SlideShare a Scribd company logo

Pragmatic REST aka praxisnahes Schnittstellendesign

OPEN KNOWLEDGE GmbH
OPEN KNOWLEDGE GmbH

Ein Microservice alleine macht noch keinen Sommer. Interessant wird es erst, wenn viele scheinbar unabhängige Services ein großes Ganzes bilden. Als Kommunikationsmuster zwischen den einzelnen Services wird dabei nicht selten auf REST zurückgegriffen. So weit, so gut. Aber wie sieht eine wirklich gute, und vor allem zukunftssichere REST-Schnittstelle aus? Welches Austauschformat sollte man wählen? XML, JSON, Binary oder am besten gleich alle drei? Wie geht man mit dem Thema Versionierung um? Und wie sichert man das API gegen unbefugte Benutzung ab? Welche Rolle spielen die Response-Header? Was ist mit dem Thema „Error Handling“? Und wie nutzt man möglichst effektiv die verschiedenen HTTP-Statuscodes? Macht es Sinn, für unterschiedliche Channels unterschiedliche Schnittstellen anzubieten? Und was ist noch einmal dieses HATEOAS? All diese Fragen – und viele weitere – wollen wir uns am Beispiel eines eigenen API-Designs anschauen. Ausgehend von einer einfachen REST-Schnittstelle, werden wir Schritt für Schritt neue Anforderungen einführen und dafür passende praxisnahe Lösungen entwickeln.

