I got 99 problems, but ReST ain't one

Adrian Cole
Adrian Colezipkin guy at Pivotal
> GET /problems/MONEY HTTP/1.1 I GOT 99 PROBLEMS > Host: localhost > Accept: */* < HTTP/1.1 200 OK > GET /problems/POWER HTTP/1.1 > Host: localhost BUT REST AINT ONE > Accept: */* < HTTP/1.1 200 OK > GET /problems/REST HTTP/1.1 > Host: localhost > Accept: */* @adrianfcole < HTTP/1.1 404 Not Found
PROBLEMS ➡Why API ➡ReST vs other HTTP APIs? ➡Design Patterns vs Real APIs
WHO IS THIS GUY? ๏ @adrianfcole ๏ architect CloudHub at MuleSoft ๏founder jclouds
THANKS ★ api-craft ★ mattstep ★ gtcampbell ★ mulies
WHY WE API photo copyright 2005 Sony Pictures
COLLABORATE GROW ECOSYSTEM AND INNOVATE
HOW TO ReST SOAP API
HOW TO ReST WS-* API
HOW TO ReST ReST ish API
HOW TO not-soap HATEOAS REST
To the Level 0: Level 1: Swamp of POX Resources glory Level 2: Level 3: Verbs Hypermedia of REST
> POST /api HTTP/1.1 > <SOAP-ENV:Envelope ...> <SOAP-ENV:Body> <m:getAvailableDataSources xmlns:m=" Swamp <group xsi:type="xsd:string">ArcWe <service xsi:type="xsd:string">Map <token xsi:type="xsd:string">MyTok </m:getAvailableDataSources> of POX </SOAP-ENV:Body> </SOAP-ENV:Envelope> < HTTP/1.1 200 OK < <?xml version="1.0" encoding="UTF-8"?> <soap:Envelope ...> <soap:Body> <n:getAvailableDataSourcesResponse x <Result href="#id0"/> </n:getAvailableDataSourcesResponse> All things go over the <id0 id="id0" soapenc:root="0" xsi:t soapenc:arrayType="ns5:DataSource[21]"> same endpoint as XML <i href="#id1"/> --snip--
RESOURCES > GET https://ec2.amazonaws.com/?Action=DeleteVolume&VolumeId=vol-4282672b HTTP/1.1 < HTTP/1.1 200 OK <DeleteVolumeResponse xmlns="http://ec2.amazonaws.com/doc/2012-08-15/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </DeleteVolumeResponse> --snip-- Many URIs, same HTTP method Side-effects are API-specific
VERBS > HEAD https://mybucket.s3.amazonaws.com/ HTTP/1.1 < HTTP/1.1 200 OK HTTP verbs mean more than CRUD Status codes are meaningful
HYPERMEDIA > GET https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9dd4e03546 > Accept: application/vnd.vmware.vcloud.catalogItem+xml < HTTP/1.1 200 OK < Content-Type: application/vnd.vmware.vcloud.catalogItem+xml;version=1.0 <CatalogItem xmlns="http://www.vmware.com/vcloud/v1" name="mycatalog" type=" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a5 <Link rel="up" type="application/vnd.vmware.vcloud.catalog+xml" href="https://vcloud/api/v1.0/catalog/7f192dfe-00d1-42f2-9f76-9360 <Link rel="edit" type="application/vnd.vmware.vcloud.catalogItem+xml" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f- <Link rel="remove" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9 --snip-- Discoverability, Self-documenting
What makes it HYPER? ➡Base Type ➡Links
abort add alternate disk:attach TRANSITIONS edit remove task All transitions are discoverable via links
CONTENT NEGOTIATION ➡ Client supplies representation in Accept header ➡On change, update mediatype name or annotate via ;version=N.N ➡On overhaul, bump global version Accept: application/vnd.VENDOR.PRODUCT.RESOURCE+xml
Representing HyperMedia Extend Atom Opaque + Link Headers HAL ...
EXTEND ATOM Vendor Type, Link elements < HTTP/1.1 200 OK < Content-Type: application/vnd.vmware.vcloud.catalogItem+xml;version=1.0 <CatalogItem xmlns="http://www.vmware.com/vcloud/v1" name="mycatalog" type=" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a5 <Link rel="up" type="application/vnd.vmware.vcloud.catalog+xml" href="https://vcloud/api/v1.0/catalog/7f192dfe-00d1-42f2-9f76-9360 <Link rel="edit" type="application/vnd.vmware.vcloud.catalogItem+xml" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f- <Link rel="remove" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9 --snip-- domain-specific types inherits link semantics from Atom
Link Headers Opaque Type, Link elements < HTTP/1.1 200 OK < Content-Type: image/jpeg Link: </images/foo.png>; rel="alternate"; type=”image/png” 010101010101010101 --snip-- supports binary types facilitates intermediaries
Hypertext Application Language Mix-in hypermedia controls into base type embed resources for efficiency < HTTP/1.1 200 OK < Content-Type: application/hal+json { _links: { self: { href: '/example', } }, _embedded: {}, name: 'foo', --snip-- domain-specific type agnostic
ELEGENT clients always know transitions self-documenting LETS USE and discoverable version at HATEOAS media-type granularity
Perceived Complexity?
Level 2 optimizes for Coarse Grained Versions CRUD++ Limited Representations Today’s Tools Simplicity over Elegance
IS IT ALL JUST PRICKLES & GOO?
can we have both?
There Domain Style Base Format is no State Transfer Level2 App Flow Design plus stuff like errors
REST Design tools ➡Apiary ➡Swagger ➡iodocs
GOOD API DESIGNERS UNDERSTAND how it is used, and who will use it importance of iterations and feedback impacts to design beyond development there’s no golden hammer (not even mongo)
TWITTER IS NOT HATEOAS REST SEARCH STREAM
AWS IS NOT REST AWS IS GOOD api designed to parse quickly simple extension (add new key) consistent security model bulk ops
WebSockets ain’t even HTTP! Handshake is HTTPish Discoverable like ReST Full-Duplex Uncode or Binary Messages TCP Protocol
GOOD REST APIs Are consciously designed Version at the right scope Don’t leak implementation details Use auth models relevant to consumer Are well documented with examples
What now? ➡join api-craft ➡read The REST API Design Handbook ➡read Building Hypermedia APIs... ➡socialize your ideas Thank you!
1 of 35

