SlideShare a Scribd company logo

Designing Practical RESTful APIs

Hiroshi Ogino
Hiroshi Ogino

This document discusses designing practical RESTful APIs. It begins with an overview of REST principles including being resource-oriented, having a uniform interface, and being stateless. It then asks three questions about practical API design: 1) How to design an endpoint for a user to access their own information, concluding endpoints should not allow guessing others' resources and sessions can be used for specific purposes. 2) How to design agreeing to terms of service, concluding to maximize resource representation and make endpoints semantic. 3) How to design a purchase sequence, concluding to establish confirmation phases and intentionally use sessions to prevent duplicates. The document provides examples and discussions for each question to learn how to design practical yet useful APIs.

Software
1 of 63
Download to read offline
Designing Practical RESTful APIs
Who am I? • Hiroshi Ogino • web developer • home-based worker • founder of @yurufuwarb
Agenda • What is REST? • How should we design practical APIs? • Conclusion
Agenda • What is REST? • How should we design practical APIs? • Conclusion
REST • REpresentational State Transfer • Architecture style, where data and functionality are accessed as URIs • Simple, Lightweight, and Fast
3 Essential points
REST • Resource-Oriented • Uniform Interface • Stateless
Resource-Oriented • Addressable, Indexable • Resources are identified as Uniform Resource Identifiers (URIs) • Connectedness • Resources should link together in their representation
The world is filled with a lot of resources
https://xxx/truck https://yyy/car They are Identified by URI https://zzz/windmill
REST • Resource-Oriented • Uniform Interface • Stateless
HTTP METHODS Uniform Resource Locator (URL) GET PUT PATCH POST DELETE Collection https://api.xxx/items List details of the collection Replace the entire collection with another one Not generally used Create a new entry in the collection Delete a entire collection Element https://api.xxx/items/12 Retrieve a representation of the member of the collection Replace the member of the collection, or Create it if it does not exist Update the member of the collection Not generally used Delete the member of the collection
REST • Resource-Oriented • Uniform Interface • Stateless
Hi, for here or to go? For here. STATEFUL
What can I get you? Can I have two cheeseburgers and one order of fries? STATEFUL
What size fries would you like? Small. STATEFUL
Would you like anything to drink? I’ll have coke. STATEFUL
Would you like anything else? No, I’m good. STATEFUL
STATEFUL • Cashier remembers your past orders • You only have to put your latest order
Hi, for here or to go? For here. STATELESS
What can I get you? For here. Can I have two cheeseburgers and one order of fries? STATELESS
What size fries would you like? For here. Can I have two cheeseburgers and one order of fries? Small. STATELESS
Would you like anything to drink? For here. Can I have two cheeseburgers and one order of fries? Small. I’ll have coke. STATELESS
STATELESS • Cashier DOES NOT remember your past orders • You have to put orders including past orders
STATELESS • Cashier DOES NOT remember your past orders • You have to put orders including past orders What good will come of it? 🤔
STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out
STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out • Nowadays … • LB can dispatch the same server which is scaled out • scaled out servers can share the same session store (RDS, Redis, …) It’s no longer a big deal!
Agenda • What is REST? • How should we design practical APIs? • Conclusion
PRACTICAL … ?
Practical • Dictionary says • involving activity rather than study or theory • likely to be successful or useful
Practical SHU-HA-RI is a Japanese martial art concept, and describes the stage of learning to mastery
Practical Repeat the forms and discipline ourselves to absorb the forms and to find the values lurking behind them SHU → obey, protect
