RESTful WebServices GouthamV Sr.Software Engineer InfoGroup
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
Introduction REST is based on Ph.D thesis by a computer scientist (Roy Fieldings, year 2000) Principal author of HTTP Spec...
Introduction Acronym for  Re presentational  S tate  T ransfer Alternative to SOAP style webservices Architecture of World...
Introduction Major players: S3, EC2…. Search, Maps Search, Del.icio.us, Flickr….
Introduction Usage statistics of Amazon webservices (EC2, S3, SimpleDB…) Source: Jeff Barr, Amazon chief architect of webs...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
How REST is Different From SOAP? Client Server Easy to handle by client and server Less bandwidth SOAP request REST reques...
How REST is Different From SOAP? SOAP request REST request <?xml version=&quot;1.0&quot;?> <soap:Envelope xmlns:soap=&quot...
Why REST? Characteristics of a webservice:  Performance should be good  Scalable Easy to build and maintain (simplicity) M...
How RESTful services works? <ul><li>In  webservices world most of the operations fall under 4 types….. </li></ul><ul><ul><...
How RESTful services works? REST says use HTTP to covey what service should do using predefined  HTTP protocol methods:   ...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
Core Concepts Resource Everything that service provides is a resource Example Resources: Order info Invoice info Set of ro...
Core Concepts Resource Every Resource will have its own URI (A unique id) Example URIs: … /invoices?name=John Doe … /order...
Core Concepts A resource can be represented in many ways Example Representations: XML XHTML JSON CSV Resource Representati...
Core Concepts Each representation will have its own URL Example URLs: http://igroup.com/services/invoice? cname=John Doe h...
Core Concepts Clients interact via HTTP protocol defined methods Example: GET  http://igroup.com/services/order?cname=John...
Core Concepts Representational State Transfer  (REST) Representation:  XML, XHTML, JSON, CSV.. State:  Application state (...
Core Concepts All nouns only four verbs POST    http://service/order GET   http://service /invoice?num=1111 PUT    http://...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
Resource Oriented Architecture(ROA) Restful webservices implement ROA Architecture and applies following  constraints : <u...
Resource Oriented Architecture(ROA) Addressability Constraint: Every resource should be addressable Examples: GET  ../invo...
Resource Oriented Architecture(ROA) Connectedness Constraint : Human web is well connected Programmable web is  not  well ...
Resource Oriented Architecture(ROA) Connectedness Constraint : Request: GET  ../invoice?name=John Doe Response: … .. <invo...
Resource Oriented Architecture(ROA) Statelessness Constraint : Every HTTP request should happen in complete isolation Serv...
Resource Oriented Architecture(ROA) Cachable Constraint : Resources should be cachable whenever possible (with an expirati...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
HTTP Recap HTTP status codes: RESTful services uses these codes to convey service response to clients  1xx indicates an  i...
HTTP Recap 2xx indicates  success  of some kind  Examples: 200 OK  Standard response for successful HTTP requests.  201 Cr...
HTTP Recap 4xx indicates an error on the  client's part  Examples: 400 Bad Request  401 Unauthorized HTTP status codes:
HTTP Recap 5xx indicates an error on the  server's part  Examples: 500 Internal Server Error  503 Service Unavailable  HTT...
HTTP Recap HTTP methods GET  POST  PUT  DELETE  HEAD  OPTIONS  CONNECT
HTTP Recap HTTP request headers Host :  www.google.com User-Agent:  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9...
HTTP Recap HTTP response headers Cache-Control :  private, max-age=0 Date:  Wed, 17 Dec 2008 16:13:50 GMT Expires :  -1 Co...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
REST features (Advanced HTTP)  Security: Basic authentication Digest authentication WSSE Username Token
REST features (Advanced HTTP) Security (Basic authentication) Uses HTTP  Authorization  and  WWW-Authenticate  headers Yah...
REST features (Advanced HTTP) Security (Digest authentication) It also uses HTTP  Authorization  and  WWW-Authenticate  he...