I got 99 problems, but ReST ain't one

Technology

Review of Web, Query, and HATEOAS designs many call ReST. Motivations behind choices.

Adrian Cole
Adrian Colezipkin guy at Pivotal

Recommended

RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best PracticesTricode (part of Dept)
2.6K views20 slides
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!BizTalk360
2.2K views36 slides
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarApigee | Google Cloud
81.3K views73 slides
API Design- Best PracticesAPI Design- Best Practices
API Design- Best PracticesPrakash Bhandari
763 views22 slides
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
11.1K views22 slides
Spring Boot TutorialSpring Boot Tutorial
Spring Boot TutorialNaphachara Rattanawilai
7.8K views29 slides

More Related Content

What's hot

REST APIs with SpringREST APIs with Spring
REST APIs with SpringJoshua Long
25.6K views103 slides
Restful api designRestful api design
Restful api designMizan Riqzia
1.5K views29 slides
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
6.3K views12 slides
Xke spring bootXke spring boot
Xke spring bootsourabh aggarwal
1.3K views20 slides

What's hot(20)

REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long25.6K views
Spring boot introductionSpring boot introduction
Spring boot introduction
Rasheed Waraich7.7K views
Restful api designRestful api design
Restful api design
Mizan Riqzia1.5K views
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.6.3K views
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewaySpring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Iván López Martín436 views
Xke spring bootXke spring boot
Xke spring boot
sourabh aggarwal1.3K views
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Steve Pember1.8K views
SvelteSvelte
Svelte
University of Moratuwa, Katubedda, Sri Lanka136 views
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia5.4K views
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | Edureka
Edureka!1.6K views
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Apigee | Google Cloud5.5K views
Introduction to spring bootIntroduction to spring boot
Introduction to spring boot
Santosh Kumar Kar19.4K views
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura18.3K views
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande6.4K views
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
Stormpath225.9K views
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin1.2K views
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
Karl McGuinness7.5K views
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC115.2K views
Exception handlingException handling
Exception handling
Anna Pietras941 views
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
Kevin Brockhoff2.1K views