Software
1 of 101
Download to read offline
#WISSENTEILEN What would MacGywer do? Pragmatic REST Lars Röwekamp | open knowledge @mobileLarson @_openKnowledge #wissenteilen
#WISSENTEILEN RESTful everywhere
#WISSENTEILEN SOAP DemoPOST /InStock HTTP/1.1 Host: www.demo.org Content-Type: application/soap+xml; Content-Length: 348 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.demo.org/stock"> <m:StockName>IBM</m:StockName> </m:GetStockPrice> </soap:Body> </soap:Envelope>
#WISSENTEILEN XML-RPC DemoPOST /InStock HTTP/1.1 Host: www.demo.org Content-Type: application/xml; Content-Length: 245 <?xml version="1.0" encoding="utf-8"?> <getStockPriceRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation=“storckItemRequest.xsd"> <stockName>IBM</stockName> </getStockPriceRequest>
#WISSENTEILEN GET /stocks/ibm HTTP/1.1 Host: www.demo.org Content-Length: 0 REST Demo
#WISSENTEILEN Warum REST? Keep it stupid simple a.k.a. KISS • REpresentational State Transfer • Identifikation von Ressourcen durch URL • Manipulation von Ressourcen durch Representation • Selbstbeschreibende Messages • Hypermedia /customers/123 JSON/XML GET, POST, PUT, DELETE Media Types, CachabilityReferences {?}
#WISSENTEILEN Warum PRAGMATIC REST? „Yo man! But it is not RESTful, if ...“ { }…{…}{?} (RESTafarian, by Mike Schinkel)
#WISSENTEILEN „But is this pragmatic?“ „Pragmatic? Are you kidding? Its CORRECT!“ Warum PRAGMATIC REST? …{?}
#WISSENTEILEN „Das* API ist das UI des Entwicklers.“ (*wer möchte darf auch “die API“ sagen)
#WISSENTEILEN „So what? Its pragmatic and works for me and my consumers!“ Warum PRAGMATIC REST? {?}
#WISSENTEILEN RESTbucks ... ordering Coffee the RESTful way
#WISSENTEILEN „Order 123 for ‚Larissa‘.“ „And here‘s the receipt.“ „Coffee, latte, large, to-go, semi, double shot, please.“ „Here‘s 5$.“ „What‘s the status of ‚123‘?“„Still prepering.“ „Now its ready.“ REST by Example
#WISSENTEILEN // order coffee POST /orders { ... initial order data ... } // check order status GET /orders/1234 // change order PUT /orders/1234 { ... changes ... } // cancel order DELETE /orders/1234 RESTBucks „crud“ given id? filter, query, sorting? PUT? Or PATCH? Security? Versionioning? Error Handling? Content Type?
#WISSENTEILEN REST... the simple Stuff
#WISSENTEILEN • „We only need two URLs“ • „Verbs are bad, nouns are good“ • „Plurals are even better“ • „The web is your friend“ • „There is always a root (for associations)“ • „There is always a parameter (for complex variations)“ • „There is always a method (for an operation)“ Golden Rules of REST
#WISSENTEILEN // Retrieve single order with id 1234 GET /orders/1234 // Retrieve all ingredients of order 1234 GET /orders/1234/ingredients // Retrieve ingriedient 789 (milk) of order 1234? GET /orders/1234/ingredients/789 // Or even better: What kind of milk is in order 1234? GET /orders/1234/ingredients/milk REST „root“
#WISSENTEILEN // Path parameter for identifier GET /orders/1234 // Query parameter for queries GET /orders/?status=ready // Header parameter for platform GET /orders/1234 Accept-Language: de-DE REST „param“
#WISSENTEILEN // „Create order“, isn‘t it? POST /orders // Is this allowed? Guess not. Or ...? POST /orders/1234 // „Change order“. I‘am sure! PUT /orders/1234 // „Change order“, too? Isn‘t it? PATCH /orders/1234 REST „method“
#WISSENTEILEN POST vs. PUT vs. PATCH POST erzeugt Child Resource an Server-definierter URI PUT erzeugt/ändert Child Resource an Client-definierter URI PATCH ändert Teile einer Child Resource an Client-definierter URI
#WISSENTEILEN // Creates order. Returns ID 1234 POST /orders { ... payload for 1234 ... } // Hmmm, updates order 1234? Creates new order? POST /orders { ... payload for 1234 ... } REST „method“
#WISSENTEILEN // Changes order with ID 1234 PUT /orders/1234 { ... changes for 1234 ... } // Hmmm, will be irgnored? PUT /orders/1234 { ... changes for 1234, e.g. set amount of milk ... } // Or additional changes? PUT /orders/1234 { ... changes for 1234, e.g. add more milk ... } REST „method“
#WISSENTEILEN // Changes order with ID 1234 PUT /orders/1234 { ... changes for 1234 ... } // Same as PUT? Mayby not! PATCH /orders/1234 { ... changes for 1234 ... } // Same as PUT? Is this what i expect? GET /orders/1234?milk=soja or GET /orders/1234/addSojaMilk REST „method“
#WISSENTEILEN SAFE / IDEMPOTENT Methods SAFE* keine Änderung an der Ressource IDEMPOTENT** einmalige Änderung an der Ressource-Representation mehrfache Wiederholung führt immer zum selben Ergebnis * GET, HEAD, OPTIONS ** GET, HEAD, OPTIONS, PUT, DELETE
#WISSENTEILEN REST... Filter, Sorting & Pagination
#WISSENTEILEN Filter, Sorting, Pagination, Was ist eigentlich mit ... • komplex(er)en Anfragen? • eingeschränkten Rückgabeobjekten? • (alternativen) Sortierungen? • alternativen Rückgabeformat? Und wie sieht es mit „allgemeiner“ Suche aus?
#WISSENTEILEN // FILTERING: // List of paid orders (2015-12-20) // Common Style GET /orders?date=20151220&status=payed HTTP 1.1 REST „filter“
#WISSENTEILEN // FILTERING: // Details of order 3 (product, date, ...) // Facebook Style GET /orders/3?fields=product,date,status HTTP/1.1 GET /orders/3?fields=item.product,date,status HTTP/1.1 // LinkedIn Style GET /orders/3:(product, date, status) HTTP/1.1 REST „filter“
#WISSENTEILEN // FILTERING: // Details of order 3 // without date, status GET /orders/3?exclude=date,status HTTP/1.1 // predefined payload (compact = product, date, status) GET /orders/3?style=compact HTTP/1.1 REST „filter“ What is compact?
#WISSENTEILEN // FILTERING: // Details of order 3 // using PREFER HEADER for response payload definition GET /orders/3 HTTP/1.1 Content-Type: application/json Prefer: return=compact-format HTTP 1.1 200 OK Content-Type: application/json; charset=utf-8 Preference-Applied: return=compact-format REST „filter“
#WISSENTEILEN // SORTING: // orders sorted (date ↓ /item ↑) // SQL alike style GET /orders?sort=date+DESC,item+ASC HTTP/1.1 // Sort and asc/desc combination, ascending as default GET /orders?sort=date,item&desc=date HTTP/1.1 // use prefix „-“ for descending, ascending as default GET /orders?sort=-date,item HTTP/1.1 REST „sorting“
#WISSENTEILEN // FILTERING & SORTING: // orders of „today“ sorted by ... // long version GET /orders?status=open &date_from=20170510&date_to=20170510 &fields=product,status,time&sort=-time,product // short and readable version GET /orders/open_orders_of_today GET /open_orders_of_today REST „filter&sort“
#WISSENTEILEN // Pagination: // return page 4 of orders // Is page a query parameter? GET /orders?page=4 HTTP/1.1 // Or is page a „virtual“ resource? GET /orders/pages/4 HTTP/1.1 REST „pagination“ „4“? PREV? NEXT? FIRST? LAST?
#WISSENTEILEN // Pagination: // return page 4 of orders // get “page 4“ and info about PREV/NEXT GET /orders?offset=20&limit=5 HTTP/1.1 // Response with success code and link header for // navigation purpose HTTP/1.1. 200 OK Link: <.../orders?offset=0&limit=5>; rel=„first“ <.../orders?offset=5&limit=5>; rel=„prev“, <.../orders?offset=15&limit=5>; rel=„next“, <.../orders?offset=40&limit=2>; rel=„last“ REST „pagination“
#WISSENTEILEN // Pagination: // return page 4 of orders // get “page 4“ and info about PREV/NEXT GET /orders?page=4&limit=5 HTTP/1.1 // Response with success code and link header for // navigation purpose HTTP/1.1. 200 OK Link: <.../orders?page=1&limit=5>; rel=„first“ <.../orders?page=3&limit=5>; rel=„prev“, <.../orders?page=5&limit=5>; rel=„next“, <.../orders?page=8&limit=2>; rel=„last“ REST „pagination“
#WISSENTEILEN // FULL TEXT SEARCH: // Fulltext search for coffee // Global style via virtual resource GET /searches?q=coffee HTTP/1.1 // Scoped style GET /orders/searches?q=coffee HTTP/1.1 GET /orders?q=coffee HTTP/1.1 REST „search“
#WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for 2€ // Query for ... GET /orders?type=coffee&ingredient=milk&price=2 REST „search“ BTW: AND or OR or AND/OR?
#WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for LESS THAN 2€ // Query for ... GET /orders?query=type=coffee+ingredient=milk+price<=2 REST „search“ Build your own „Query Language“?
#WISSENTEILEN Filter, Sorting, Pagination Resource Query Language (RQL*) • Object-Style Query Language • FIQL Superset (erweiterbar) • Spezifikation & JS Parser (Client & Server) • JS Array, SQL, MongoDB, Elastic Search • Java Parser + JPA Criteria Builder (* https://github.com/persvr/rql)
#WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for LESS THAN 2€ // RQL query ... (must possibly be encoded!) GET /orders?query= and(eq(type,coffee), or(eq(ingredients,MILK),lt(price,2)) // RQL alternative query – FIQL (URI friendly) - ... GET /orders?query= type==coffee;(ingredients==MILK,price=lt=2) REST „search“
#WISSENTEILEN // SUPER ADVANCED SEARCH: // All stores with // - employees older than 20 years // - who have soled more than 1000 coffee/day // - even if it was damnd hot outside (> 30 degree) #WTH REST „search“
#WISSENTEILEN Filter, Sorting, Pagination Super Advanced Queries • teure Client-Server Roundtrips (n+1 oder mehr) • virtuelle Ressourcen (statisch? dynamisch?) • GraphQL als Alternative unbedingt anschauen! (* https://github.com/persvr/rql)
#WISSENTEILEN Filter, Sorting, Pagination GraphQL • beliebige Abfragen via Objekt-Graph auf dem man navigiert • liefern des Abfrage-Results in einem einzigen Round-Trip
#WISSENTEILEN // SUPER ADVANCED SEARCH: // All stores and their sales // - employees of age 20 // - have sold at least 1000 coffee/day // - even if it was damnd hot (> 30 degree) { stores { name sales(unit: EURO) employees(age:20, soldCoffee:1000) { ... } } } REST „graphQL“
#WISSENTEILEN REST... Status Codes (see also: http://www.restpatterns.org/HTTP_Status_Codes/)
#WISSENTEILEN Pro Tipp: Use them! • 1xx: Hold on ... • 2xx: Here you go! • 3xx: Go away! • 4xx: You f#!?ed up! • 5xx: I f#!?ed up! (http://restlet.com/http-status-codes-map) Facebook „Always 200“ Anti-Pattern HTTP Status Codes (http://www.restpatterns.org/HTTP_Status_Codes)
#WISSENTEILEN HTTP Status Codes