REST features (Advanced HTTP) Security (Digest authentication) WWW-Authenticate  is to show what authentication type and r...
REST features (Advanced HTTP) Transactions No specific HTTP headers are available for this purpose  Many options available...
REST features (Advanced HTTP) Transactions For example: Money transfer from account A to B POST  http://service/transactio...
REST features (Advanced HTTP) Features Conditional GET Used for saving bandwidth  Implemented by using following HTTP head...
REST features (Advanced HTTP) Conditional GET Example for:  If-Modified-Since  Last-Modified  GET ../invoice/1111 200 OK L...
REST features (Advanced HTTP) Conditional GET Example for:  If-None-Match    E-Tag  GET ../invoice/1111 200 OK E-Tag : “75...
REST features (Advanced HTTP) Caching Expires:  Mon, 1, Jan 2010 Cache-Control:  max-age=3600 Cache-Control:  no-cache
HTTP REST features (Advanced HTTP) Look Before You Leap Requests Another way to save bandwidth //Request to service PUT /f...
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
WADL WADL ( W eb  A pplication  D escription Language) Not as widely used as WSDL Since only 4 types of methods available ...
REST frameworks Restlet (Java)  Rest-open-uri (Ruby on Rails) System.web.HTTPWebRequest (.net) Django (Python)
RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts...
SOAP Vs REST SOAP SOAP has mature tool support Transport Independence:  The headers are inside the message that means they...
SOAP Vs REST SOAP WS-Security: Standards for sending passwords, Kerberos tokens. X.509 tokens These standard are well suit...
SOAP Vs REST REST Simplicity (easy to use, maintain and test) Many options for representations(JSON, CSV, XHTML, XML..) Hu...
More info on REST Purely academic: the notion of REST was created in the PhD dissertation of Roy T. Fielding. Mostly acade...
More info on REST Books:: RESTful Web Services by Leonard Richardson –  Ajax and REST Recipes: A Problem-Solution Approach...
Upcoming SlideShare
Loading in...5
×

RESTful services

8,303

Published on

Published in: Technology
6 Comments
34 Likes
Statistics
Notes
No Downloads
Views
Total Views
8,303
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
6
Likes
34
Embeds 0
No embeds

No notes for slide

RESTful services

  1. 1. RESTful WebServices GouthamV Sr.Software Engineer InfoGroup
  2. 2. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>Demo(REST service client calls) </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  3. 3. Introduction REST is based on Ph.D thesis by a computer scientist (Roy Fieldings, year 2000) Principal author of HTTP Specification Co-founder of the Apache HTTP Server
  4. 4. Introduction Acronym for Re presentational S tate T ransfer Alternative to SOAP style webservices Architecture of World Wide Web(HTTP)
  5. 5. Introduction Major players: S3, EC2…. Search, Maps Search, Del.icio.us, Flickr….
  6. 6. Introduction Usage statistics of Amazon webservices (EC2, S3, SimpleDB…) Source: Jeff Barr, Amazon chief architect of webservices
  7. 7. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  8. 8. How REST is Different From SOAP? Client Server Easy to handle by client and server Less bandwidth SOAP request REST request SOAP(Simple Object Access Protocol), all our current services are based on this.