Viewers also liked

Viewers also liked(20)

VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld979 views
Между молотом и наковальней. Production QualityМежду молотом и наковальней. Production Quality
Между молотом и наковальней. Production Quality
SQALab611 views
Что было, что есть, что будет: Current State vs. Common SenseЧто было, что есть, что будет: Current State vs. Common Sense
Что было, что есть, что будет: Current State vs. Common Sense
SQALab573 views
Аудит команды тестирования в сложном проектеАудит команды тестирования в сложном проекте
Аудит команды тестирования в сложном проекте
SQALab9.9K views
Обратная связь и целеполагание, как маяки надежды тестировщикаОбратная связь и целеполагание, как маяки надежды тестировщика
Обратная связь и целеполагание, как маяки надежды тестировщика
SQALab757 views
Ответственность за качество в разных ИТ-проектахОтветственность за качество в разных ИТ-проектах
Ответственность за качество в разных ИТ-проектах
SQALab1K views
Три инструмента тест-менеджера для работы с людьмиТри инструмента тест-менеджера для работы с людьми
Три инструмента тест-менеджера для работы с людьми
SQALab9.8K views
Управление хаосом, или как жить когда число тестов перевалило за десятки тысячУправление хаосом, или как жить когда число тестов перевалило за десятки тысяч
Управление хаосом, или как жить когда число тестов перевалило за десятки тысяч
SQALab612 views
Определение pass/fail критериев при тестировании и анализе производительностиОпределение pass/fail критериев при тестировании и анализе производительности
Определение pass/fail критериев при тестировании и анализе производительности
SQALab1.8K views
Пользовательские требования в жизни тестировщикаПользовательские требования в жизни тестировщика
Пользовательские требования в жизни тестировщика
SQALab1.8K views
Пирамида Тестирования через призму ROI калькулятора и прочая геометрияПирамида Тестирования через призму ROI калькулятора и прочая геометрия
Пирамида Тестирования через призму ROI калькулятора и прочая геометрия
SQALab2.3K views
Процесс тестирования в условиях неявных требованийПроцесс тестирования в условиях неявных требований
Процесс тестирования в условиях неявных требований
SQALab1.5K views
A New Model for TestingA New Model for Testing
A New Model for Testing
SQALab1.4K views
Работа с бизнес-требованиями на стадии выхода продуктаРабота с бизнес-требованиями на стадии выхода продукта
Работа с бизнес-требованиями на стадии выхода продукта
SQALab1.5K views
Psychology and testingPsychology and testing
Psychology and testing
SQALab735 views
Метод No-Test-Cases: избавьтесь от тест-кейсов в тестированииМетод No-Test-Cases: избавьтесь от тест-кейсов в тестировании
Метод No-Test-Cases: избавьтесь от тест-кейсов в тестировании
SQALab10.8K views
How to reduce your test cases... magically!How to reduce your test cases... magically!
How to reduce your test cases... magically!
SQALab951 views
Advancing Testing Using AxiomsAdvancing Testing Using Axioms
Advancing Testing Using Axioms
SQALab625 views
Отряд тест-аналитиковОтряд тест-аналитиков
Отряд тест-аналитиков
SQALab1.6K views
Examples how to move towards Zero DefectsExamples how to move towards Zero Defects
Examples how to move towards Zero Defects
SQALab3.2K views

Similar to I got 99 problems, but ReST ain't one

Progressive web appsProgressive web apps
Progressive web appsFastly
3.1K views62 slides

Similar to I got 99 problems, but ReST ain't one(20)

