – generally HTTP POST.

These services will give each resource, available in the system, a unique URI. A unique URI separately identifies one unique resource – and that makes these services better than level zero.

2.3. Level Two

Level two of maturity makes use of URIs and HTTP Methods, but does not use the HATEOAS.

The level two services generally host numerous URIs i.e. addressable resources.

Such services support several of the HTTP verbs on each exposed resource – Create, Read, Update and Delete (CRUD) services. Here the state of resources, typically representing business entities, can be manipulated over the network.

The designers of the level two services expect people to put some effort into mastering the APIs – generally by reading the supplied documentation.

Maturity level 2 is the most popular usecase of REST principles, which advocate using different verbs based on the HTTP request methods, while the system can have multiple resources.

2.4. Level Three

Level three of maturity makes use of all three, i.e. URIs and HTTP, and HATEOAS.

Level three is the most mature level of Richardson’s model, which encourages easy discoverability. This level makes it easy for the responses to be self-descriptive by using HATEOAS.

Level three services lead the service consumers through a trail of resources, causing application state transitions as a result.


Act Three: The Maturity Heuristic


  1. is it worth trying to reach Level 3 according to the Richardson maturity model? Please describe a case when it could be beneficial.

  2. Thank you so much, really great explanation.
    How can I ensure the level three REST? Could you please provide reference of any real time example which uses HATEOAS?

  3. Hi, thank for the author for explaining the Maturity Model. I am wondering that if I developed an API that is capable, say, to the level 2 of the Maturity Model, can that still be called RESTful API. Thanks.


Leave a Comment