  9. 9. How REST is Different From SOAP? SOAP request REST request <?xml version=&quot;1.0&quot;?> <soap:Envelope xmlns:soap=&quot;http://www.w3.org/2001/12/soap-envelope&quot; soap:encodingStyle=&quot;http://www.w3.org/2001/12/soap-encoding&quot;> <soap:Body ord=&quot;http://www.igroup.com/order&quot;> <ord:GetOrderDetails> <ord:OrderNum>1111</ord:OrderNum> </ord:GetOrderDetails> </soap:Body> </soap:Envelope> http://www.igroup.com/order?ordernum=1111
  10. 10. Why REST? Characteristics of a webservice: Performance should be good Scalable Easy to build and maintain (simplicity) Monitoring should be easy Reliable(handling failure, failover…) Easy to use and test REST imposes certain constraints to achieve above characteristics Uniform Interface Addressable Connectedness Stateless Cacheable
  11. 11. How RESTful services works? <ul><li>In webservices world most of the operations fall under 4 types….. </li></ul><ul><ul><li>create… </li></ul></ul><ul><ul><li>return… </li></ul></ul><ul><ul><li>update… </li></ul></ul><ul><ul><li>delete… </li></ul></ul><ul><ul><li>something based on some given input value </li></ul></ul>
  12. 12. How RESTful services works? REST says use HTTP to covey what service should do using predefined HTTP protocol methods: 1. Replace create…. methods with POST 2. Replace return….methods with GET 3 . Replace update…. Methods with PUT 4. Replace delete… methods with DELETE And also use HTTP protocol for everything else…
  13. 13. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  14. 14. Core Concepts Resource Everything that service provides is a resource Example Resources: Order info Invoice info Set of rows in a database Collection of search results
  15. 15. Core Concepts Resource Every Resource will have its own URI (A unique id) Example URIs: … /invoices?name=John Doe … /order?ordernum=1111 URI
  16. 16. Core Concepts A resource can be represented in many ways Example Representations: XML XHTML JSON CSV Resource Representation Representation URI
  17. 17. Core Concepts Each representation will have its own URL Example URLs: http://igroup.com/services/invoice? cname=John Doe http://igroup.com/services/order ?ordernum=1234 Resource Representation Representation URI URL URL
  18. 18. Core Concepts Clients interact via HTTP protocol defined methods Example: GET http://igroup.com/services/order?cname=John Doe POST http://igroup.com/services/order PUT http://igroup.com/services/order?ordernum=1234 DELETE http://igroup.com/services/order? ordernum= 1234 Resource Representation Representation URI URL URL GET POST PUT DELETE
  19. 19. Core Concepts Representational State Transfer (REST) Representation: XML, XHTML, JSON, CSV.. State: Application state (client side) and Resource state (server side) Client Server POST GET PUT
  20. 20. Core Concepts All nouns only four verbs POST http://service/order GET http://service /invoice?num=1111 PUT http://service /customer?osr=10000123 DELETE http://service /address?osr=12345
  21. 21. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  22. 22. Resource Oriented Architecture(ROA) Restful webservices implement ROA Architecture and applies following constraints : <ul><li>Addressability </li></ul><ul><li>Connectedness </li></ul><ul><li>Stateless </li></ul><ul><li>Uniform interface </li></ul>
  23. 23. Resource Oriented Architecture(ROA) Addressability Constraint: Every resource should be addressable Examples: GET ../invoice?num=1234 GET ../invoice?num=1234&output=xml GET ../invoice?num=1234&output=json Benefits: Bookmark Email Link to it from your home page Monitoring East to test
  24. 24. Resource Oriented Architecture(ROA) Connectedness Constraint : Human web is well connected Programmable web is not well connected (Before REST!) RESTful services should guide clients from one state to another by sending links in representation
  25. 25. Resource Oriented Architecture(ROA) Connectedness Constraint : Request: GET ../invoice?name=John Doe Response: … .. <invoice> <num>1111</num> <url>../invoice?num=1111</url> </invoice> <invoice> <num>2222</num> <url>../invoice?num=2222</url> </invoice> … .. Example:
