ReST<br />you’re doing it wrong!<br />Sergey ShishkinMT AG<br /><br />@sshishkin<br />
ReST<br />you’re doing it wrong!<br />Sergey ShishkinMT AG<br /><br />@sshishkin<br />
A Tale of an Ice-Cream Maker<br />by SebastienLambla<br />
Architecture<br />of the web<br />
Loose Coupling<br />
Simplicity,Uniformity<br />
Scalability,Performance<br />
You MightNot Need It<br />
Which URI is RESTful?<br />/products/books/can-haz-rest<br />/products ? title=can-haz-rest<br />/Y2FuLWhhei1yZXN0%3D<br />
POST /REST.svc<PlaceOrder>  <Product> 1234 </Product>  <Price> 19.90 </Price>  <Qty> 2 </Qty></PlaceOrder><br />
POST /REST.svc{PlaceOrder: {    Product: 1234,    Price: 19.90,    Quantity: 2  }}<br />
Richardson RESTMaturity Model<br />None<br />
GET /REST.svc ?  op=PlaceOrder &  product=1234 &qty=2<br />
URI Tunneling<br />
POST /Orders.svc ?  product=1234 &qty=2<br />
GETidempotent,safe<br />POSTnon idempotent, unsafe<br />PUTidempotent, unsafe<br />DELETEidempotent, unsafe<br />HEADidemp...
GET /Users/1234…PUT /Users/1234{  login: bob, …userpic: {…},  settings: {…}}<br />
Resourcesare notEntities<br />
CRUD<br />
CRUD<br />
GET /Profile/SettingsPOST /Profile/SettingsPOST /Profile/Image<br />
URI Templates<br />/products/{id}<br />
Richardson RESTMaturity Model<br />URI<br />None<br />
Versioning<br />/api/v2<br />
GET /api<br />Accept:  application/vnd.example+xml;    version=2,  application/xml<br />
Languages<br />/de/product/1234/product/1234 ? lang=fr<br />
GET /product/1234<br />Accept-Language: de<br />
Richardson RESTMaturity Model<br />HTTP<br />URI<br />None<br />
GET /Products/1234…Content-Type: application/json{  title: can-haz-rest,  price: 19.99,  …}<br />
Generic Media Types<br />
application/atom+xml;type=feed<br />application/vnd.example+json<br />
GET /Products/1234{  title: can-haz-rest,  price: 19.99,}<br />And What Now?<br />
{  title: “can-haz-rest”,  links: [    {rel: “buy”,      link: “Product/1234/buy”    }  ]}<br />
Richardson RESTMaturity Model<br />Hypermedia<br />HTTP<br />URI<br />None<br />
It’s all about resources,<br />
Representations,<br />
And Hypermedia!<br />
It’s All About Resources, Representations, And Hypermedia!<br />
Application Lifecycle Design Entwicklung<br />BeratungProjekteSchulungen<br />Architektur SOA Cloud Computing<br />BalckeB...
Sergey Shishkin<br /><br /><br />@sshishkin<br />
Links & Credits<br />Richardson Maturity Model<br /><br />The...
Upcoming SlideShare
Loading in …5

