RESTful API DesignSecond EditionBrian Mulloy@landlessness                 11.03.11 @ 11:03:11 PSTApigee           Dial-in ...
groups.google.com/group/api-craft
youtube.com/apigee
To be a RESTafarian or a Pragmatist?
App    App             App       World of          API   Internal               App                          APIUser   Sto...
Application developers are raison dêtre for APIs.
Be pragmatic.For the benefit of application developers.
Pragmatic RESTful APIs are a design problem.
baddesigns.com
Paul Mijksenaar Design for Function Award 2011
Let’s look at puppies.
hackett   hacketthackett   hackett
.../getAllDogs/locationVerify/foodNeeded/createRecurringDogWalk/giveDirectOrder/healthCheck/getRecurringDogWalkSchedule/ge...
A puppy’s world is big.
JnL               law_kevenSmithsonians National Zoo    hackett
...                                  .../getAllDogs                          /getAllLeashedDogs/verifyLocation            ...
We are on a slippery slope.
Keep the simple things simple.
Hopkinsii
We only need two base URLs per resource.
The first is for a collection.
/dogs
The second is for an element.
/dogs/1234
POSTGETPUTDELETE
CREATEREADUPDATEDELETE
Resource      POST            GET        PUT        DELETE               create          read      update      delete     ...
Resource      POST            GET        PUT       DELETE               create          read      update      delete      ...
Resource      POST              GET        PUT        DELETE               create            read      update      delete ...
Verbs are bad.
Nouns are good.
Plurals or singulars?
Foursquare/checkinsGroupOn/dealsZappos/Product
Plurals are better./dogs
Abstract or concrete naming?
Super High/thingsHigh/animalsMedium/dogsLow/beagles
Concrete is better than abstract./dogs
What about associations?
GET /owners/5678/dogsPOST /owners/5678/dogs
What about complex variations?
Cody Simms
Sweep variations under the ‘?’
/dogs?color=red&state=running&location=park
Hopkinsii
/dogs
What about errors?
meredithfarmer
Facebook            HTTP Status Code: 200{"type":"OAuthException","message":"(#803) Someof the aliases you requested do no...
Code for code200 - OK401 - Unauthorizedhttp://en.wikipedia.org/wiki/List_of_HTTP_status_codesMessage for people{“message” ...
What about versioning?
Twilio/2010-04-01/Accounts/salesforce.com/services/data/v20.0/sobjects/AccountFacebook?v=1.0
/v1/dogs
Please give me exactly what I need.
LinkedIn/people:(id,first-name,last-name,industry)Facebook/joe.smith/friends?fields=id,name,pictureGoogle (partial respons...
/dogs?fields=name,color,location
What about pagination?
FacebookoffsetlimitTwitterpagerppLinkedInstartcount
/dogs?limit=25&offset=50
What about formats?
Google Data?alt=jsonFoursquare/venue.jsonDigg*Accept: application/json?type=json* The type argument, if present, overrides...
/dogs.json/dogs/1234.json
What about defaults?
FormatjsonPagination (depends on data size)limit=10&offset=0
What about attribute names?
Twitter"created_at": "Thu Nov 03 05:19:38 +0000 2011"Bing"DateTime": "2011-10-29T09:35:00Z"Foursquare"createdAt": 1320296464
JSON is for JavaScript Objectsvar myObject = JSON.parse(response);These looks funny in JavaScripttiming = myObject.created...
JavaScript Convention"createdAt": 1320296464timing = myObject.createdAt;Medial Capitalization aka CamelCase
What about non-resource-y stuff?
CalculateTranslateConvert
Use verbs not nouns/convert?from=EUR&to=CNY&amount=100
What about searching?
Global/search?q=fluffy+furScoped/owners/5678/dogs/search?q=fluffy+furFormatted/search.xml?q=fluffy+fur
What about counts?
/dogs/count
What about the rest of the URL?
Facebook    graph.facebook.com             api.facebook.com             developers.facebook.comFoursquare   api.foursquare...
API gatewayapi.teachdogrest.comDeveloper connectiondevelopers.teachdogrest.comDo web redirectsapi ! developers (if from br...
What about exceptional stuff?
Client intercepts HTTP error codes
Twitter/public_timelines.json?suppress_response_codes=trueHTTP Status Code: 200{"error" : "Could not authenticateyou." }
Always returns OK/dogs?suppress_response_codes=trueCode for code ignoring200 - OKMessage for people & code{“response_code”...
Client supports limited HTTP methods
Method Parametercreate/dogs?method=postread/dogsupdate/dogs/1234?method=put&location=parkdelete/dogs/1234?method=delete
What about authentication?
PayPalPermissions Service APIFacebookOAuth 2.0TwitterOAuth 1.0a
Use latest and greatest OAuthOAuth 2.0Don’t do something close, but different.
How do application developers use the API?
What about chatty applications?
First be complete & RESTful.Then provide shortcuts.
Partial response syntax can help./owners/5678?fields=name,dogs(name)
What about when building an UIrequires a lot of domain knowledge?
Complement your API with codelibraries and SDK.
Really? All of this? And iterate it?
Application      API Virtualization LayerAPI             API              API
Be RESTfulOnly 2 URLsNo verbsUse nouns as pluralsConcrete over abstractFor JSON follow JavaScript conventionsSweep complex...
Questions?
THANK YOUSubscribe to API webinars at:youtube.com/apigee
THANK YOUQuestions and ideas to:groups.google.com/group/api-craft
THANK YOUContact me at:@landlessnessbrian@apigee.com
RESTful API Design, Second Edition
RESTful API Design, Second Edition
RESTful API Design, Second Edition
RESTful API Design, Second Edition
RESTful API Design, Second Edition
RESTful API Design, Second Edition
RESTful API Design, Second Edition
Upcoming SlideShare
Loading in...5
×

