How RESTful Is Your REST?
Upcoming SlideShare
Loading in...5

How RESTful Is Your REST?



The rise of Mobile and the diversity its technologies make exposing a RESTfull API the most crucial capability of any application and the key to its success. In the absence of widely adopted best ...

The rise of Mobile and the diversity its technologies make exposing a RESTfull API the most crucial capability of any application and the key to its success. In the absence of widely adopted best practices and well-defined conventions, designing such an API is nothing but trivial. This presentation introduces the fundamentals of REST architecture, and discusses the principles of RESTfull design. Among the topics covered: resource modeling (URI design, and HTTP verbs/status code canonical usage), multiple representation support, testing, cache control, security (Http and OAuth), and API versioning. HATEOAS and REST maturity model are also discussed. No prior knowledge REST is required.



Total Views
Views on SlideShare
Embed Views



4 Embeds 411 403 4 3 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

How RESTful Is Your REST? How RESTful Is Your REST? Presentation Transcript

  • How Restful is Your Rest? Abdelmonaim Remani @PolymathicCoder Øredev 2012 Malmö, Sweden
  • LicenseCreative Commons Attribution Non-Commercial 3.0 Unported The graphics, logos, and trademarks used this presentationbelong to their rightful owners.
  • Trevligt att träffa dig nordisk hackare!
  • About MeSoftware Architect at Inc.Interested in technology evangelism and enterprise softwaredevelopment and architectureFrequent speaker (JavaOne, JAX, OSCON, OREDEV, etc…)Open-source advocatePresident and founder of a number of user groups NorCal Java User Group The Silicon Valley Spring User Group The Silicon Valley Dart MeetupBio: @PolymathicCoderEmail:
  • Let’s Get Started!
  • What is an API?Application Programming InterfaceYou have an API when (All or a part of) the functionality of your system is exposed In the form a well-defined interface (or a collection of interfaces) of services That are externally accessible And programmatically consumable through to a well-defined protocolYou have a Web API when The functionality of your system is exposed In the form of a collection of Web Services That are publicly addressable through a set of Web endpoints (URLs) And programmatically consumable though HTTP protocol
  • Why Bother?Web 2.0 Convenience and standardization around accessing data and servicesExplosion of Open APIs Location-Based (Maps, Geo-coding, Weather, Traffic, Etc…) Financial Data Social Data Government Data, NGOs, etc… Etc…
  • Why Bother?The birth of Mashups (Hybrid Web Applications) Combines services to create a value-added Aggregate and visualize data in interesting waysSpoiled user-base that demands a lot more than whata single service can offer I want to see the closest Moroccan restaurants to my current location on a map along with consumer ratings and whether any of my friends has recently checked-in in the last 30 days
  • Why Bother?Mobile A lot more apps than browsers Mobile traffic is diminishing web traffic exponentiallyMashups 2.0 is Mobile
  • Why Bother?You goal behind exposing a Web API should be for yourservices to be mashed up with others Beneficial Will drive traffic in your direction Will allow you to learn about your own services and how they are being used Will create goodwill with new potential usersImplies The majority of the traffic is NOT going to be through your own app or website Your App is the API it exposes
  • ChallengesYou have very little control on how your API will beused You do not control how your services are orchestrated (Used in combination)Public APIs are forever Better get it right the first time!
  • What’s Right?How does a good API feel like? Easy to learn and use Intuitive POLA (Principle of Least Astonishment) Consistent Based on standards Adheres to a convention Hard to misuse Well-Documented
  • What is REST?
  • What is REST?REpresentational State TransferRoy Fielding Dissertation (Chapter 5-6) Architectural Styles and the Design of Network-based Software Architectures tm
  • What is REST about?Goals Scalability Generality of Interface Independent Deployment of Component Intermediary ComponentsRest Constraints Client-Server Stateless Conversion Cacheable Uniform Interface Layered System Code on-demand (Optional)
  • What is REST about?Leveraging the web as a platform Resource-Oriented Anything exposed on the web is a resource (Documents, video, device, etc…) Resources are identifiable and addressable by URIsAn architecture based on the HTTP protocol
  • API Design
  • Richardson Maturity ModelLeonard Richardson
  • The Address Book
  • The Address BookA Simple address book that allows users to manage their contact dataA user has a username and is associated with a set of contactsA contact is constitute of: a unique ID, a name, and a phone numberUser Stories: As a user, I want to add a contact to my address book As a user, I want to list all contacts in my address book As a user, I want to view a specific contact in my address book As a user, I want to modify a specific contact in my address book As a user, I want to delete a specific contact from my address book As a user, I want to email a specific contact in my address book to a friend
  • Richardson Maturity Model Level 0Single URI Identify all possible operations/functionality indicate the desired operation in the payloadSingle HTTP Verb
  • The Address Book at Level 0SOAP-Based RPC Web Service Endpoint WSDL http://www. addContact(“bob”, “Abdel Remani”, “(123) 123-1234”) lookupAllContacts(“bob”) lookupContactById(“bob”, 123) editContact(“bob”, 123, “Abdelmonaim Remani”, “(123) 123- 1234”) deleteContact(“bob”, 123) emailContact(“bob”, 123, “”) markAsFavorite(“bob”, 123)
  • Richardson Maturity Model Level 1Multiple URLs One URL per method URI encoded operationsSingle Verb GET is used to change stage GET should be safe or idempotent