#WISSENTEILEN // HTTP Status Codes: // signal that new order was created // „Create new Resource“ of type order POST /orders HTTP/1.1 [various other headers] // Response with location header pointing to resource HTTP/1.1. 201 Created Location: http//restbucks.com/api/orders/1234 REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that some work is going on // Trigger some async workload POST /orders/... HTTP/1.1 [various other headers] // Response without payload, cause it‘s not yet calculated HTTP/1.1. 202 Accepted REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // DELETE order with id 1234 DELETE /orders/1234 HTTP/1.1 [various other headers] // Order successfully deleted. No content by purpose HTTP/1.1. 204 No content HTTP/1.1. 205 Reset content REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Retrieve all open orders GET /orders?status=open HTTP/1.1 [various other headers] // There is no open order left. HTTP/1.1. 204 No content REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that there is more payload // GET all orders on „page“ two GET /orders?page=4 HTTP/1.1 [various other headers] // Response with success code and links for navigation HTTP/1.1. 206 Partial content Link: <http://.../orders?page=1>; rel= „first“ <http://.../orders?page=3>; rel= „prev“, ... REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Ask for order with id 1234 GET /orders/1234 HTTP/1.1 [various other headers] // Could not find order with id 1234 HTTP/1.1. 204 No content REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Ask for order with id 1234 GET /orders/1234 HTTP/1.1 [various other headers] // Could not find order with id 1234 HTTP/1.1. 404 Not found HTTP/1.1. 410 Gone REST „Codes“
#WISSENTEILEN Manchmal kommt es anders, als man denk • Code for Code: Status Code & Appliction Level Code • Message for People: Für Logs, Ausgaben, ... • Payload and Format: genormte Error-Payload Format • Kein Stacktrace • Exception Mapper als Provider auf äußerster Ebene HTTP Status Codes
#WISSENTEILEN // HTTP Status Codes: // signal that there is a problem // Error Responses: Use them wisely HTTP/1.1 400 Bad Request (unknown/generic status) HTTP/1.1 401 Unauthorized (btw: means unauthenticated) HTTP/1.1 403 Forbidden (btw: means unauthorized) HTTP/1.1 404 Not Found (resource could not be found) HTTP/1.1 405 Method not … (POST, GET, ...) HTTP/1.1 409 Conflict (fixable conflict, e.g. version) HTTP/1.1 410 Gone (update cache) HTTP/1.1 412 Precondition …(If-* header not matching) HTTP/1.1 418 I‘am a teapot (Don‘t ask me for COFFEE!) REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // JAX-RS Exception Handler @Provider public class MyAppExceptionHandler implements ExceptionMapper<MyAppException> { @Override public Response toResponse(MyAppException exception) { return Response. status(Status.BAD_REQUEST). entity(new ExceptionEntity(exception)). build(); } } REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // signal that there is a problem // Error Responses: Use them wisely HTTP/1.1 429 To many request HTTP/1.1 509 Bandwith limit exceeded REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // Rate limit exceeded (e.g. Twitter) HTTP/1.1 429 To many requests [various other headers] { "errors": [ { "code": 88, "message": "Rate limit exceeded" } ] } REST „Codes“
#WISSENTEILEN // HTTP Status Codes: // Rate limit exceeded (e.g. Twitter) HTTP/1.1 200 Ok [various other headers] X-Rate-Limit-Limit: ... // rate limit ceiling X-Rate-Limit-Remaining: ... // for the next 15 minutes X-Rate-Limit-Reset: ... // in UTC epoch seconds REST „Codes“
#WISSENTEILEN REST... Caching
#WISSENTEILEN Always remember: „The Web is your Friend“ • das Web bietet tolle Möglichkeiten zur „Skalierung“ • RESTful Service nutzen das Web bzw. HTTP • Client (Web Browser, REST Client, ...) • Proxy Caches („man in the middle cache“) • Content Delivery Networks (CDNs) Caching
#WISSENTEILEN // Caching in REST: // Expires-Header (HTTP 1.0) HTTP/1.1 200 Ok Content-Type: application/json Expires: Tue, 20 MAI 2017 12:00 GMT { "id": "espresso", "displayName": "Espresso", "price": 3.20, ... } REST „Cache“ „Hint, ok. Aber für wen eigentlich?“
#WISSENTEILEN // Caching in REST: // Chache-Control (HTTP 1.1) HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: private, no-store, max-age=3600 { "id": "espresso", "displayName": "Espresso", "price": 3.20, ... } REST „Cache“ „Only client side caching. Valid for 3600 sec. Must not be stored on disc.“
#WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Cache-Control + Last-Modified Header HTTP 1.1 HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: max-age=3600 Last-Modified: Wed, 10 MAI 2017 12:00 GMT { "id": "espresso", ... } REST „Cache“
#WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Conditional GET after Timeout (max-age) GET /products/123 HTTP/1.1 If-Modified-Since: Wed, 10 MAI 2017 12:00 GMT REST „Cache“ Modified since? No, 304 (Not Modified). Yes, 200 (Ok) plus Data.
#WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Cache-Control + eTag Header HTTP 1.1 HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: max-age=3600 eTag: "1234567890987654321" { "id": "espresso", ... } REST „Cache“
#WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Conditional GET after Timeout (max-age) GET /products/123 HTTP/1.1 If-Non-Match: "1234567890987654321" REST „Cache“ Modified since? No, 304 (Not Modified). Yes, 200 (Ok) plus Data.
#WISSENTEILEN REST... Security
#WISSENTEILEN REST „Security“
#WISSENTEILEN Authentication vs. Authorization • Authentication a.k.a. „Hotelrezeption“ • Authorization a.k.a. „Zimmerschlüssel“ Security
#WISSENTEILEN Authentication vs. Authorization • 401 „Unauthorized“ meint eigentlich „Unauthenticated“! • 403 „Forbidden“ meint eigentlich „ Unauthorized“! Security
#WISSENTEILEN REST „Security“ Server based Security • Sessions • Skalierbarbeit • Cookies • CORS • CSRF
#WISSENTEILEN REST „Security“ Token based Security • Stateless • Token statt Cookie • Individual Expiration • Friend to Friend Permissions
#WISSENTEILEN JSON Web Token • neue, einfache Spec • sehr kompakt • Token plus public & private „Claims“ • digitale Signatur und/oder Encryption • als Bearer Token und für SSO Security
#WISSENTEILEN REST „Security“
#WISSENTEILEN JSON Web Token & API Goals 1. Authorize Request 2. Verify Sender 3. Avoid Man in the Middle 4. Expiration 5. Request Cloning Security
#WISSENTEILEN REST „Security“
#WISSENTEILEN REST „Security“
#WISSENTEILEN REST „Security“
#WISSENTEILEN REST „Security“
#WISSENTEILEN REST „Security“ // Security in REST: // JSON Web Token //Reusable verifier instance JWTVerifier verifier = JWT .require(Algorithm.RSA256((RSAKey)publicKey)) .withIssuer("http://myAuth.com/auth/") .build(); DecodedJWT jwt = verifier.verify(token); String userId = jwt.getSubject(); String userName = jwt.getClaim("name").asString(); String email = jwt.getClaim("email").asString(); com.oauth.jwt
#WISSENTEILEN REST... API Evolution
#WISSENTEILEN Was ist das Problem? • neue APIs • geänderte APIs • deprecaded APIs • Payload / Parameter Syntax • Payload / Parameter Semantik API Evolution
#WISSENTEILEN Postel‘s Law a.k.a. robustness principle: „Be conservative in what you do*, be liberal in what you accept from others.“ Ben Morris Blog: „REST APIs don‘t need a versioning strategy – they need a change strategy!“ API Evolution (* do = change)
#WISSENTEILEN Versionierung! Aber wie? • gar nicht • gar nicht (via neue Ressourcen) • gar nicht (via erweiterbarer Datenformate) • Versionsnummer in der URL • Version Request Header • Content Negotiation API Evolution
#WISSENTEILEN REST „Version“ // Evolution in REST: // Multiple Resources // GET all orders v1 GET /orders HTTP/1.1 // GET all neworders, oders are deprecated GET /neworders HTTP/1.1 // GET all even newer orders, new orders are deprecated GET /evennewerorders HTTP/1.1
#WISSENTEILEN REST „Version“ // Evolution in REST: // Multiple Resources // GET all orders v1 GET /orders HTTP/1.1 // GET all neworders, oders are deprecated GET /neworders HTTP/1.1 // GET all even newer orders, new orders are deprecated GET /orders HTTP/1.1
#WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, "size" : "large", } ], "location" : ”take-away" }
#WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, "size" : "large", ”price" : ”4 USD", } ], ”total-price" : ”4 USD", "location" : ”take-away" }
#WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, “size" : "large", “price" : ”4 USD", } ], ”price" : ”4 USD", "location" : ”take-away" } „Are you a tolerant reader?“
#WISSENTEILEN REST „Version“ // Evolution in REST: // via URL // Versioning via URL (default version) GET /api/orders/1234 HTTP/1.1 // Versioning via URL (version 1) GET /api/v1/orders/1234 HTTP/1.1 // Versioning via URL (version 2) GET /api/v2/orders/1234 HTTP/1.1 No way! This isn‘t a RESOURCE!
#WISSENTEILEN REST „Version“ // Evolution in REST: // via HEADER // Versioning via Header(default version) GET /orders/1234 HTTP/1.1 // Versioning via Custom Header GET /orders/1234 HTTP/1.1 Api-version: 2.1 // Versioning via Accept Header GET /orders/1234 HTTP/1.1 Accept: application/vnd.restbucks.orderservice.v2.1+json No way! This isn‘t a “clickable“ URL! For chaching: „Vary: Content-Type“
#WISSENTEILEN REST „Version“ // Evolution in REST: // via URL and HEADER // Versioning via Header(default version) GET /orders/1234 HTTP/1.1 // Versioning via URL (major) and header (minor) GET /orders/v2/1234 HTTP/1.1 my-api-version: 2017-05-01
#WISSENTEILEN REST „Hateoas“ „If the engine of application state (and hence the API) is not driven by hypertext, then it cannot be RESTful and cannot be a REST API.“ Roy Fielding // Evolution in REST: // Hypermedia as the engins of // application state
#WISSENTEILEN REST „Hateoas“ „A REST API should be entered with no prior knowledge beyond the initial URI ... From that point on, all application state transitions must be driven by the client selection of server-provides choices ...“ Roy Fielding // Evolution in REST: // Hypermedia as the engins of // application state
#WISSENTEILEN REST „ Hateoas“ // Evolution in REST: // Hypermedia as the engins of // application state POST /orders/ HTTP/1.1 { ... payload of order to create ... } HTTP/1.1. 201 Created Location: http://restbucks.com/api/orders/1234 Link: <.../orders/1234>; rel=„cancel“ <.../orders/1234>; rel=„update“, <.../orders/1234>; rel=„delete“, <.../payment/1234>; rel=„pay“
#WISSENTEILEN FAZIT
#WISSENTEILEN „The very most important thing is that you have an API that your consumers find consistent and usable. This is not necessarily the same thing as being 100% RESTful.“
#WISSENTEILEN FRAGEN ? ? ?
Kontakt LARS RÖWEKAMP CIO NEW TECHNOLOGIES lars.roewekamp@openknowledge.de +49 (0)441 4082 – 0 @mobileLarson @_openknowledge OFFENKUNDIGGUT #WISSENTEILEN
Bildnachweise #97: © tomertu - shutterstock.com All other pictures inside this presentation orginate from pixabay.com or were created by my own. #WISSENTEILEN