REST - You're Doing It Wrong


Published on

Delivered during NRW Conf on 09.09.2011 in Wuppertal, Germany

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Why should we care about what REST really is?“Once upon a time, in the age of fairies and leprechauns, an ice-cream maker named Roy Fielding discovered a seed that people have been using in a remote land, called cacao. Keen on using that discovery, he mixed those seeds with sugar, milk, eggs, cream and sugar and got the inhabitants of his village to try it.Everybody was excited about this new ice-cream. They all knew the ingredients of course, and some of them were using it, but the mixing of all of them in one ice-cream was somewhat a revelation for many. Villagers became very fond of that new ice-cream, and Roy decided to call it chocolate ice-cream. For a long time, many people in Roy’s village consumed chocolate ice-cream, and all was good in the world. That village was named Web and declared chocolate ice-cream it’s local speciality.One day, a traveller from the village of Soap, that everybody was calling mister Sainsbury, came to the village of Web and saw how much people liked that chocolate ice-cream. You see, in the Soap village, the local dish was made of soap, and people didn’t like soap very much. He decided to bring back the idea in his own village.Sainsbury tried to reproduce an ice-cream people would like, and put milk, eggs and sugar, but because he didn’t know about cacao, he decided to use vanilla POD instead. And he got his fellow villagers to try the ice-cream, and they all liked the ice-cream very much, all all was good in the world. And it was named chocolate ice-cream.Mister Sainsbury knew that the rest of the country was still eating soap, and decided, as a good business man he was, that they should all enjoy his chocolate ice-cream. And as mister Sainsbury got so rich from selling soap before, he started promoting his new chocolate ice-cream in the whole country, and soon all were excited about eating chocolate ice-cream made of vanilla.One day, an engineer from the village of Wikipedia came to Web and asked for the national desert, the chocolate ice-cream. The villagers happily provided him with a wonderful cocoa-based chocolate ice-cream. When the engineer started eating it, he started screaming:Engineer - This is not chocolate ice-cream! It’s not even the right colour! Do you think I’m a fool?Roy – This is chocolate ice-cream. It has cacao in it, as it always had.Engineer – No nono! Chocolate ice-cream is made of vanilla! Everybody knows that!Roy – No, it’s made of chocolate, if you put vanilla in it it’s vanilla ice-cream, because there’s no chocolate in it?Engineer – You’re just an extremist, you’re trying to confuse us!Roy – …And that’s when the villagers of Web decided that it was time for them to travel the country, and explain to people the advantages of putting cacao in their chocolate ice-creams.”
  • REST is a set of underlying architectural constraints of the Web – the largest informational system ever built, yet simple and scalable.Fielding’s dissertation is a scientific paper and thus is not particularly easy to understand and start learning REST.We start with the goals of the web architecture, that REST constraints are aimed to lead to.Further we evaluate common techniques, used by so called (and often self-proclaimed) RESTful services, against contributing to those goals.The goals are:
  • Web applications are designed to be loose coupled.The web could not ever be deployed as a monolith system.The web is an ever-growing ecosystem of loosely coupled servers, clients and intermediaries.Servers go down, go up or get updated – web still works.
  • The Web have traded feature-richness for simplicity and uniformity.More intermediaries can implement simple and uniform protocol (HTTP) in order to provide features to servers and clients.
  • Web caching at the proxy-level is an example of a high performance achieved due to the web’s uniform interface.Stateless nature of HTTP makes it ultimately scalable as well.
  • Some don’t like chocolate ice-cream.Not everyone needs loose coupling and scalability taken to such an extreme.Not everyone has to build HTTP-based systems RESTful.Do whatever your system needs most. Just don’t call it REST if it’s not.
  • Which URI is (more?) RESTful?Many developers start designing web APIs with URLs and ask on forums “how to design RESTful URLs?”This question is nonsense.The Web treats URL opaque.Some websites use so called “hackable” or “guessable” URLs for SEO purposes and to allow users overcome some usability issues.“Hackable” URLs have nothing to do with REST.
  • Is it REST?No SOAP, no WSDL, no XML namespaces. It should be REST, right?
  • Is this REST?We got JSON. JSON is RESTful, right?
  • No. Previous examples tunnel requests through a single URL, burying business logic in the request body.From the web’s perspective these are not at all better than a good old WS-* SOAP service.We are still on the lowest level of the Richardson REST Maturity Model.We need resources in order to get a higher rank.
  • Now we have an awesome resource. Is it REST now?
  • The previous example did what is called “URL tunneling” – it passes all data, required for the request, in the URL.
  • This one still uses URL tunneling, but it more accurately chooses the HTTP method.
  • All the HTTP methods impose particular properties on requests, done with them.Idempotent requests can be retried any number of times and the result should always be as if the request have been handled once and only once.Safe requests should have no side effects that the client can be held accountable for.
  • Now we nicely defined a user resource and we care about HTTP methods.We GET the user, change his settings and PUT the whole user back.The intent was only to change the user settings, why do I have to PUT the whole user?Some try to solve this problem by standardizing a new HTTPPATCH method, although Web has been living without it all the time.
  • Resources != Objects, HTTP Methods!=Business Operations.If you find yourself missing domain-specific HTTP methods, think about your resources again.A URI identifies only one resource, but a resource can have more than one URI.
  • Sometimes people find themselves limited to do CRUD (Create Read Update Delete) APIs because of the limited set of HTTP methods.
  • Best example of CRUD is Excel: domain logic is in the user’s head!We want domain logic to be on the server. User should just navigate his way through the workflow.
  • A better approach would be to model user settings as a resource on its own.
  • Sometimes APIs are documented using URL templates.This hinders loose coupling.Only URI templates shared out of band are bad. User can safely discover a template by GETting a resource (like Open Search does).
  • Now we have resources,their URIs and we appreciate HTTP methods.Still we have a long way to go to be RESTful according to the Richardson REST Maturity Model.
  • When putting the API’s version number into the URL, we couple our clients to that particular version.There is no way we can build a future-proof client for that service.
  • A much better way of dealing with versions is an HTTP Accept Header.It can incorporate a version number for our specific media type.
  • The same is with languages.The only valid reason for that is if different languages discriminate unique resources.
  • HTTP supports Accept-Language Header for that.
  • If we stick with HTTP features instead of inventing the wheel on top of it, we arrive at the next level of the RRMM.
  • What is wrong with this?
  • Generic media types.Clients are tightly coupled to our API’s documentation in order to figure out how to handle the data.Otherwise it’s just an arbitrary JSON BLOB.
  • Messages should be self-descriptive.
  • Given we know that the media type describes a product.But we have no idea, what we can further do with it.We are again bound to the documentation.
  • A better way is to supply next options for that resource in its representation.This is exactly what the web applications do with anchors all the time.We can also use something like an Xform and specify the HTTP method along with required data.
  • After enabling hypermedia controls in our resources representations we finally achieve the top level of the RRMM.Now our RESTful application looks almost the same as any conventional website: navigate between resources, transitioning the business workflow from state to state. Much like an online shopping process.And there is nothing wrong with it. Websites are in fact RESTful applications.So why do we treat our APIs differently, designing them separately from the UI, putting them on a separate URL?Just provide computer-friendly representations to the resources you human users are already working with through the UI.
  • Recap of the presentation.
  • Recap of recap of the presentation.
  • People seem to learn better when they see the big picture, so here is one…
  • REST - You're Doing It Wrong