Why Integrate using an API? | MuleSoftWhy Integrate using an API? | MuleSoft
Why Integrate using an API? | MuleSoft
MuleSoft1.7K views
Progressive web appsProgressive web apps
Progressive web apps
Fastly3.1K views
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
Chalermpon Areepong3.4K views
Service Discovery Like a ProService Discovery Like a Pro
Service Discovery Like a Pro
Eran Harel1.2K views
Deploy and Destroy: Testing Environments - Michael Arenzon - DevOpsDays Tel A...Deploy and Destroy: Testing Environments - Michael Arenzon - DevOpsDays Tel A...
Deploy and Destroy: Testing Environments - Michael Arenzon - DevOpsDays Tel A...
DevOpsDays Tel Aviv139 views
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John Hardy
ManageIQ2.2K views
Using and scaling Rack and Rack-based middlewareUsing and scaling Rack and Rack-based middleware
Using and scaling Rack and Rack-based middleware
Alona Mekhovova1.1K views
11 asp.net web api11 asp.net web api
11 asp.net web api
Michael Mieles Caballero743 views
Four Times Microservices - REST, Kubernetes, UI Integration, AsyncFour Times Microservices - REST, Kubernetes, UI Integration, Async
Four Times Microservices - REST, Kubernetes, UI Integration, Async
Eberhard Wolff2.4K views
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talk
aldur999632 views
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
Jim Jeffers2.8K views
HTML5 tutorial: canvas, offfline & socketsHTML5 tutorial: canvas, offfline & sockets
HTML5 tutorial: canvas, offfline & sockets
Remy Sharp6.7K views
Node.js Build, Deploy and Scale WebinarNode.js Build, Deploy and Scale Webinar
Node.js Build, Deploy and Scale Webinar
jguerrero999622 views
About REST & SymfonyAbout REST & Symfony
About REST & Symfony
Maxence Poutord164 views
Unit 02: Web Technologies (2/2)Unit 02: Web Technologies (2/2)
Unit 02: Web Technologies (2/2)
DSBW 2011/2002 - Carles Farré - Barcelona Tech4.2K views
Integrating with SAP FIX and HL7Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7
WSO22.4K views
The Evolving Security Environment For Web ServicesThe Evolving Security Environment For Web Services
The Evolving Security Environment For Web Services
Qanita Ahmad790 views
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
King Foo1.2K views
Why we choose Symfony2Why we choose Symfony2
Why we choose Symfony2
Merixstudio388 views
Running Microservices and Docker on AWS Elastic Beanstalk - August 2016 Month...Running Microservices and Docker on AWS Elastic Beanstalk - August 2016 Month...
Running Microservices and Docker on AWS Elastic Beanstalk - August 2016 Month...
Amazon Web Services8.4K views

More from Adrian Cole

Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP ApisAdrian Cole
5.6K views61 slides
jclouds overviewjclouds overview
jclouds overviewAdrian Cole
1.1K views18 slides
Living on the edgeLiving on the edge
Living on the edgeAdrian Cole
2.8K views44 slides

More from Adrian Cole(6)

HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
Adrian Cole4.5K views
Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP Apis
Adrian Cole5.6K views
Using and contributing to the next GuiceUsing and contributing to the next Guice
Using and contributing to the next Guice
Adrian Cole3K views
jclouds overviewjclouds overview
jclouds overview
Adrian Cole1.1K views
Living on the edgeLiving on the edge
Living on the edge
Adrian Cole2.8K views
When small problems become big problemsWhen small problems become big problems
When small problems become big problems
Adrian Cole928 views

Recently uploaded

Recently uploaded(20)

Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting170 views
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk172 views
ChatGPT and AI for Web DevelopersChatGPT and AI for Web Developers
ChatGPT and AI for Web Developers
Maximiliano Firtman152 views
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
Fwdays35 views
.conf Go 2023 - SIEM project @ SNF.conf Go 2023 - SIEM project @ SNF
.conf Go 2023 - SIEM project @ SNF
Splunk163 views
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya51 views
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
Fwdays23 views
AMD: 4th Generation EPYC CXL DemoAMD: 4th Generation EPYC CXL Demo
AMD: 4th Generation EPYC CXL Demo
CXL Forum117 views
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes74 views
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver23 views
Astera Labs: Intelligent Connectivity for Cloud and AI InfrastructureAstera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
Astera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
CXL Forum118 views
JCon Live 2023 - Lice coding some integration problemsJCon Live 2023 - Lice coding some integration problems
JCon Live 2023 - Lice coding some integration problems
Bernd Ruecker61 views
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman20 views
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
The Digital Insurer24 views
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst389 views
GigaIO: The March of Composability Onward to Memory with CXLGigaIO: The March of Composability Onward to Memory with CXL
GigaIO: The March of Composability Onward to Memory with CXL
CXL Forum118 views
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation23 views
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳28 views
PyCon ID 2023 - Ridwan Fadjar Septian.pdfPyCon ID 2023 - Ridwan Fadjar Septian.pdf
PyCon ID 2023 - Ridwan Fadjar Septian.pdf
Ridwan Fadjar163 views
MemVerge: Gismo (Global IO-free Shared Memory Objects)MemVerge: Gismo (Global IO-free Shared Memory Objects)
MemVerge: Gismo (Global IO-free Shared Memory Objects)
CXL Forum108 views