RESTful API Design, Second Edition

177,730

Published on

Published in: Technology, Lifestyle
12 Comments
457 Likes
Statistics
Notes
  • Excellent introduction to REST API design. Thank you!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Great explanation on good restful api design. Thank you!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thank you very much. This is a good presentation that sums it very well.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @filip26 you're right. i have since dropped the REST label from this content. please confer with my HATEOAS slides here http://www.slideshare.net/apigee/hateoas-101-opinionated-introduction-to-a-rest-api-style
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Unfortunately this presentation is not about REST but about API based on HTTP. There is lot of misunderstanding. Firstly, REST is architectural style and defines these architectural constraints:
    * uniform interface
    * client-server
    * stateless
    * cache
    * layered system
    Only application that satisfies all constraints is RESTful, (~has REST architecture).

    This presentation is misleading because it shows only some URIs patterns + methods (part of Uniform Interface) and completely misses Hypermedia as the engine of application state (part of Uniform Interface) constraint plus another constrains listed above.

    Maybe that's the reason why R.T.Fielding wrote this:
    - REST APis must be hypertext-driven:
    http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
    and why exists this:
    - Richardson Maturity Model
    http://martinfowler.com/articles/richardsonMaturityModel.html

    Thank you for the effort Apigee, but there is no need for another misleading presentation of REST. The internet is already bloated with similar incorrect articles, presentations, and of course by many APIs claiming that they are RESTful, but they are not in the fact.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
177,730
On Slideshare
0
From Embeds
0
Number of Embeds
95
Actions
Shares
0
Downloads
3,207
Comments
12
Likes
457
Embeds 0
No embeds