    1. 1. ReST<br />you’re doing it wrong!<br />Sergey ShishkinMT AG<br /><br />@sshishkin<br />
    2. 2. ReST<br />you’re doing it wrong!<br />Sergey ShishkinMT AG<br /><br />@sshishkin<br />
    3. 3. A Tale of an Ice-Cream Maker<br />by SebastienLambla<br />
    4. 4. Architecture<br />of the web<br />
    5. 5. Loose Coupling<br />
    6. 6. Simplicity,Uniformity<br />
    7. 7. Scalability,Performance<br />
    8. 8. You MightNot Need It<br />
    9. 9. Which URI is RESTful?<br />/products/books/can-haz-rest<br />/products ? title=can-haz-rest<br />/Y2FuLWhhei1yZXN0%3D<br />
    10. 10. POST /REST.svc<PlaceOrder> <Product> 1234 </Product> <Price> 19.90 </Price> <Qty> 2 </Qty></PlaceOrder><br />
    11. 11. POST /REST.svc{PlaceOrder: { Product: 1234, Price: 19.90, Quantity: 2 }}<br />
    12. 12. Richardson RESTMaturity Model<br />None<br />
    13. 13. GET /REST.svc ? op=PlaceOrder & product=1234 &qty=2<br />
    14. 14. URI Tunneling<br />
    15. 15. POST /Orders.svc ? product=1234 &qty=2<br />
    16. 16. GETidempotent,safe<br />POSTnon idempotent, unsafe<br />PUTidempotent, unsafe<br />DELETEidempotent, unsafe<br />HEADidempotent,safe<br />OPTIONSidempotent,safe<br />
    17. 17. GET /Users/1234…PUT /Users/1234{ login: bob, …userpic: {…}, settings: {…}}<br />
    18. 18. Resourcesare notEntities<br />
    19. 19. CRUD<br />
    20. 20. CRUD<br />
    21. 21. GET /Profile/SettingsPOST /Profile/SettingsPOST /Profile/Image<br />
    22. 22. URI Templates<br />/products/{id}<br />
    23. 23. Richardson RESTMaturity Model<br />URI<br />None<br />
    24. 24. Versioning<br />/api/v2<br />
    25. 25. GET /api<br />Accept: application/vnd.example+xml; version=2, application/xml<br />
    26. 26. Languages<br />/de/product/1234/product/1234 ? lang=fr<br />
    27. 27. GET /product/1234<br />Accept-Language: de<br />
    28. 28. Richardson RESTMaturity Model<br />HTTP<br />URI<br />None<br />
    29. 29. GET /Products/1234…Content-Type: application/json{ title: can-haz-rest, price: 19.99, …}<br />
    30. 30. Generic Media Types<br />
    31. 31. application/atom+xml;type=feed<br />application/vnd.example+json<br />
    32. 32. GET /Products/1234{ title: can-haz-rest, price: 19.99,}<br />And What Now?<br />
    33. 33. { title: “can-haz-rest”, links: [ {rel: “buy”, link: “Product/1234/buy” } ]}<br />
    34. 34. Richardson RESTMaturity Model<br />Hypermedia<br />HTTP<br />URI<br />None<br />
    35. 35. It’s all about resources,<br />
    36. 36. Representations,<br />
    37. 37. And Hypermedia!<br />
    38. 38. It’s All About Resources, Representations, And Hypermedia!<br />
    39. 39.
    40. 40. Application Lifecycle Design Entwicklung<br />BeratungProjekteSchulungen<br />Architektur SOA Cloud Computing<br />BalckeBalcke-Dürr-Allee 9, 40882 Ratingen<br />
    41. 41. Sergey Shishkin<br /><br /><br />@sshishkin<br />
    42. 42. Links & Credits<br />Richardson Maturity Model<br /><br />The Tale of the Ice-Cream Maker<br /><br />REST in Practice<br /><br />REST Content on InfoQ<br /><br />Images:<br />Web:<br />Mirrors:<br />Rope:<br />Soup:<br />Ice-cream van:<br />Ice-cream:<br />