THE GLORY OF REST
THEORY
Source: www.redorbit.com
WEB SERVICEA web service is an abstraction layer, like anoperating system API or a programminglanguage library.
RPC-STYLE ARCHITECTURESenvelope full of dataHTTP and SOAP are envelope formatsRPC-Style service defines its own vocabulary...
RESTful - different URIs for different valuesRPC-style - URI (service endpoint) for something that can beprocessed as a co...
REST-RPC HYBRID ARCHITECTURESWeb service between the RESTful webservices and the purely RPC-style services
FEW REST-RPC EXAMPLESTheThe "REST"Many other allegedly RESTful web servicesMost web applicationsdel.icio.us APIFlickr web ...
SOAP AS A COMPETITOR TO RESTThe primary competitors to RESTfularchitectures are RPC architectures, notspecific technologie...
RICHARDSON MATURITY MODELSource: http://martinfowler.com
LEVEL 0 - THE SWAMP OF POXHTTP POST for all interactions
LEVEL 1 - RESOURCESDistinct URL per object
LEVEL 2 - HTTP VERBSRather than doing RPC style methods, weleverage HTTP
LEVEL 3 - HYPERMEDIA CONTROLSSelf-describing API
SO WHAT IS THIS RESTTHING?REST simply dictates that a given resource have a uniqueaddress.You can interact with that addre...
STATE ANDSTATELESSNESS
TWO TYPES OF STATE:1. application state - live on the client2. resource state - live on the server
Resource state stays on the server and is only sent to theclient in the form of representations.Application state stays on...
This is where the name "Representational State Transfer"comes from.
ETAGSETags are used to compare entities from thesame resource. By supplying an entity tagvalue in a conditional request he...
RESOURCE-ORIENTEDBASICSdifferent audienceeverything (interesting) thing represent as a resourcerepresentation of resources...
THE GENERIC ROA PROCEDURE1. Figure out the data set2. Split the data set into resourcesFor each kind of resource:3. Name t...
ADDRESSABILITYREPRESENTATIONS SHOULD BE ADDRESSABLE
CONNECTEDNESS
UNIFORM INTERFACE
GET, PUT, AND DELETE
POST
HEAD AND OPTIONSRetrieve a metadata-only representation: HTTP HEADCheck which HTTP methods a particular resourcesupports: ...
PUT VERSUS POST
OVERLOADING POSTThe real information may be in the URI, theHTTP headers, or the entity-body. However ithappens, an element...
SAFETY ANDIDEMPOTENCEWhen correctly used, GET and HEADrequests are safe. GET, HEAD, PUT andDELETE requests are idempotent.
URI DESINGURIs are supposed to designate resources, notoperations on the resources.
MethodMethod URI TemplateURI Template Equivalent RPCEquivalent RPCOperationOperationPUT users/{username} createUserAccount...
Use commas when the order of the items matters, as itdoes in latitude and longitude: /earth/37.0,-95.2Use semicolons when ...
REPRESENTATIONSRepresentations should be human-readable,but computer-oriented
SERVICE VERSIONINGEven a well-connected service might need tobe versioned
SECURITYHMAC"Authorization: AWS " + AWSAccessKeyId+ ":" +base64(hmac-sha1(VERB + "n" +CONTENT-MD5 + "n" +CONTENT-TYPE + "n...
JSON OR XML
JSON
If all you want to pass around are atomicvalues or lists or hashes of atomic values,JSON has many of the advantages of XML...
If you’re writing JavaScript in a web browser,JSON is a natural fit. The XML APIs in thebrowser are comparitively clumsy a...
One line of argument for JSON over XML issimplicity. If you mean it’s simpler to have asingle data interchange format inst...
XML
XML deals remarkably well with the fullrichness of unstructured data. I’m not worriedabout the future of XML at all even i...
I look forward to seeing what the JSON folksdo when they are asked to develop richerAPIs. When they want to exchange less ...
I predict there will come a day when someonewants to federate JSON data across severalapplication domains. I wonder, when ...
JSON AND HYPERMEDIAHAL Media TypesHAL and LinksHAL and ResourcesHAL Embedded Resources
ERROR HANDLINGWHY STATUS CODES AREN’T ENOUGH?
A status code simply isn’t enough information most of thetime. Yes, you want to define standard status codes so thatyour c...
SOURCESRESTful Web ServicesMicrosoft REST SpecAmazons HMAC-SHAHTTP Method DefinitionsJSON and REST presentationHAL Specifi...
THE ENDSławomir Chrobak /Link to presentation:@schrobakhttp://schrobak.github.io/slides/tgor
The Glory of Rest
The Glory of Rest
Upcoming SlideShare
Loading in …5
×