  26. 26. Resource Oriented Architecture(ROA) Statelessness Constraint : Every HTTP request should happen in complete isolation Service should never relay on information from previous request Examples: GET ../invoices?name=John Doe GET ../invoices?name=John Doe & start=5&end=10 Benefits: Scalable (Load balancing) Simplicity Reliable
  27. 27. Resource Oriented Architecture(ROA) Cachable Constraint : Resources should be cachable whenever possible (with an expiration date/time) The HTTP cache-control headers are used for this purpose Benefits: Better response and loading time Decreased load on the server Better user experience
  28. 28. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  29. 29. HTTP Recap HTTP status codes: RESTful services uses these codes to convey service response to clients 1xx indicates an informational message only 2xx indicates success of some kind 3xx r edirects the client to another URL 4xx indicates an error on the client's part 5xx indicates an error on the server's part
  30. 30. HTTP Recap 2xx indicates success of some kind Examples: 200 OK Standard response for successful HTTP requests. 201 Created The request has been fulfilled and resulted in a new resource being created. HTTP status codes:
  31. 31. HTTP Recap 4xx indicates an error on the client's part Examples: 400 Bad Request 401 Unauthorized HTTP status codes:
  32. 32. HTTP Recap 5xx indicates an error on the server's part Examples: 500 Internal Server Error 503 Service Unavailable HTTP status codes:
  33. 33. HTTP Recap HTTP methods GET POST PUT DELETE HEAD OPTIONS CONNECT
  34. 34. HTTP Recap HTTP request headers Host : www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive
  35. 35. HTTP Recap HTTP response headers Cache-Control : private, max-age=0 Date: Wed, 17 Dec 2008 16:13:50 GMT Expires : -1 Content-Type : text/html; charset=UTF-8 Content-Encoding : gzip Server : gws Content-Length : 2251
  36. 36. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>Demo(REST service client calls) </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  37. 37. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>Demo(REST service client calls) </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  38. 38. REST features (Advanced HTTP) Security: Basic authentication Digest authentication WSSE Username Token
  39. 39. REST features (Advanced HTTP) Security (Basic authentication) Uses HTTP Authorization and WWW-Authenticate headers Yahoo’s Del.icio.us service security is based on this authentication (https://api.del.icio.us/v1/posts/get) WWW-Authenticate is to show what authentication type and realm Example: 401 Unauthorized www-Authenticate : Basic realm=“private data” Authorization is to pass user name and password details in encoded form Example: GET /posts/get Host: api.del.icio.us Authorization: Basic dmdyZWRkeTQzOnZncjQzNDM=
  40. 40. REST features (Advanced HTTP) Security (Digest authentication) It also uses HTTP Authorization and WWW-Authenticate headers But, is sends hash(MD5) of user name, pass word, nonce (number used only once) etc… to the server
  41. 41. REST features (Advanced HTTP) Security (Digest authentication) WWW-Authenticate is to show what authentication type and realm Example: 401 Unauthorized www-Authenticate : Digest realm=“private data” qop=“auth” //qop= Quality of protection nonce=“0asdf0dsfdsf8sadf9sad0f9ds8f” Authorization is to pass user name and password details in encoded form Example: GET /posts/get Host: api.del.icio.us Authorization: Digest response= Ha3 Ha1=MD5.hexdigest(username, password, realm) Ha2=MD5.hexdigest(method, path) Ha3= MD5.hexdigest(ha1, nonce, qop, ha2.. )
  42. 42. REST features (Advanced HTTP) Transactions No specific HTTP headers are available for this purpose Many options available but recommended approach sending multiple POST, PUT requests. This can be implemented in the same way as online shopping cart implemented
  43. 43. REST features (Advanced HTTP) Transactions For example: Money transfer from account A to B POST http://service/transaction // returns {id} PUT http://service/bankaccount/A/{id} //send amount to deduct PUT http://service/bankaccount/B/{id} //send amount to add PUT http://service/transaction /{id} //send commit=true