No notes for slide

RESTful API Design, Second Edition

  1. 1. RESTful API DesignSecond EditionBrian Mulloy@landlessness 11.03.11 @ 11:03:11 PSTApigee Dial-in or VoIP@apigee See Details in Chat Window
  2. 2. groups.google.com/group/api-craft
  3. 3. youtube.com/apigee
  4. 4. To be a RESTafarian or a Pragmatist?
  5. 5. App App App World of API Internal App APIUser Store Developer APIs Team Systems
  6. 6. Application developers are raison dêtre for APIs.
  7. 7. Be pragmatic.For the benefit of application developers.
  8. 8. Pragmatic RESTful APIs are a design problem.
  9. 9. baddesigns.com
  10. 10. Paul Mijksenaar Design for Function Award 2011
  11. 11. Let’s look at puppies.
  12. 12. hackett hacketthackett hackett
  13. 13. .../getAllDogs/locationVerify/foodNeeded/createRecurringDogWalk/giveDirectOrder/healthCheck/getRecurringDogWalkSchedule/getLocation/getDog/massDogParty/getNewDogsSince/getRedDogs/getSittingDogs/dogStateChangesSearch/replaceSittingDogsWithRunningDogs/saveDog...
  14. 14. A puppy’s world is big.
  15. 15. JnL law_kevenSmithsonians National Zoo hackett
  16. 16. ... .../getAllDogs /getAllLeashedDogs/verifyLocation /verifyVeterinarianLocation/feedNeeded /feedNeededFood/createRecurringWakeUp /createRecurringMedication/giveDirectOrder /doDirectOwnerDiscipline/checkHealth /doExpressCheckupWithVeterinarian/getRecurringWakeUpSchedule /getRecurringFeedingSchedule/getLocation /getHungerLevel/getDog /getSquirrelsChasingPuppies/newDog /newDogForOwner/getNewDogsSince /getNewDogsAtKennelSince/getRedDogs /getRedDogsWithoutSiblings/getSittingDogs /getSittingDogsAtPark/setDogStateTo /setLeashedDogStateTo/replaceSittingDogsWithRunningDogs /replaceParkSittingDogsWithRunningDogs/saveDog /saveMommaDogsPuppies... ...
  17. 17. We are on a slippery slope.
  18. 18. Keep the simple things simple.
  19. 19. Hopkinsii
  20. 20. We only need two base URLs per resource.
  21. 21. The first is for a collection.
  22. 22. /dogs
  23. 23. The second is for an element.
  24. 24. /dogs/1234
  25. 25. POSTGETPUTDELETE
  26. 26. CREATEREADUPDATEDELETE
  27. 27. Resource POST GET PUT DELETE create read update delete replace create a delete all /dogs list dogs dogs with new dog dogs new dogs if exists treat as a update Bo collection/dogs/1234 show Bo delete Bo create new if not dog in it create Bo Wikipedia
  28. 28. Resource POST GET PUT DELETE create read update delete replace create a delete all /dogs list dogs dogs with new dog dogs new dogs treat as a if exists collection update Bo/dogs/1234 create show Bo delete Bo new dog if not in it create Bo Wikipedia
  29. 29. Resource POST GET PUT DELETE create read update delete bulk create a delete all /dogs list dogs update new dog dogs dogs if exists update Bo/dogs/1234 error show Bo delete Bo if not error Wikipedia
  30. 30. Verbs are bad.
  31. 31. Nouns are good.
  32. 32. Plurals or singulars?
  33. 33. Foursquare/checkinsGroupOn/dealsZappos/Product
  34. 34. Plurals are better./dogs
  35. 35. Abstract or concrete naming?
  36. 36. Super High/thingsHigh/animalsMedium/dogsLow/beagles
  37. 37. Concrete is better than abstract./dogs
  38. 38. What about associations?
  39. 39. GET /owners/5678/dogsPOST /owners/5678/dogs
  40. 40. What about complex variations?
  41. 41. Cody Simms
  42. 42. Sweep variations under the ‘?’
  43. 43. /dogs?color=red&state=running&location=park
  44. 44. Hopkinsii
  45. 45. /dogs
  46. 46. What about errors?
  47. 47. meredithfarmer
  48. 48. Facebook HTTP Status Code: 200{"type":"OAuthException","message":"(#803) Someof the aliases you requested do not exist:foo.bar"}Twilio HTTP Status Code: 401{"status":401,"message":"Authenticate","code":20003,"more_info":"http://www.twilio.com/docs/errors/20003"}SimpleGeo HTTP Status Code: 401{"code":401,"message":"AuthenticationRequired"}
  49. 49. Code for code200 - OK401 - Unauthorizedhttp://en.wikipedia.org/wiki/List_of_HTTP_status_codesMessage for people{“message” : “Verbose, plain languagedescription of the problem with hints abouthow to fix it.”“more_info” : “http://dev.teachdogrest.com/errors/12345”}