  • The Address Book at Level 1URL Tunneling Endpoints http://www. contact?user=bob&name=Abdel%20Remani&phone- number=(123)%20123-1234 http://www. contacts?user=bob http://www. contact?user=bob&id=123 http://www. contact?user=bob&id=123&name=Abdelmonaim%20Remani&phone- number=(123)%20123-1234 http://www. contact?user=bob&id=123 http://www. http://www.
  • Richardson Maturity Model Level 2Level 2 Many URI Leverage multiple HTTP VerbsYou might call yourself Restful at this point Creating a uniform interface based on the HTTP protocol
  • The Address Book at Level 2 The Restful Address Book
  • Recourse IdentificationFind all the nouns in users stories
  • Recourse IdentificationHere are all the nouns we found: User Uniquely identifiable by a username Contact Uniquely identifiable by an idLet’s start calling nouns resources
  • Recourse IdentificationResources are identifiable and addressable by URIs The collection of resources the same kind Users /users Contacts /contacts The individual resources within its collections The User whose username is “abdel” /users/abdel The Contact whose ID is “123” /contacts/123
  • Recourse IdentificationIs there association between any of our resources? User has many Contacts A User can is the parent resource of a ContactChaining resources together “/” in a URI implies hierarchy Contact whose id is “123” and owner is the User whose username is “abdel” /users/abdel/contacts/123
  • Recourse IdentificationWe end with 2 URIs referring to the same Contactresource whose ID is “123” /contcats/123 /users/abdel/contacts/123We ask the question: Can a “Contact” recourse existindependently from “User” resource? The Answer is NO in this case /contcats/123 /users/abdel/contacts/123
  • Leveraging HTTP VerbsUser Stories:
  • Leveraging HTTP VerbsCRUD Operations map to HTTP Verbs GET for Read POST for Create PUT for Update DELETE for Delete
  • Leveraging HTTP VerbsTo view all Abdel’s contacts GET /users/abdel/contactsTo view Abdel’s contact whose ID is 123 GET /users/abdel/contacts/123To add a new contact to Abdel’s address book POST /users/abdel/contactsTo update Abdel’s contact whose is ID is 123 PUT /users/abdel/contacts/123To delete Abdel’s contact whose is ID is 123 DELETE /users/abdel/contacts/123
  • Non-CRUDNon-CRUD operations do not map to HTTP verbs Use descriptive verbs in URLs as Controller callsTo email Abdel’s contact whose ID is 123 GET /users/abdel/contacts/123/email?to=sandy@polymathicc oder.comTo mark Abdel’s contact whose ID is 123 PUT /users/abdel/contacts/123/mark-as-favorite
  • The Opinion Shop: URLsConvention for your URLs RFC 3986: URLs are case sensitive No CAPS to avoid confusion No camel-case Links are usually underlined Use Hyphens instead of Underscores for readability
  • Resource RepresentationFor a resource identified by the same URI Representation in the form of MIME/Media Types Multiple data representation is supported Use “Accept” HTTP Header Avoid file extensions Manipulation is supported through multiple data representation Use “Content-Type” HTTP Header
  • The Opinion Shop: URLsConvention object names in payload No JavaScript Convention No camel-case I prefer using using Hyphens to be consistent with URLs
  • Leveraging HTTP Status Codes1xx: Informational2xx: Success3xx: Redirection4xx: Client Error5xx: Server Error
  • Leveraging HTTP Status Codes200 – OK Success Error with details in the body201 – Created202 – Accepted400 – Bad Request401 – Unauthorized403 – Forbidden404 – Not Found405 – Method Not Allowed406 – Not Acceptable409 – Conflict412 – Precondition Failed415 – Unsupported Media Type500 – Server Problems
  • Richardson Maturity Model Level 4HATEOAS Hypermedia As The Engine Of Application SateBusiness Workflow Capturing the different states of a resource Transitions EndpointReturning all possible links given the current state ofthe resource
  • Partials and Variations
  • PaginationUse Query ParametersPagination Don’t do this /page/1 Inspired by SQL ?limit=20&offset=20 Inspired by RFC 5005: Feed Paging and Archiving ?next=20&to-item=6783&inclusive=true ?prev=23&to-item=6783&inclusive=false
  • Ordering, Sorting and FiteringUse Query ParametersOrdering and Sorting ?order-by=populatrity&sorted-as=desc ?order-by=first-name&sorted-as=ascFiltering ?filter-by= Etc…
  • ViewsSupport custom views of the data at the schema level Use an easy expression language ?fields=(first-name,phone-number) ?fields=!(last-name) Google, LinkedIn, and others use a variationsSupport different predefined views of the data Use ?view=brief ?view=full
  • Legacy Clients
  • Legacy ClientsOlder Clients Only support GET and POST HTTP MethodsUse ?method=put
  • Security
  • SecurityRemember that your Web Services must be stateless Do not use cookies or HTTP session under any circumstances The client must send credentials to autenticate with very callOptions HTTP Security Preemptively Setting “Authorization” HTTP Header Basic or Digest OAuth
  • Testing You API
  • TestingSpring RestTemplate framework-reference/html/remoting.html#rest- resttemplateJayway’s Rest-Assured
  • Versioning
  • VersioningDon’t do this /api/v1/… ?v=1 /api/v1.1/… /api/07-19-2012/…Use HTTP Headers Use Vendor-Specific MIME/Media Types Accept application/vnd.polymathiccoder.addressbook+json
  • Documentation
  • DocumentationWhat to document Endpoint Description Prerequisites Request Response
  • DocumentationWhat to document Use a mind map
  • DocumentationRefer to other’s documentations Twitter, Facebook, Google, etc…ioDocs from Mashery Live Example:
  • How Restful Is REST?
  • How Restful Is Your REST?Richardson Maturity Model as a reference It’ll tell where you standHow Restful do you want to be?Dogmatic vs. PragmaticIn Common Law, there is this concept of “The ReasonableMan” Being reasonable is relative Look in similar situation Similar expertise Custom and usage
  • Question?
  • Recommended Reading
  • Tack själv!PolymathicCoder