  44. 44. REST features (Advanced HTTP) Features Conditional GET Used for saving bandwidth Implemented by using following HTTP headers: Request Response If-Modified-Since Last-Modified If-None-Match E-Tag (entity tag)
  45. 45. REST features (Advanced HTTP) Conditional GET Example for: If-Modified-Since Last-Modified GET ../invoice/1111 200 OK Last-Modified : Mon, 1 Dec 2008 09:00 CST Representation size: 40KB GET ../invoice/1111 If-Modified-Since: Mon, 1 Dec 2008 09:00 CST 304 “Not Modified” Representation size: 0KB Request Response
  46. 46. REST features (Advanced HTTP) Conditional GET Example for: If-None-Match E-Tag GET ../invoice/1111 200 OK E-Tag : “75sdf5454dcd-sd4fsd8-sdf ” Representation size: 40KB GET ../invoice/1111 If-None-Match : “75sdf5454dcd-sd4fsd8-sdf ” 304 “Not Modified” Representation size: 0KB Request Response More reliable than previous approach. Uses MD5 hash of representation(Apache calculates MD5 hash using size and last modified time of representation)
  47. 47. REST features (Advanced HTTP) Caching Expires: Mon, 1, Jan 2010 Cache-Control: max-age=3600 Cache-Control: no-cache
  48. 48. HTTP REST features (Advanced HTTP) Look Before You Leap Requests Another way to save bandwidth //Request to service PUT /filestore/myfile.txt Host: somehost.com Content-length: 500MB Expect: 100-continue 417 (Expectation Failed) //If service rejects request 100 (Continue) //If service accepts request
  49. 49. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  50. 50. WADL WADL ( W eb A pplication D escription Language) Not as widely used as WSDL Since only 4 types of methods available for a service, it is an over kill Most REST services are documented by no more than a textual description WADL2JAVA tool available at: http://wadl.dev.java.net
  51. 51. REST frameworks Restlet (Java) Rest-open-uri (Ruby on Rails) System.web.HTTPWebRequest (.net) Django (Python)
  52. 52. RESTful WebServices <ul><li>Introduction </li></ul><ul><li>How REST is Different from SOAP </li></ul><ul><li>Core Concepts </li></ul><ul><li>Resource Oriented Architecture(ROA) </li></ul><ul><li>HTTP Recap </li></ul><ul><li>REST features(Advanced HTTP) </li></ul><ul><li>WADL </li></ul><ul><li>REST Frameworks </li></ul><ul><li>REST Vs SOAP </li></ul><ul><li>More info </li></ul>
  53. 53. SOAP Vs REST SOAP SOAP has mature tool support Transport Independence: The headers are inside the message that means they are independent of the protocol used to transport message You can send SOAP envelope over SMTP, FTP, JMS….. Security, reliability etc.. are industry standards (WS-*) WS-Security WS-ReliableMessaging WS-AtomicTransaction WS-BusinessActivity
  54. 54. SOAP Vs REST SOAP WS-Security: Standards for sending passwords, Kerberos tokens. X.509 tokens These standard are well suited for banking and financial services WS-ReliableMessaging: Defines new headers for that track sequence identifiers, message numbers and some retry logic. WS-AtomicTransaction Transactions based on two phase commit
  55. 55. SOAP Vs REST REST Simplicity (easy to use, maintain and test) Many options for representations(JSON, CSV, XHTML, XML..) Human Readable Results Performance: Scalable architecture Lightweight requests and responses Easier response parsing Saves bandwidth(Caching, Conditional GET..) Well suited for AJAX clients(using JSON representations)
  56. 56. More info on REST Purely academic: the notion of REST was created in the PhD dissertation of Roy T. Fielding. Mostly academic: the Wikipedia article about REST. JSR 311 is the Java Specification Request for &quot;JAX-RS: The Java API for RESTful Web Services&quot;. Restlet is suggesting an easier way to develop REST applications in Java: restlet.org. WADL: find the specification and tools in the Web Application Description Language's homepage. Articles are a dime a dozen; here are a few interesting ones: Second Generation Web Services by Paul Prescod. The Beauty of REST, by Jon Udell. Building Web Services the REST Way by Roger L. Costello REST vs. SOAP, by Pete Freitag. Basic SOA using REST, by Mark Hansen.
  57. 57. More info on REST Books:: RESTful Web Services by Leonard Richardson – Ajax and REST Recipes: A Problem-Solution Approach, by Christian Gross

×