The Glory of Rest

399 views

Published on

In company presentation about REST and ROA technologies.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
399
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

The Glory of Rest

  1. 1. THE GLORY OF REST
  2. 2. THEORY
  3. 3. Source: www.redorbit.com
  4. 4. WEB SERVICEA web service is an abstraction layer, like anoperating system API or a programminglanguage library.
  5. 5. RPC-STYLE ARCHITECTURESenvelope full of dataHTTP and SOAP are envelope formatsRPC-Style service defines its own vocabularyRESTful WS share standard HTTP methods vocabularyREST Uniform Interface
  6. 6. RESTful - different URIs for different valuesRPC-style - URI (service endpoint) for something that can beprocessed as a command
  7. 7. REST-RPC HYBRID ARCHITECTURESWeb service between the RESTful webservices and the purely RPC-style services
  8. 8. FEW REST-RPC EXAMPLESTheThe "REST"Many other allegedly RESTful web servicesMost web applicationsdel.icio.us APIFlickr web API
  9. 9. SOAP AS A COMPETITOR TO RESTThe primary competitors to RESTfularchitectures are RPC architectures, notspecific technologies like SOAP.
  10. 10. RICHARDSON MATURITY MODELSource: http://martinfowler.com
  11. 11. LEVEL 0 - THE SWAMP OF POXHTTP POST for all interactions
  12. 12. LEVEL 1 - RESOURCESDistinct URL per object
  13. 13. LEVEL 2 - HTTP VERBSRather than doing RPC style methods, weleverage HTTP
  14. 14. LEVEL 3 - HYPERMEDIA CONTROLSSelf-describing API
  15. 15. SO WHAT IS THIS RESTTHING?REST simply dictates that a given resource have a uniqueaddress.You can interact with that address with standard HTTP verbs.
  16. 16. STATE ANDSTATELESSNESS
  17. 17. TWO TYPES OF STATE:1. application state - live on the client2. resource state - live on the server
  18. 18. Resource state stays on the server and is only sent to theclient in the form of representations.Application state stays on the client until it can be used tocreate, modify, or delete a resource. Then its sent to theserver as part of POST, PUT, or DELETE request, andbecomes resource state.RESTful service is "stateless" if the server never stores anyapplication state.
  19. 19. This is where the name "Representational State Transfer"comes from.
  20. 20. ETAGSETags are used to compare entities from thesame resource. By supplying an entity tagvalue in a conditional request header.
  21. 21. RESOURCE-ORIENTEDBASICSdifferent audienceeverything (interesting) thing represent as a resourcerepresentation of resourcesverbs, auxiliaries, complexity
  22. 22. THE GENERIC ROA PROCEDURE1. Figure out the data set2. Split the data set into resourcesFor each kind of resource:3. Name the resources with URIs4. Expose a subset of the uniform interface5. Design the representation(s) accepted from the client6. Design the representation(s) served to the client7. Integrate this resource into existing resources, using hypermedia linksand forms8. Consider the typical course of events: what’s supposed to happen?Standard control flows like the Atom Publishing Protocol can help.9. Consider error conditions: what might go wrong? Again, standard controlflows can help.
  23. 23. ADDRESSABILITYREPRESENTATIONS SHOULD BE ADDRESSABLE
  24. 24. CONNECTEDNESS
  25. 25. UNIFORM INTERFACE
  26. 26. GET, PUT, AND DELETE
  27. 27. POST
  28. 28. HEAD AND OPTIONSRetrieve a metadata-only representation: HTTP HEADCheck which HTTP methods a particular resourcesupports: HTTP OPTIONS
  29. 29. PUT VERSUS POST
  30. 30. OVERLOADING POSTThe real information may be in the URI, theHTTP headers, or the entity-body. However ithappens, an element of the RPC style hascrept into the service.
  31. 31. SAFETY ANDIDEMPOTENCEWhen correctly used, GET and HEADrequests are safe. GET, HEAD, PUT andDELETE requests are idempotent.
  32. 32. URI DESINGURIs are supposed to designate resources, notoperations on the resources.