Recommended

Serverless Application - Who the heck needs a Server?
Serverless Application - Who the heck needs a Server?Serverless Application - Who the heck needs a Server?
Serverless Application - Who the heck needs a Server?OPEN KNOWLEDGE GmbH
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API DesignOPEN KNOWLEDGE GmbH
 
Inside Wordnik's Architecture
Inside Wordnik's ArchitectureInside Wordnik's Architecture
Inside Wordnik's ArchitectureTony Tam
 
Digital Olympus Technical SEO Findings Whilst Taming An SEO Beast
Digital Olympus Technical SEO Findings Whilst Taming An SEO BeastDigital Olympus Technical SEO Findings Whilst Taming An SEO Beast
Digital Olympus Technical SEO Findings Whilst Taming An SEO BeastDawn Anderson MSc DigM
 
Brewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfBrewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfMaarten Balliauw
 
PLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfPLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfAlfresco Software
 
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)Familiarity Breeds Contempt (Or why all APIs suck, even yours.)
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)Stephen Darlington
 
Flexible UI Components for a Multi-Framework World
Flexible UI Components for a Multi-Framework WorldFlexible UI Components for a Multi-Framework World
Flexible UI Components for a Multi-Framework WorldKevin Ball
 

Recommended

Serverless Application - Who the heck needs a Server?
Serverless Application - Who the heck needs a Server?Serverless Application - Who the heck needs a Server?
Serverless Application - Who the heck needs a Server?OPEN KNOWLEDGE GmbH
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API DesignOPEN KNOWLEDGE GmbH
 
Inside Wordnik's Architecture
Inside Wordnik's ArchitectureInside Wordnik's Architecture
Inside Wordnik's ArchitectureTony Tam
 
Digital Olympus Technical SEO Findings Whilst Taming An SEO Beast
Digital Olympus Technical SEO Findings Whilst Taming An SEO BeastDigital Olympus Technical SEO Findings Whilst Taming An SEO Beast
Digital Olympus Technical SEO Findings Whilst Taming An SEO BeastDawn Anderson MSc DigM
 
Brewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfBrewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfMaarten Balliauw
 
PLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfPLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfAlfresco Software
 
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)Familiarity Breeds Contempt (Or why all APIs suck, even yours.)
Familiarity Breeds Contempt (Or why all APIs suck, even yours.)Stephen Darlington
 
Flexible UI Components for a Multi-Framework World
Flexible UI Components for a Multi-Framework WorldFlexible UI Components for a Multi-Framework World
Flexible UI Components for a Multi-Framework WorldKevin Ball
 
One Neos CMS - many websites
One Neos CMS - many websitesOne Neos CMS - many websites
One Neos CMS - many websitespunkt.de GmbH
 
Building modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignalBuilding modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignalAlessandro Pilotti
 
Introduction to Development for the Internet
Introduction to Development for the InternetIntroduction to Development for the Internet
Introduction to Development for the InternetMike Crabb
 
Ansible
AnsibleAnsible
AnsibleJasim Muhammed
 
Web app development with Flask
Web app development with FlaskWeb app development with Flask
Web app development with FlaskJasim Muhammed
 
Single page applications the basics
Single page applications the basicsSingle page applications the basics
Single page applications the basicsChris Love
 
APIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleAPIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleSteven Cooper
 
10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App Today10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App TodayChris Love
 
RESTful Api practices Rails 3
RESTful Api practices Rails 3RESTful Api practices Rails 3
RESTful Api practices Rails 3Anton Narusberg
 
Don't roll your own HTTP server
Don't roll your own HTTP serverDon't roll your own HTTP server
Don't roll your own HTTP serverNordic APIs
 
The Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization changeThe Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization changebootis
 
Jumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise FeaturesJumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise FeaturesMongoDB
 
Cloud tools
Cloud toolsCloud tools
Cloud toolsJohn McCaffrey
 
RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data... RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data...Quentin Adam
 
Capybara-Webkit
Capybara-WebkitCapybara-Webkit
Capybara-Webkitbostonrb
 
Polyglottany Is Not A Sin
Polyglottany Is Not A SinPolyglottany Is Not A Sin
Polyglottany Is Not A SinEric Lubow
 
PowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassPowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassBrian Caauwe
 
An Introduction to hapi.js
An Introduction to hapi.jsAn Introduction to hapi.js
An Introduction to hapi.jsDave Stevens
 
Application latency and streaming API
Application latency and streaming APIApplication latency and streaming API
Application latency and streaming APIstreamdata.io
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 
Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talkaldur999
 
ReST-ful Resource Management
ReST-ful Resource ManagementReST-ful Resource Management
ReST-ful Resource ManagementJoe Davis
 

More Related Content

What's hot

One Neos CMS - many websites
One Neos CMS - many websitesOne Neos CMS - many websites
One Neos CMS - many websitespunkt.de GmbH
 
Building modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignalBuilding modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignalAlessandro Pilotti
 
Introduction to Development for the Internet
Introduction to Development for the InternetIntroduction to Development for the Internet
Introduction to Development for the InternetMike Crabb
 
Web app development with Flask
Web app development with FlaskWeb app development with Flask
Web app development with FlaskJasim Muhammed
 
Single page applications the basics
Single page applications the basicsSingle page applications the basics
Single page applications the basicsChris Love
 
APIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleAPIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleSteven Cooper
 
10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App Today10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App TodayChris Love
 
RESTful Api practices Rails 3
RESTful Api practices Rails 3RESTful Api practices Rails 3
RESTful Api practices Rails 3Anton Narusberg
 
Don't roll your own HTTP server
Don't roll your own HTTP serverDon't roll your own HTTP server
Don't roll your own HTTP serverNordic APIs
 
The Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization changeThe Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization changebootis
 
Jumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise FeaturesJumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise FeaturesMongoDB
 
RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data... RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data...Quentin Adam
 
Capybara-Webkit
Capybara-WebkitCapybara-Webkit
Capybara-Webkitbostonrb
 
Polyglottany Is Not A Sin
Polyglottany Is Not A SinPolyglottany Is Not A Sin
Polyglottany Is Not A SinEric Lubow
 
PowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassPowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassBrian Caauwe
 
An Introduction to hapi.js
An Introduction to hapi.jsAn Introduction to hapi.js
An Introduction to hapi.jsDave Stevens
 
Application latency and streaming API
Application latency and streaming APIApplication latency and streaming API
Application latency and streaming APIstreamdata.io
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 

What's hot (20)

One Neos CMS - many websites
One Neos CMS - many websitesOne Neos CMS - many websites
One Neos CMS - many websites
 
Building modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignalBuilding modern web sites with ASP .Net Web API, WebSockets and RSignal
Building modern web sites with ASP .Net Web API, WebSockets and RSignal
 
Introduction to Development for the Internet
Introduction to Development for the InternetIntroduction to Development for the Internet
Introduction to Development for the Internet
 
Ansible
AnsibleAnsible
Ansible
 
Web app development with Flask
Web app development with FlaskWeb app development with Flask
Web app development with Flask
 
Single page applications the basics
Single page applications the basicsSingle page applications the basics
Single page applications the basics
 
APIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleAPIDays Australia - Openresty for scale
APIDays Australia - Openresty for scale
 
10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App Today10 Things You Can Do to Speed Up Your Web App Today
10 Things You Can Do to Speed Up Your Web App Today
 
RESTful Api practices Rails 3
RESTful Api practices Rails 3RESTful Api practices Rails 3
RESTful Api practices Rails 3
 
Don't roll your own HTTP server
Don't roll your own HTTP serverDon't roll your own HTTP server
Don't roll your own HTTP server
 
The Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization changeThe Platform Era, Software and APIs in the organization change
The Platform Era, Software and APIs in the organization change
 
Jumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise FeaturesJumpstart: Introduction to Atlas, Highlighting Enterprise Features
Jumpstart: Introduction to Atlas, Highlighting Enterprise Features
 
Cloud tools
Cloud toolsCloud tools
Cloud tools
 
RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data... RabbitMQ 101 : job scheduling, micro service communication, event based data...
RabbitMQ 101 : job scheduling, micro service communication, event based data...
 