I got 99 problems, but ReST ain't one

  • 1. > GET /problems/MONEY HTTP/1.1 I GOT 99 PROBLEMS > Host: localhost > Accept: */* < HTTP/1.1 200 OK > GET /problems/POWER HTTP/1.1 > Host: localhost BUT REST AINT ONE > Accept: */* < HTTP/1.1 200 OK > GET /problems/REST HTTP/1.1 > Host: localhost > Accept: */* @adrianfcole < HTTP/1.1 404 Not Found
  • 2. PROBLEMS ➡Why API ➡ReST vs other HTTP APIs? ➡Design Patterns vs Real APIs
  • 3. WHO IS THIS GUY? ๏ @adrianfcole ๏ architect CloudHub at MuleSoft ๏founder jclouds
  • 4. THANKS ★ api-craft ★ mattstep ★ gtcampbell ★ mulies
  • 5. WHY WE API photo copyright 2005 Sony Pictures
  • 7. HOW TO ReST SOAP API
  • 8. HOW TO ReST WS-* API
  • 9. HOW TO ReST ReST ish API
  • 10. HOW TO not-soap HATEOAS REST
  • 11. To the Level 0: Level 1: Swamp of POX Resources glory Level 2: Level 3: Verbs Hypermedia of REST
  • 12. > POST /api HTTP/1.1 > <SOAP-ENV:Envelope ...> <SOAP-ENV:Body> <m:getAvailableDataSources xmlns:m=" Swamp <group xsi:type="xsd:string">ArcWe <service xsi:type="xsd:string">Map <token xsi:type="xsd:string">MyTok </m:getAvailableDataSources> of POX </SOAP-ENV:Body> </SOAP-ENV:Envelope> < HTTP/1.1 200 OK < <?xml version="1.0" encoding="UTF-8"?> <soap:Envelope ...> <soap:Body> <n:getAvailableDataSourcesResponse x <Result href="#id0"/> </n:getAvailableDataSourcesResponse> All things go over the <id0 id="id0" soapenc:root="0" xsi:t soapenc:arrayType="ns5:DataSource[21]"> same endpoint as XML <i href="#id1"/> --snip--
  • 13. RESOURCES > GET https://ec2.amazonaws.com/?Action=DeleteVolume&VolumeId=vol-4282672b HTTP/1.1 < HTTP/1.1 200 OK <DeleteVolumeResponse xmlns="http://ec2.amazonaws.com/doc/2012-08-15/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </DeleteVolumeResponse> --snip-- Many URIs, same HTTP method Side-effects are API-specific
  • 14. VERBS > HEAD https://mybucket.s3.amazonaws.com/ HTTP/1.1 < HTTP/1.1 200 OK HTTP verbs mean more than CRUD Status codes are meaningful
  • 15. HYPERMEDIA > GET https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9dd4e03546 > Accept: application/vnd.vmware.vcloud.catalogItem+xml < HTTP/1.1 200 OK < Content-Type: application/vnd.vmware.vcloud.catalogItem+xml;version=1.0 <CatalogItem xmlns="http://www.vmware.com/vcloud/v1" name="mycatalog" type=" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a5 <Link rel="up" type="application/vnd.vmware.vcloud.catalog+xml" href="https://vcloud/api/v1.0/catalog/7f192dfe-00d1-42f2-9f76-9360 <Link rel="edit" type="application/vnd.vmware.vcloud.catalogItem+xml" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f- <Link rel="remove" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9 --snip-- Discoverability, Self-documenting
  • 16. What makes it HYPER? ➡Base Type ➡Links
  • 17. abort add alternate disk:attach TRANSITIONS edit remove task All transitions are discoverable via links
  • 18. CONTENT NEGOTIATION ➡ Client supplies representation in Accept header ➡On change, update mediatype name or annotate via ;version=N.N ➡On overhaul, bump global version Accept: application/vnd.VENDOR.PRODUCT.RESOURCE+xml
  • 19. Representing HyperMedia Extend Atom Opaque + Link Headers HAL ...
  • 20. EXTEND ATOM Vendor Type, Link elements < HTTP/1.1 200 OK < Content-Type: application/vnd.vmware.vcloud.catalogItem+xml;version=1.0 <CatalogItem xmlns="http://www.vmware.com/vcloud/v1" name="mycatalog" type=" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a5 <Link rel="up" type="application/vnd.vmware.vcloud.catalog+xml" href="https://vcloud/api/v1.0/catalog/7f192dfe-00d1-42f2-9f76-9360 <Link rel="edit" type="application/vnd.vmware.vcloud.catalogItem+xml" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f- <Link rel="remove" href="https://vcloud/api/v1.0/catalogItem/1c01defe-1111-42ac-a50f-9 --snip-- domain-specific types inherits link semantics from Atom
  • 21. Link Headers Opaque Type, Link elements < HTTP/1.1 200 OK < Content-Type: image/jpeg Link: </images/foo.png>; rel="alternate"; type=”image/png” 010101010101010101 --snip-- supports binary types facilitates intermediaries
  • 22. Hypertext Application Language Mix-in hypermedia controls into base type embed resources for efficiency < HTTP/1.1 200 OK < Content-Type: application/hal+json { _links: { self: { href: '/example', } }, _embedded: {}, name: 'foo', --snip-- domain-specific type agnostic
  • 23. ELEGENT clients always know transitions self-documenting LETS USE and discoverable version at HATEOAS media-type granularity
  • 25. Level 2 optimizes for Coarse Grained Versions CRUD++ Limited Representations Today’s Tools Simplicity over Elegance
  • 26. IS IT ALL JUST PRICKLES & GOO?
  • 27. can we have both?
  • 28. There Domain Style Base Format is no State Transfer Level2 App Flow Design plus stuff like errors
  • 29. REST Design tools ➡Apiary ➡Swagger ➡iodocs
  • 30. GOOD API DESIGNERS UNDERSTAND how it is used, and who will use it importance of iterations and feedback impacts to design beyond development there’s no golden hammer (not even mongo)
  • 31. TWITTER IS NOT HATEOAS REST SEARCH STREAM
  • 32. AWS IS NOT REST AWS IS GOOD api designed to parse quickly simple extension (add new key) consistent security model bulk ops
  • 33. WebSockets ain’t even HTTP! Handshake is HTTPish Discoverable like ReST Full-Duplex Uncode or Binary Messages TCP Protocol
  • 34. GOOD REST APIs Are consciously designed Version at the right scope Don’t leak implementation details Use auth models relevant to consumer Are well documented with examples
  • 35. What now? ➡join api-craft ➡read The REST API Design Handbook ➡read Building Hypermedia APIs... ➡socialize your ideas Thank you!