  33. 33. MethodMethod URI TemplateURI Template Equivalent RPCEquivalent RPCOperationOperationPUT users/{username} createUserAccountGET users/{username} getUserAccountPUT users/{username} updateUserAccountDELETE users/{username} deleteUserAccountGET users/{username}/profile getUserProfilePOST users/{username}/bookmarks createBookmarkPUT users/{username}/bookmarks/{id} updateBookmarkDELETE users/{username}/bookmarks/{id} deleteBookmarkGET users/{username}/bookmarks/{id} getBookmarkGET users/{username}/bookmarks?tag={tag}getUserBookmarksGET {username}?tag={tag} getUserPublicBookmarksGET ?tag={tag} getPublicBookmarks
  34. 34. Use commas when the order of the items matters, as itdoes in latitude and longitude: /earth/37.0,-95.2Use semicolons when the order doesn’t matter: /color-blends/red;blueWhen designing URIs, use path variables to separateelements of a hierarchy, or a path through a directed graph.Use query variables only to suggest arguments beingplugged into an algorithm, or when the other twotechniques fail.
  35. 35. REPRESENTATIONSRepresentations should be human-readable,but computer-oriented
  36. 36. SERVICE VERSIONINGEven a well-connected service might need tobe versioned
  37. 37. SECURITYHMAC"Authorization: AWS " + AWSAccessKeyId+ ":" +base64(hmac-sha1(VERB + "n" +CONTENT-MD5 + "n" +CONTENT-TYPE + "n" +DATE + "n" +CanonicalizedAmzHeaders + "n" +CanonicalizedResource))Authorization: AWS 44CF9590006BF252F707:jZNOcbfWmD/A/f3hSvVzXZjM2HU=
  38. 38. JSON OR XML
  39. 39. JSON
  40. 40. If all you want to pass around are atomicvalues or lists or hashes of atomic values,JSON has many of the advantages of XML: it’sstraightforwardly usable over the Internet,supports a wide variety of applications, it’seasy to write programs to process JSON, ithas few optional features, it’s human-legibleand reasonably clear, its design is formal andconcise, JSON documents are easy to create,and it uses Unicode.
  41. 41. If you’re writing JavaScript in a web browser,JSON is a natural fit. The XML APIs in thebrowser are comparitively clumsy and thenatural mapping from JavaScript objects toJSON eliminates the serialization issues thatarise if you’re careless with XML.
  42. 42. One line of argument for JSON over XML issimplicity. If you mean it’s simpler to have asingle data interchange format instead of two,that’s incontrovertibly the case. If you meanJSON is intrinsically simpler than XML, well,I’m not sure that’s so obvious. For bundles ofatomic values, it’s a little simpler. And theJavaScript APIs are definitely simpler. But I’veseen attempts to represent mixed content inJSON and simple they aren’t.
  43. 43. XML
  44. 44. XML deals remarkably well with the fullrichness of unstructured data. I’m not worriedabout the future of XML at all even if its deathis gleefully celebrated by a cadre of web APIdesigners.
  45. 45. I look forward to seeing what the JSON folksdo when they are asked to develop richerAPIs. When they want to exchange less wellstrucured data, will they shoehorn it intoJSON? I see occasional mentions of a schemalanguage for JSON, will other languagesfollow?
  46. 46. I predict there will come a day when someonewants to federate JSON data across severalapplication domains. I wonder, when theydiscover that the key "width" means differentthings to different constituencies, will theyinvent namespaces too?
  47. 47. JSON AND HYPERMEDIAHAL Media TypesHAL and LinksHAL and ResourcesHAL Embedded Resources
  48. 48. ERROR HANDLINGWHY STATUS CODES AREN’T ENOUGH?
  49. 49. A status code simply isn’t enough information most of thetime. Yes, you want to define standard status codes so thatyour clients can perform reasonable branching, but you alsoneed a way to communicate details to the end-user, so thatthey can log the information for themselves, displayinformation to their own end-users, and/or report it back toyou so you can do something to resolve the situation.
  50. 50. SOURCESRESTful Web ServicesMicrosoft REST SpecAmazons HMAC-SHAHTTP Method DefinitionsJSON and REST presentationHAL Specification
  51. 51. THE ENDSławomir Chrobak /Link to presentation:@schrobakhttp://schrobak.github.io/slides/tgor

×