Capybara-Webkit
Capybara-WebkitCapybara-Webkit
Capybara-Webkit
 
Polyglottany Is Not A Sin
Polyglottany Is Not A SinPolyglottany Is Not A Sin
Polyglottany Is Not A Sin
 
PowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassPowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking Glass
 
An Introduction to hapi.js
An Introduction to hapi.jsAn Introduction to hapi.js
An Introduction to hapi.js
 
Application latency and streaming API
Application latency and streaming APIApplication latency and streaming API
Application latency and streaming API
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All Evil
 

Similar to Pragmatic REST aka praxisnahes Schnittstellendesign

Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talkaldur999
 
ReST-ful Resource Management
ReST-ful Resource ManagementReST-ful Resource Management
ReST-ful Resource ManagementJoe Davis
 
RESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an IntroductionRESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an IntroductionMiredot
 
Api development with rails
Api development with railsApi development with rails
Api development with railsEdwin Cruz
 
Running PHP on a Java container
Running PHP on a Java containerRunning PHP on a Java container
Running PHP on a Java containernetinhoteixeira
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011Alessandro Nadalin
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
 
Velocity EU 2014 — Offline-first web apps
Velocity EU 2014 — Offline-first web appsVelocity EU 2014 — Offline-first web apps
Velocity EU 2014 — Offline-first web appsandrewsmatt
 
Spring Boot and REST API
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API07.pallav
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSCarol McDonald
 
Introduction to REST and Hypermedia
Introduction to REST and HypermediaIntroduction to REST and Hypermedia
Introduction to REST and HypermediaNordic APIs
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastMichelangelo van Dam
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterSachin G Kulkarni
 
03 form-data
03 form-data03 form-data
03 form-datasnopteck
 
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Codemotion
 
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Codemotion
 

Similar to Pragmatic REST aka praxisnahes Schnittstellendesign (20)

Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talk
 
ReST-ful Resource Management
ReST-ful Resource ManagementReST-ful Resource Management
ReST-ful Resource Management
 
Doing REST Right
Doing REST RightDoing REST Right
Doing REST Right
 
RESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an IntroductionRESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an Introduction
 
Api development with rails
Api development with railsApi development with rails
Api development with rails
 
Running PHP on a Java container
Running PHP on a Java containerRunning PHP on a Java container
Running PHP on a Java container
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
 
Rest
RestRest
Rest
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
 
Velocity EU 2014 — Offline-first web apps
Velocity EU 2014 — Offline-first web appsVelocity EU 2014 — Offline-first web apps
Velocity EU 2014 — Offline-first web apps
 
Spring Boot and REST API
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RS
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
Introduction to REST and Hypermedia
Introduction to REST and HypermediaIntroduction to REST and Hypermedia
Introduction to REST and Hypermedia
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfast
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 
03 form-data
03 form-data03 form-data
03 form-data
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
 
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
Thijs Feryn - Leverage HTTP to deliver cacheable websites - Codemotion Berlin...
 

More from OPEN KNOWLEDGE GmbH

Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AI
Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AIWarum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AI
Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AIOPEN KNOWLEDGE GmbH
 
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...OPEN KNOWLEDGE GmbH
 
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die Cloud
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die CloudFrom Zero to still Zero: Die schönsten Fehler auf dem Weg in die Cloud
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die CloudOPEN KNOWLEDGE GmbH
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data Imputation
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data ImputationFEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data Imputation
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data ImputationOPEN KNOWLEDGE GmbH
 
Cloud-native and Enterprise Java? Hold my beer!
Cloud-native and Enterprise Java? Hold my beer!Cloud-native and Enterprise Java? Hold my beer!
Cloud-native and Enterprise Java? Hold my beer!OPEN KNOWLEDGE GmbH
 
From Zero to still Zero: The most beautiful mistakes going into the cloud.
From Zero to still Zero: The most beautiful mistakes going into the cloud. From Zero to still Zero: The most beautiful mistakes going into the cloud.
From Zero to still Zero: The most beautiful mistakes going into the cloud. OPEN KNOWLEDGE GmbH
 
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & Co
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & CoReady for the Future: Jakarta EE in Zeiten von Cloud Native & Co
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & CoOPEN KNOWLEDGE GmbH
 
Shared Data in verteilten Architekturen
Shared Data in verteilten ArchitekturenShared Data in verteilten Architekturen
Shared Data in verteilten ArchitekturenOPEN KNOWLEDGE GmbH
 
Machine Learning mit TensorFlow.js
Machine Learning mit TensorFlow.jsMachine Learning mit TensorFlow.js
Machine Learning mit TensorFlow.jsOPEN KNOWLEDGE GmbH
 
It's not Rocket Science: Neuronale Netze
It's not Rocket Science: Neuronale NetzeIt's not Rocket Science: Neuronale Netze
It's not Rocket Science: Neuronale NetzeOPEN KNOWLEDGE GmbH
 
Shared Data in verteilten Systemen
Shared Data in verteilten SystemenShared Data in verteilten Systemen
Shared Data in verteilten SystemenOPEN KNOWLEDGE GmbH
 
Mehr Sicherheit durch Automatisierung
Mehr Sicherheit durch AutomatisierungMehr Sicherheit durch Automatisierung
Mehr Sicherheit durch AutomatisierungOPEN KNOWLEDGE GmbH
 
API-Design, Microarchitecture und Testing
API-Design, Microarchitecture und TestingAPI-Design, Microarchitecture und Testing
API-Design, Microarchitecture und TestingOPEN KNOWLEDGE GmbH
 
Supersonic Java für die Cloud: Quarkus
Supersonic Java für die Cloud: QuarkusSupersonic Java für die Cloud: Quarkus
Supersonic Java für die Cloud: QuarkusOPEN KNOWLEDGE GmbH
 
Hilfe, ich will meinen Monolithen zurück!
Hilfe, ich will meinen Monolithen zurück!Hilfe, ich will meinen Monolithen zurück!
Hilfe, ich will meinen Monolithen zurück!OPEN KNOWLEDGE GmbH
 

More from OPEN KNOWLEDGE GmbH (20)

Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AI
Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AIWarum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AI
Warum der Computer "Nein" sagt - Mehr Nachvollziehbarkeit dank Explainable AI
 
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...
Machine Learning? Ja gerne! Aber was und wie? Eine Kurzanleitung für den erfo...
 
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die Cloud
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die CloudFrom Zero to still Zero: Die schönsten Fehler auf dem Weg in die Cloud
From Zero to still Zero: Die schönsten Fehler auf dem Weg in die Cloud
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data Imputation
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data ImputationFEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data Imputation
FEHLENDE DATEN? (K)EIN PROBLEM!: Die Kunst der Data Imputation
 
Nie wieder Log-Files!
Nie wieder Log-Files!Nie wieder Log-Files!
Nie wieder Log-Files!
 
Cloud-native and Enterprise Java? Hold my beer!
Cloud-native and Enterprise Java? Hold my beer!Cloud-native and Enterprise Java? Hold my beer!
Cloud-native and Enterprise Java? Hold my beer!
 
From Zero to still Zero: The most beautiful mistakes going into the cloud.
From Zero to still Zero: The most beautiful mistakes going into the cloud. From Zero to still Zero: The most beautiful mistakes going into the cloud.
From Zero to still Zero: The most beautiful mistakes going into the cloud.
 
API Expand Contract
API Expand ContractAPI Expand Contract
API Expand Contract
 
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & Co
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & CoReady for the Future: Jakarta EE in Zeiten von Cloud Native & Co
Ready for the Future: Jakarta EE in Zeiten von Cloud Native & Co
 
Shared Data in verteilten Architekturen
Shared Data in verteilten ArchitekturenShared Data in verteilten Architekturen
Shared Data in verteilten Architekturen
 
Machine Learning mit TensorFlow.js
Machine Learning mit TensorFlow.jsMachine Learning mit TensorFlow.js
Machine Learning mit TensorFlow.js
 
KI und Architektur
KI und ArchitekturKI und Architektur
KI und Architektur
 
It's not Rocket Science: Neuronale Netze
It's not Rocket Science: Neuronale NetzeIt's not Rocket Science: Neuronale Netze
It's not Rocket Science: Neuronale Netze
 
Shared Data in verteilten Systemen
Shared Data in verteilten SystemenShared Data in verteilten Systemen
Shared Data in verteilten Systemen
 
Business-Mehrwert durch KI
Business-Mehrwert durch KIBusiness-Mehrwert durch KI
Business-Mehrwert durch KI
 
Mehr Sicherheit durch Automatisierung
Mehr Sicherheit durch AutomatisierungMehr Sicherheit durch Automatisierung
Mehr Sicherheit durch Automatisierung
 
API-Design, Microarchitecture und Testing
API-Design, Microarchitecture und TestingAPI-Design, Microarchitecture und Testing
API-Design, Microarchitecture und Testing
 
Supersonic Java für die Cloud: Quarkus
Supersonic Java für die Cloud: QuarkusSupersonic Java für die Cloud: Quarkus
Supersonic Java für die Cloud: Quarkus
 
Hilfe, ich will meinen Monolithen zurück!
Hilfe, ich will meinen Monolithen zurück!Hilfe, ich will meinen Monolithen zurück!
Hilfe, ich will meinen Monolithen zurück!
 