Editor's Notes

  1. \n
  2. we need to define what we are talking about, and then evaluate patterns\n
  3. \n
  4. \n
  5. Now that we are here, we underscore motivations to even bother with.\n
  6. A Web API Study: Hurwitz;\n leads to integration -&gt; stronger ecosystem -&gt; more value\n &gt; devices and applications in the ecosystem\n\n
  7. At first glance, we might think how to present an api is rest vs soap\n
  8. it might really be the aspects of WS-* that would make such a decision, such as WS-Security, AtomicTransaction, ReliableMessaging\n
  9. Say we chose, ReST.. the thing is that ReST means a lot to many people\n
  10. ends up being something between soap and hypertext driven\n
  11. Leonard Richardson circa 2008 Maturity Model\n
  12. Easiest example of POX is tunneling commands over a single http request/response paradigm\n
  13. many uris, but a single invocation method. operations might be encoded in parameters, and resource might be mixed in with them\n
  14. HEAD is metadata; PATCH is for update; PUT is replace; POST -&gt; RPC/create\natomicity underpins idempotence; by spec POST can affect multiple resources, but most others (except notably trace,options) only apply to the resource identified by the href\n
  15. \n
  16. \n
  17. HATEOAS is basically a state machine. Your responsibility is to not attempt any transition undefined in links\n
  18. New resources types can be added without breaking client, as can new fields/links\nabove pattern recommended by: Dan Feist\n\nOther option you can use is link with profile relation.\n
  19. There are other ways, too...\nxlink can decorate in namespace of xml, but doesn&amp;#x2019;t expose representations\ncollection+json is an interesting approach for managing collections (includes its own data format)\n
  20. \n
  21. ex. cache intermediaries http://tools.ietf.org/html/draft-nottingham-linked-cache-inv-03\n
  22. define domain-specific type using type link parameter, or via custom rel or profile link (preferred)\nhttp://tools.ietf.org/id/draft-kelly-json-hal\nalso supports templated urls such as queries\n
  23. \n
  24. sometimes domain models are well defined, so the added value may be lost on the user\n
  25. Leonard Richardson circa 2008 Maturity Model\n
  26. Prickles &amp; Goo: Alan Watts Trey Parker Matt Stone\nIs culture behind adoption of a particular rest approach? Even if the approach is correct, can you persuade devs to adopt something they don&amp;#x2019;t want?\n
  27. we are probably at various intervals on the same plane. more detail == overly complex. not enough == naive.\n
  28. Amundsen, Mike (2011-11-22). Building Hypermedia APIs with HTML5 and Node (p. 20). OReilly Media - A. Kindle Edition. \n
  29. http://apiary.io/ &lt; markdown extension describes behavior, generates mock and tests it\nhttp://swagger.wordnik.com/ &lt;- json describes resource, apis, models, generates many clients\nhttps://github.com/mashery/iodocs &lt;- json describes service, apis, creates javascript client\n
  30. database details such as pagination, etc\n\ntransition to a design that isn&amp;#x2019;t rest (aws)\n
  31. original has been around since 2008, latest update mainly addressed oauth and rate limiting changes; thanks Greg Campbell for insight; api is versioned as 1.1, but includes 3 distinct apis\naside: search can be modeled in HATEOAS, where POST is creation of search results, HEAD returns lifespan, etc\n\n
  32. Many amazon web services do not even follow type 2 classifications, yet they are widely adopted, and successful.. why is that? why do they not use rest?\n\ngurupa is the amazon http server, which is tuned for query parsing. language for extending it is simple (add a key), so parsing it to verify signature is just sort the keys and sign it.\n\nbulk ops like s3 multi-delete help deal with very large problems.\n
  33. Ex. ELB you have to use TCP/SSL as this is not a HTTP compatible protocol\nconsider impact for example lack of origin IP address, sticky session\nnew set of gateway products will emerge to support WebSockets\n
  34. database details such as pagination, etc\n
  35. \n