  50. 50. What about versioning?
  51. 51. Twilio/2010-04-01/Accounts/salesforce.com/services/data/v20.0/sobjects/AccountFacebook?v=1.0
  52. 52. /v1/dogs
  53. 53. Please give me exactly what I need.
  54. 54. LinkedIn/people:(id,first-name,last-name,industry)Facebook/joe.smith/friends?fields=id,name,pictureGoogle (partial response)?fields=title,media:group(media:thumbnail)
  55. 55. /dogs?fields=name,color,location
  56. 56. What about pagination?
  57. 57. FacebookoffsetlimitTwitterpagerppLinkedInstartcount
  58. 58. /dogs?limit=25&offset=50
  59. 59. What about formats?
  60. 60. Google Data?alt=jsonFoursquare/venue.jsonDigg*Accept: application/json?type=json* The type argument, if present, overrides the Accept header.
  61. 61. /dogs.json/dogs/1234.json
  62. 62. What about defaults?
  63. 63. FormatjsonPagination (depends on data size)limit=10&offset=0
  64. 64. What about attribute names?
  65. 65. Twitter"created_at": "Thu Nov 03 05:19:38 +0000 2011"Bing"DateTime": "2011-10-29T09:35:00Z"Foursquare"createdAt": 1320296464
  66. 66. JSON is for JavaScript Objectsvar myObject = JSON.parse(response);These looks funny in JavaScripttiming = myObject.created_at;timing = myObject.DateTime;
  67. 67. JavaScript Convention"createdAt": 1320296464timing = myObject.createdAt;Medial Capitalization aka CamelCase
  68. 68. What about non-resource-y stuff?
  69. 69. CalculateTranslateConvert
  70. 70. Use verbs not nouns/convert?from=EUR&to=CNY&amount=100
  71. 71. What about searching?
  72. 72. Global/search?q=fluffy+furScoped/owners/5678/dogs/search?q=fluffy+furFormatted/search.xml?q=fluffy+fur
  73. 73. What about counts?
  74. 74. /dogs/count
  75. 75. What about the rest of the URL?
  76. 76. Facebook graph.facebook.com api.facebook.com developers.facebook.comFoursquare api.foursquare.com developers.foursquare.com Twitter api.twitter.com search.twitter.com stream.twitter.com dev.twitter.com
  77. 77. API gatewayapi.teachdogrest.comDeveloper connectiondevelopers.teachdogrest.comDo web redirectsapi ! developers (if from browser)dev ! developersdeveloper ! developers
  78. 78. What about exceptional stuff?
  79. 79. Client intercepts HTTP error codes
  80. 80. Twitter/public_timelines.json?suppress_response_codes=trueHTTP Status Code: 200{"error" : "Could not authenticateyou." }
  81. 81. Always returns OK/dogs?suppress_response_codes=trueCode for code ignoring200 - OKMessage for people & code{“response_code” : “401”, “message” :“Verbose, plain language description of theproblem with hints about how to fix it.”“more_info” : “http://dev.teachdogrest.com/errors/12345”, “code” : 12345}
  82. 82. Client supports limited HTTP methods
  83. 83. Method Parametercreate/dogs?method=postread/dogsupdate/dogs/1234?method=put&location=parkdelete/dogs/1234?method=delete
  84. 84. What about authentication?
  85. 85. PayPalPermissions Service APIFacebookOAuth 2.0TwitterOAuth 1.0a
  86. 86. Use latest and greatest OAuthOAuth 2.0Don’t do something close, but different.
  87. 87. How do application developers use the API?
  88. 88. What about chatty applications?
  89. 89. First be complete & RESTful.Then provide shortcuts.
  90. 90. Partial response syntax can help./owners/5678?fields=name,dogs(name)
  91. 91. What about when building an UIrequires a lot of domain knowledge?
  92. 92. Complement your API with codelibraries and SDK.
  93. 93. Really? All of this? And iterate it?
  94. 94. Application API Virtualization LayerAPI API API
  95. 95. Be RESTfulOnly 2 URLsNo verbsUse nouns as pluralsConcrete over abstractFor JSON follow JavaScript conventionsSweep complexity behind the ‘?’Borrow from leading APIsAccount for exceptional clientsAdd virtualization layer
  96. 96. Questions?
  97. 97. THANK YOUSubscribe to API webinars at:youtube.com/apigee
  98. 98. THANK YOUQuestions and ideas to:groups.google.com/group/api-craft
  99. 99. THANK YOUContact me at:@landlessnessbrian@apigee.com

×