Recently uploaded

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 

Recently uploaded (20)

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 

Pragmatic REST aka praxisnahes Schnittstellendesign

  • 1. #WISSENTEILEN What would MacGywer do? Pragmatic REST Lars Röwekamp | open knowledge @mobileLarson @_openKnowledge #wissenteilen
  • 3. #WISSENTEILEN SOAP DemoPOST /InStock HTTP/1.1 Host: www.demo.org Content-Type: application/soap+xml; Content-Length: 348 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.demo.org/stock"> <m:StockName>IBM</m:StockName> </m:GetStockPrice> </soap:Body> </soap:Envelope>
  • 4. #WISSENTEILEN XML-RPC DemoPOST /InStock HTTP/1.1 Host: www.demo.org Content-Type: application/xml; Content-Length: 245 <?xml version="1.0" encoding="utf-8"?> <getStockPriceRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation=“storckItemRequest.xsd"> <stockName>IBM</stockName> </getStockPriceRequest>
  • 5. #WISSENTEILEN GET /stocks/ibm HTTP/1.1 Host: www.demo.org Content-Length: 0 REST Demo
  • 6. #WISSENTEILEN Warum REST? Keep it stupid simple a.k.a. KISS • REpresentational State Transfer • Identifikation von Ressourcen durch URL • Manipulation von Ressourcen durch Representation • Selbstbeschreibende Messages • Hypermedia /customers/123 JSON/XML GET, POST, PUT, DELETE Media Types, CachabilityReferences {?}
  • 7. #WISSENTEILEN Warum PRAGMATIC REST? „Yo man! But it is not RESTful, if ...“ { }…{…}{?} (RESTafarian, by Mike Schinkel)
  • 8. #WISSENTEILEN „But is this pragmatic?“ „Pragmatic? Are you kidding? Its CORRECT!“ Warum PRAGMATIC REST? …{?}
  • 9. #WISSENTEILEN „Das* API ist das UI des Entwicklers.“ (*wer möchte darf auch “die API“ sagen)
  • 10. #WISSENTEILEN „So what? Its pragmatic and works for me and my consumers!“ Warum PRAGMATIC REST? {?}
  • 12. #WISSENTEILEN „Order 123 for ‚Larissa‘.“ „And here‘s the receipt.“ „Coffee, latte, large, to-go, semi, double shot, please.“ „Here‘s 5$.“ „What‘s the status of ‚123‘?“„Still prepering.“ „Now its ready.“ REST by Example
  • 13. #WISSENTEILEN // order coffee POST /orders { ... initial order data ... } // check order status GET /orders/1234 // change order PUT /orders/1234 { ... changes ... } // cancel order DELETE /orders/1234 RESTBucks „crud“ given id? filter, query, sorting? PUT? Or PATCH? Security? Versionioning? Error Handling? Content Type?
  • 15. #WISSENTEILEN • „We only need two URLs“ • „Verbs are bad, nouns are good“ • „Plurals are even better“ • „The web is your friend“ • „There is always a root (for associations)“ • „There is always a parameter (for complex variations)“ • „There is always a method (for an operation)“ Golden Rules of REST
  • 16. #WISSENTEILEN // Retrieve single order with id 1234 GET /orders/1234 // Retrieve all ingredients of order 1234 GET /orders/1234/ingredients // Retrieve ingriedient 789 (milk) of order 1234? GET /orders/1234/ingredients/789 // Or even better: What kind of milk is in order 1234? GET /orders/1234/ingredients/milk REST „root“
  • 17. #WISSENTEILEN // Path parameter for identifier GET /orders/1234 // Query parameter for queries GET /orders/?status=ready // Header parameter for platform GET /orders/1234 Accept-Language: de-DE REST „param“
  • 18. #WISSENTEILEN // „Create order“, isn‘t it? POST /orders // Is this allowed? Guess not. Or ...? POST /orders/1234 // „Change order“. I‘am sure! PUT /orders/1234 // „Change order“, too? Isn‘t it? PATCH /orders/1234 REST „method“
  • 19. #WISSENTEILEN POST vs. PUT vs. PATCH POST erzeugt Child Resource an Server-definierter URI PUT erzeugt/ändert Child Resource an Client-definierter URI PATCH ändert Teile einer Child Resource an Client-definierter URI
  • 20. #WISSENTEILEN // Creates order. Returns ID 1234 POST /orders { ... payload for 1234 ... } // Hmmm, updates order 1234? Creates new order? POST /orders { ... payload for 1234 ... } REST „method“
  • 21. #WISSENTEILEN // Changes order with ID 1234 PUT /orders/1234 { ... changes for 1234 ... } // Hmmm, will be irgnored? PUT /orders/1234 { ... changes for 1234, e.g. set amount of milk ... } // Or additional changes? PUT /orders/1234 { ... changes for 1234, e.g. add more milk ... } REST „method“
  • 22. #WISSENTEILEN // Changes order with ID 1234 PUT /orders/1234 { ... changes for 1234 ... } // Same as PUT? Mayby not! PATCH /orders/1234 { ... changes for 1234 ... } // Same as PUT? Is this what i expect? GET /orders/1234?milk=soja or GET /orders/1234/addSojaMilk REST „method“
  • 23. #WISSENTEILEN SAFE / IDEMPOTENT Methods SAFE* keine Änderung an der Ressource IDEMPOTENT** einmalige Änderung an der Ressource-Representation mehrfache Wiederholung führt immer zum selben Ergebnis * GET, HEAD, OPTIONS ** GET, HEAD, OPTIONS, PUT, DELETE
  • 25. #WISSENTEILEN Filter, Sorting, Pagination, Was ist eigentlich mit ... • komplex(er)en Anfragen? • eingeschränkten Rückgabeobjekten? • (alternativen) Sortierungen? • alternativen Rückgabeformat? Und wie sieht es mit „allgemeiner“ Suche aus?
  • 26. #WISSENTEILEN // FILTERING: // List of paid orders (2015-12-20) // Common Style GET /orders?date=20151220&status=payed HTTP 1.1 REST „filter“
  • 27. #WISSENTEILEN // FILTERING: // Details of order 3 (product, date, ...) // Facebook Style GET /orders/3?fields=product,date,status HTTP/1.1 GET /orders/3?fields=item.product,date,status HTTP/1.1 // LinkedIn Style GET /orders/3:(product, date, status) HTTP/1.1 REST „filter“
  • 28. #WISSENTEILEN // FILTERING: // Details of order 3 // without date, status GET /orders/3?exclude=date,status HTTP/1.1 // predefined payload (compact = product, date, status) GET /orders/3?style=compact HTTP/1.1 REST „filter“ What is compact?
  • 29. #WISSENTEILEN // FILTERING: // Details of order 3 // using PREFER HEADER for response payload definition GET /orders/3 HTTP/1.1 Content-Type: application/json Prefer: return=compact-format HTTP 1.1 200 OK Content-Type: application/json; charset=utf-8 Preference-Applied: return=compact-format REST „filter“
  • 30. #WISSENTEILEN // SORTING: // orders sorted (date ↓ /item ↑) // SQL alike style GET /orders?sort=date+DESC,item+ASC HTTP/1.1 // Sort and asc/desc combination, ascending as default GET /orders?sort=date,item&desc=date HTTP/1.1 // use prefix „-“ for descending, ascending as default GET /orders?sort=-date,item HTTP/1.1 REST „sorting“
  • 31. #WISSENTEILEN // FILTERING & SORTING: // orders of „today“ sorted by ... // long version GET /orders?status=open &date_from=20170510&date_to=20170510 &fields=product,status,time&sort=-time,product // short and readable version GET /orders/open_orders_of_today GET /open_orders_of_today REST „filter&sort“
  • 32. #WISSENTEILEN // Pagination: // return page 4 of orders // Is page a query parameter? GET /orders?page=4 HTTP/1.1 // Or is page a „virtual“ resource? GET /orders/pages/4 HTTP/1.1 REST „pagination“ „4“? PREV? NEXT? FIRST? LAST?
  • 33. #WISSENTEILEN // Pagination: // return page 4 of orders // get “page 4“ and info about PREV/NEXT GET /orders?offset=20&limit=5 HTTP/1.1 // Response with success code and link header for // navigation purpose HTTP/1.1. 200 OK Link: <.../orders?offset=0&limit=5>; rel=„first“ <.../orders?offset=5&limit=5>; rel=„prev“, <.../orders?offset=15&limit=5>; rel=„next“, <.../orders?offset=40&limit=2>; rel=„last“ REST „pagination“