Practical Based on the fundamentals learned with break the forms and make innovation HA → detach ,
Practical Completely depart from the forms, act in accordance with what we want RI → leave
Practical Find the key to PRACTICAL hiding around here
Practical • Dictionary says • involving activity rather than study or theory • likely to be successful or useful • MAY NOT OBEY all constraints of the REST architecture style • BREAK theory now and then for a specific purpose • FOCUS ON successful / useful
3 Questions Reaching Practical Design
Q.1 How should we design the ENDPOINT to get our own information?
GET /customers/:id From GET method, easy to expect retrieving the customer information from customers table while requesting Anyone CAN GUESS other’s endpoints
GET /me or /mypage From GET method, easy to expect retrieving my information from customers table while requesting Anyone CAN NOT GUESS other’s endpoints
However, we need to store customer_id in a session to identify the customer and it makes this endpoint STATEFUL … is it okay? 🤔 GET /me or /mypage
STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out • Nowadays … • LB can dispatch the same server which is scaled out • scaled out servers can share the same session store (RDS, Redis, …) It’s no longer a big deal!
REMAINS scalable even if we store customer_id in a session Caution: we should not manage long-life objects in a session because it may deprive the independency of each request GET /me or /mypage
Learned from Q.1 • SHOULD NOT allow anyone to guess the other’s endpoints if the resources of the endpoint are serious information • CAN use a session for a specific purpose
Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
This resource CAN NOT represent updating Terms of Service This resource CAN NOT manage enforced datetime id int nickname string : agreement booleancustomers ADD agreement column to customers table
This resource CAN represent updating Terms of Service This resource CAN manage enforced datetime ● enforced date is managed by version column ● enforced datetime is managed by start_at column CREATE terms / terms_agreement tables customers term_agreements terms id int version string start_at datetime : id int customer_id int term_id int :
Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
:version is enforced date (ex. /terms/20180515/agreements) clear to agree with which version of terms From POST method, easy to expect inserting a new term agreement record while requesting POST /terms/:version/agreements
Learned from Q.2 • SHOULD maximize representation of a resource • SHOULD make an Endpoint semantic
Q.3 How should we design the SEQUENCE in which customers buy something in an application?
Back-end ServerCustomer https://api.example.com/items Network (1) SEARCH Back-end ServerCustomer Network (2) CONFIRM Back-end ServerCustomer Network (3) PURCHASE https://api.example.com/items/order? confirm=true https://api.example.com/items/order
Customer STORE purchase data CONFIRM Network Back-end Server Session Store COMPLETE confirmation PURCHASE VALIDATE purchase data DELETE purchase data PROCESS purchase COMPLETE purchase - (2) CONFIRM - (3) PURCHASE
Customer STORE purchase data CONFIRM Network Back-end Server Session Store PURCHASE VALIDATE purchase data DELETE purchase data PROCESS purchase - PREVENT duplicated requests COMPLETE confirmation COMPLETE purchase
Learned from Q.3 • SHOULD establish a confirmation phase to operate significant action, such as a purchase • MUST use a session intentionally to prevent duplicated requests
Agenda • What is REST? • How should we design practical APIs? • Conclusion
Learned from Q.1 • SHOULD NOT allow anyone to guess the other’s endpoints if the resources of the endpoint are serious information • CAN use a session for a specific purpose
Learned from Q.2 • SHOULD maximize representation of a resource • SHOULD make an Endpoint semantic
Learned from Q.3 • SHOULD establish a confirmation phase to operate significant action, such as a purchase • MUST use a session intentionally to prevent duplicated requests
Thank you