  • 34. #WISSENTEILEN // Pagination: // return page 4 of orders // get “page 4“ and info about PREV/NEXT GET /orders?page=4&limit=5 HTTP/1.1 // Response with success code and link header for // navigation purpose HTTP/1.1. 200 OK Link: <.../orders?page=1&limit=5>; rel=„first“ <.../orders?page=3&limit=5>; rel=„prev“, <.../orders?page=5&limit=5>; rel=„next“, <.../orders?page=8&limit=2>; rel=„last“ REST „pagination“
  • 35. #WISSENTEILEN // FULL TEXT SEARCH: // Fulltext search for coffee // Global style via virtual resource GET /searches?q=coffee HTTP/1.1 // Scoped style GET /orders/searches?q=coffee HTTP/1.1 GET /orders?q=coffee HTTP/1.1 REST „search“
  • 36. #WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for 2€ // Query for ... GET /orders?type=coffee&ingredient=milk&price=2 REST „search“ BTW: AND or OR or AND/OR?
  • 37. #WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for LESS THAN 2€ // Query for ... GET /orders?query=type=coffee+ingredient=milk+price<=2 REST „search“ Build your own „Query Language“?
  • 38. #WISSENTEILEN Filter, Sorting, Pagination Resource Query Language (RQL*) • Object-Style Query Language • FIQL Superset (erweiterbar) • Spezifikation & JS Parser (Client & Server) • JS Array, SQL, MongoDB, Elastic Search • Java Parser + JPA Criteria Builder (* https://github.com/persvr/rql)
  • 39. #WISSENTEILEN // ADVANCED SEARCH: // Coffee WITH milk for LESS THAN 2€ // RQL query ... (must possibly be encoded!) GET /orders?query= and(eq(type,coffee), or(eq(ingredients,MILK),lt(price,2)) // RQL alternative query – FIQL (URI friendly) - ... GET /orders?query= type==coffee;(ingredients==MILK,price=lt=2) REST „search“
  • 40. #WISSENTEILEN // SUPER ADVANCED SEARCH: // All stores with // - employees older than 20 years // - who have soled more than 1000 coffee/day // - even if it was damnd hot outside (> 30 degree) #WTH REST „search“
  • 41. #WISSENTEILEN Filter, Sorting, Pagination Super Advanced Queries • teure Client-Server Roundtrips (n+1 oder mehr) • virtuelle Ressourcen (statisch? dynamisch?) • GraphQL als Alternative unbedingt anschauen! (* https://github.com/persvr/rql)
  • 42. #WISSENTEILEN Filter, Sorting, Pagination GraphQL • beliebige Abfragen via Objekt-Graph auf dem man navigiert • liefern des Abfrage-Results in einem einzigen Round-Trip
  • 43. #WISSENTEILEN // SUPER ADVANCED SEARCH: // All stores and their sales // - employees of age 20 // - have sold at least 1000 coffee/day // - even if it was damnd hot (> 30 degree) { stores { name sales(unit: EURO) employees(age:20, soldCoffee:1000) { ... } } } REST „graphQL“
  • 44. #WISSENTEILEN REST... Status Codes (see also: http://www.restpatterns.org/HTTP_Status_Codes/)
  • 45. #WISSENTEILEN Pro Tipp: Use them! • 1xx: Hold on ... • 2xx: Here you go! • 3xx: Go away! • 4xx: You f#!?ed up! • 5xx: I f#!?ed up! (http://restlet.com/http-status-codes-map) Facebook „Always 200“ Anti-Pattern HTTP Status Codes (http://www.restpatterns.org/HTTP_Status_Codes)
  • 47. #WISSENTEILEN // HTTP Status Codes: // signal that new order was created // „Create new Resource“ of type order POST /orders HTTP/1.1 [various other headers] // Response with location header pointing to resource HTTP/1.1. 201 Created Location: http//restbucks.com/api/orders/1234 REST „Codes“
  • 48. #WISSENTEILEN // HTTP Status Codes: // signal that some work is going on // Trigger some async workload POST /orders/... HTTP/1.1 [various other headers] // Response without payload, cause it‘s not yet calculated HTTP/1.1. 202 Accepted REST „Codes“
  • 49. #WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // DELETE order with id 1234 DELETE /orders/1234 HTTP/1.1 [various other headers] // Order successfully deleted. No content by purpose HTTP/1.1. 204 No content HTTP/1.1. 205 Reset content REST „Codes“
  • 50. #WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Retrieve all open orders GET /orders?status=open HTTP/1.1 [various other headers] // There is no open order left. HTTP/1.1. 204 No content REST „Codes“
  • 51. #WISSENTEILEN // HTTP Status Codes: // signal that there is more payload // GET all orders on „page“ two GET /orders?page=4 HTTP/1.1 [various other headers] // Response with success code and links for navigation HTTP/1.1. 206 Partial content Link: <http://.../orders?page=1>; rel= „first“ <http://.../orders?page=3>; rel= „prev“, ... REST „Codes“
  • 52. #WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Ask for order with id 1234 GET /orders/1234 HTTP/1.1 [various other headers] // Could not find order with id 1234 HTTP/1.1. 204 No content REST „Codes“
  • 53. #WISSENTEILEN // HTTP Status Codes: // signal that payload is empty // Ask for order with id 1234 GET /orders/1234 HTTP/1.1 [various other headers] // Could not find order with id 1234 HTTP/1.1. 404 Not found HTTP/1.1. 410 Gone REST „Codes“
  • 54. #WISSENTEILEN Manchmal kommt es anders, als man denk • Code for Code: Status Code & Appliction Level Code • Message for People: Für Logs, Ausgaben, ... • Payload and Format: genormte Error-Payload Format • Kein Stacktrace • Exception Mapper als Provider auf äußerster Ebene HTTP Status Codes
  • 55. #WISSENTEILEN // HTTP Status Codes: // signal that there is a problem // Error Responses: Use them wisely HTTP/1.1 400 Bad Request (unknown/generic status) HTTP/1.1 401 Unauthorized (btw: means unauthenticated) HTTP/1.1 403 Forbidden (btw: means unauthorized) HTTP/1.1 404 Not Found (resource could not be found) HTTP/1.1 405 Method not … (POST, GET, ...) HTTP/1.1 409 Conflict (fixable conflict, e.g. version) HTTP/1.1 410 Gone (update cache) HTTP/1.1 412 Precondition …(If-* header not matching) HTTP/1.1 418 I‘am a teapot (Don‘t ask me for COFFEE!) REST „Codes“
  • 56. #WISSENTEILEN // HTTP Status Codes: // JAX-RS Exception Handler @Provider public class MyAppExceptionHandler implements ExceptionMapper<MyAppException> { @Override public Response toResponse(MyAppException exception) { return Response. status(Status.BAD_REQUEST). entity(new ExceptionEntity(exception)). build(); } } REST „Codes“
  • 57. #WISSENTEILEN // HTTP Status Codes: // signal that there is a problem // Error Responses: Use them wisely HTTP/1.1 429 To many request HTTP/1.1 509 Bandwith limit exceeded REST „Codes“
  • 58. #WISSENTEILEN // HTTP Status Codes: // Rate limit exceeded (e.g. Twitter) HTTP/1.1 429 To many requests [various other headers] { "errors": [ { "code": 88, "message": "Rate limit exceeded" } ] } REST „Codes“
  • 59. #WISSENTEILEN // HTTP Status Codes: // Rate limit exceeded (e.g. Twitter) HTTP/1.1 200 Ok [various other headers] X-Rate-Limit-Limit: ... // rate limit ceiling X-Rate-Limit-Remaining: ... // for the next 15 minutes X-Rate-Limit-Reset: ... // in UTC epoch seconds REST „Codes“
  • 61. #WISSENTEILEN Always remember: „The Web is your Friend“ • das Web bietet tolle Möglichkeiten zur „Skalierung“ • RESTful Service nutzen das Web bzw. HTTP • Client (Web Browser, REST Client, ...) • Proxy Caches („man in the middle cache“) • Content Delivery Networks (CDNs) Caching
  • 62. #WISSENTEILEN // Caching in REST: // Expires-Header (HTTP 1.0) HTTP/1.1 200 Ok Content-Type: application/json Expires: Tue, 20 MAI 2017 12:00 GMT { "id": "espresso", "displayName": "Espresso", "price": 3.20, ... } REST „Cache“ „Hint, ok. Aber für wen eigentlich?“
  • 63. #WISSENTEILEN // Caching in REST: // Chache-Control (HTTP 1.1) HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: private, no-store, max-age=3600 { "id": "espresso", "displayName": "Espresso", "price": 3.20, ... } REST „Cache“ „Only client side caching. Valid for 3600 sec. Must not be stored on disc.“
  • 64. #WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Cache-Control + Last-Modified Header HTTP 1.1 HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: max-age=3600 Last-Modified: Wed, 10 MAI 2017 12:00 GMT { "id": "espresso", ... } REST „Cache“
  • 65. #WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Conditional GET after Timeout (max-age) GET /products/123 HTTP/1.1 If-Modified-Since: Wed, 10 MAI 2017 12:00 GMT REST „Cache“ Modified since? No, 304 (Not Modified). Yes, 200 (Ok) plus Data.
  • 66. #WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Cache-Control + eTag Header HTTP 1.1 HTTP/1.1 200 Ok Content-Type: application/json Cache-Control: max-age=3600 eTag: "1234567890987654321" { "id": "espresso", ... } REST „Cache“
  • 67. #WISSENTEILEN // Caching in REST: // Revalidation & Condition GET // Conditional GET after Timeout (max-age) GET /products/123 HTTP/1.1 If-Non-Match: "1234567890987654321" REST „Cache“ Modified since? No, 304 (Not Modified). Yes, 200 (Ok) plus Data.
  • 70. #WISSENTEILEN Authentication vs. Authorization • Authentication a.k.a. „Hotelrezeption“ • Authorization a.k.a. „Zimmerschlüssel“ Security
  • 71. #WISSENTEILEN Authentication vs. Authorization • 401 „Unauthorized“ meint eigentlich „Unauthenticated“! • 403 „Forbidden“ meint eigentlich „ Unauthorized“! Security
  • 72. #WISSENTEILEN REST „Security“ Server based Security • Sessions • Skalierbarbeit • Cookies • CORS • CSRF
  • 73. #WISSENTEILEN REST „Security“ Token based Security • Stateless • Token statt Cookie • Individual Expiration • Friend to Friend Permissions
  • 74. #WISSENTEILEN JSON Web Token • neue, einfache Spec • sehr kompakt • Token plus public & private „Claims“ • digitale Signatur und/oder Encryption • als Bearer Token und für SSO Security
  • 76. #WISSENTEILEN JSON Web Token & API Goals 1. Authorize Request 2. Verify Sender 3. Avoid Man in the Middle 4. Expiration 5. Request Cloning Security
  • 81. #WISSENTEILEN REST „Security“ // Security in REST: // JSON Web Token //Reusable verifier instance JWTVerifier verifier = JWT .require(Algorithm.RSA256((RSAKey)publicKey)) .withIssuer("http://myAuth.com/auth/") .build(); DecodedJWT jwt = verifier.verify(token); String userId = jwt.getSubject(); String userName = jwt.getClaim("name").asString(); String email = jwt.getClaim("email").asString(); com.oauth.jwt
  • 83. #WISSENTEILEN Was ist das Problem? • neue APIs • geänderte APIs • deprecaded APIs • Payload / Parameter Syntax • Payload / Parameter Semantik API Evolution
  • 84. #WISSENTEILEN Postel‘s Law a.k.a. robustness principle: „Be conservative in what you do*, be liberal in what you accept from others.“ Ben Morris Blog: „REST APIs don‘t need a versioning strategy – they need a change strategy!“ API Evolution (* do = change)
  • 85. #WISSENTEILEN Versionierung! Aber wie? • gar nicht • gar nicht (via neue Ressourcen) • gar nicht (via erweiterbarer Datenformate) • Versionsnummer in der URL • Version Request Header • Content Negotiation API Evolution
  • 86. #WISSENTEILEN REST „Version“ // Evolution in REST: // Multiple Resources // GET all orders v1 GET /orders HTTP/1.1 // GET all neworders, oders are deprecated GET /neworders HTTP/1.1 // GET all even newer orders, new orders are deprecated GET /evennewerorders HTTP/1.1
  • 87. #WISSENTEILEN REST „Version“ // Evolution in REST: // Multiple Resources // GET all orders v1 GET /orders HTTP/1.1 // GET all neworders, oders are deprecated GET /neworders HTTP/1.1 // GET all even newer orders, new orders are deprecated GET /orders HTTP/1.1
  • 88. #WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, "size" : "large", } ], "location" : ”take-away" }
  • 89. #WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, "size" : "large", ”price" : ”4 USD", } ], ”total-price" : ”4 USD", "location" : ”take-away" }
  • 90. #WISSENTEILEN REST „Version“ // Evolution in REST: // Backwards compability // Versioning via adaptable data format { "items" : [ { "name" : "coffee", "quantity" : 1, “size" : "large", “price" : ”4 USD", } ], ”price" : ”4 USD", "location" : ”take-away" } „Are you a tolerant reader?“
  • 91. #WISSENTEILEN REST „Version“ // Evolution in REST: // via URL // Versioning via URL (default version) GET /api/orders/1234 HTTP/1.1 // Versioning via URL (version 1) GET /api/v1/orders/1234 HTTP/1.1 // Versioning via URL (version 2) GET /api/v2/orders/1234 HTTP/1.1 No way! This isn‘t a RESOURCE!
  • 92. #WISSENTEILEN REST „Version“ // Evolution in REST: // via HEADER // Versioning via Header(default version) GET /orders/1234 HTTP/1.1 // Versioning via Custom Header GET /orders/1234 HTTP/1.1 Api-version: 2.1 // Versioning via Accept Header GET /orders/1234 HTTP/1.1 Accept: application/vnd.restbucks.orderservice.v2.1+json No way! This isn‘t a “clickable“ URL! For chaching: „Vary: Content-Type“
  • 93. #WISSENTEILEN REST „Version“ // Evolution in REST: // via URL and HEADER // Versioning via Header(default version) GET /orders/1234 HTTP/1.1 // Versioning via URL (major) and header (minor) GET /orders/v2/1234 HTTP/1.1 my-api-version: 2017-05-01
  • 94. #WISSENTEILEN REST „Hateoas“ „If the engine of application state (and hence the API) is not driven by hypertext, then it cannot be RESTful and cannot be a REST API.“ Roy Fielding // Evolution in REST: // Hypermedia as the engins of // application state
  • 95. #WISSENTEILEN REST „Hateoas“ „A REST API should be entered with no prior knowledge beyond the initial URI ... From that point on, all application state transitions must be driven by the client selection of server-provides choices ...“ Roy Fielding // Evolution in REST: // Hypermedia as the engins of // application state
  • 96. #WISSENTEILEN REST „ Hateoas“ // Evolution in REST: // Hypermedia as the engins of // application state POST /orders/ HTTP/1.1 { ... payload of order to create ... } HTTP/1.1. 201 Created Location: http://restbucks.com/api/orders/1234 Link: <.../orders/1234>; rel=„cancel“ <.../orders/1234>; rel=„update“, <.../orders/1234>; rel=„delete“, <.../payment/1234>; rel=„pay“
  • 98. #WISSENTEILEN „The very most important thing is that you have an API that your consumers find consistent and usable. This is not necessarily the same thing as being 100% RESTful.“
  • 100. Kontakt LARS RÖWEKAMP CIO NEW TECHNOLOGIES lars.roewekamp@openknowledge.de +49 (0)441 4082 – 0 @mobileLarson @_openknowledge OFFENKUNDIGGUT #WISSENTEILEN
  • 101. Bildnachweise #97: © tomertu - shutterstock.com All other pictures inside this presentation orginate from pixabay.com or were created by my own. #WISSENTEILEN