Recommended

Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
Overview of REST - Raihan Ullah
Overview of REST - Raihan UllahOverview of REST - Raihan Ullah
Overview of REST - Raihan Ullah
Cefalo
 
Recipes for API Ninjas
Recipes for API NinjasRecipes for API Ninjas
Recipes for API Ninjas
Nordic APIs
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Tom Hofte
 
Why do they call it Linked Data when they want to say...?
Why do they call it Linked Data when they want to say...?Why do they call it Linked Data when they want to say...?
Why do they call it Linked Data when they want to say...?
Oscar Corcho
 
Using Redis Streams To Build Event Driven Microservices And User Interface In...
Using Redis Streams To Build Event Driven Microservices And User Interface In...Using Redis Streams To Build Event Driven Microservices And User Interface In...
Using Redis Streams To Build Event Driven Microservices And User Interface In...
Redis Labs
 

Recommended

Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
Overview of REST - Raihan Ullah
Overview of REST - Raihan UllahOverview of REST - Raihan Ullah
Overview of REST - Raihan Ullah
Cefalo
 
Recipes for API Ninjas
Recipes for API NinjasRecipes for API Ninjas
Recipes for API Ninjas
Nordic APIs
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Mind The Gap - Mapping a domain model to a RESTful API - OReilly SACon 2018, ...
Tom Hofte
 
Why do they call it Linked Data when they want to say...?
Why do they call it Linked Data when they want to say...?Why do they call it Linked Data when they want to say...?
Why do they call it Linked Data when they want to say...?
Oscar Corcho
 
Using Redis Streams To Build Event Driven Microservices And User Interface In...
Using Redis Streams To Build Event Driven Microservices And User Interface In...Using Redis Streams To Build Event Driven Microservices And User Interface In...
Using Redis Streams To Build Event Driven Microservices And User Interface In...
Redis Labs
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
Katy Slemon
 
Building the Eventbrite API Ecosystem
Building the Eventbrite API EcosystemBuilding the Eventbrite API Ecosystem
Building the Eventbrite API Ecosystem
Mitch Colleran
 
Enterprise REST
Enterprise RESTEnterprise REST
Enterprise REST
Ganesh Prasad
 
REST-API's for architects and managers
REST-API's for architects and managersREST-API's for architects and managers
REST-API's for architects and managers
Patrick Savalle
 
Restful web-services
Restful web-servicesRestful web-services
Restful web-services
rporwal
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
OPEN KNOWLEDGE GmbH
 
Web Services
Web ServicesWeb Services
Web Services
Krish
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias
 
Creating Sustainable Website Processes
Creating Sustainable Website ProcessesCreating Sustainable Website Processes
Creating Sustainable Website Processes
Natalie Semczuk
 
Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API" Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API"
Fwdays
 
Together Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with HypermediaTogether Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with Hypermedia
Vladimir Tsukur
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
kunal vishe
 
Cqrs api
Cqrs apiCqrs api
Cqrs api
Brandon Mueller
 
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Akana
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
Shekhar Kumar
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
Anna Brzezińska
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIs
amesar0
 
REST and RESTful Services
REST and RESTful ServicesREST and RESTful Services
REST and RESTful Services
Damian T. Gordon
 
DataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best PracticesDataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best Practices
Jeff Zabel
 
ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介
Hiroshi Ogino
 
レッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rbレッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rb
Hiroshi Ogino
 

More Related Content

Similar to Designing Practical RESTful APIs

Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
Katy Slemon
 
Building the Eventbrite API Ecosystem
Building the Eventbrite API EcosystemBuilding the Eventbrite API Ecosystem
Building the Eventbrite API Ecosystem
Mitch Colleran
 
Enterprise REST
Enterprise RESTEnterprise REST
Enterprise REST
Ganesh Prasad
 
REST-API's for architects and managers
REST-API's for architects and managersREST-API's for architects and managers
REST-API's for architects and managers
Patrick Savalle
 
Restful web-services
Restful web-servicesRestful web-services
Restful web-services
rporwal
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
OPEN KNOWLEDGE GmbH
 
Web Services
Web ServicesWeb Services
Web Services
Krish
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias
 
Creating Sustainable Website Processes
Creating Sustainable Website ProcessesCreating Sustainable Website Processes
Creating Sustainable Website Processes
Natalie Semczuk
 
Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API" Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API"
Fwdays
 
Together Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with HypermediaTogether Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with Hypermedia
Vladimir Tsukur
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
kunal vishe
 
Cqrs api
Cqrs apiCqrs api
Cqrs api
Brandon Mueller
 
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Akana
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
Shekhar Kumar
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
Anna Brzezińska
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIs
amesar0
 
REST and RESTful Services
REST and RESTful ServicesREST and RESTful Services
REST and RESTful Services
Damian T. Gordon
 
DataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best PracticesDataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best Practices
Jeff Zabel
 

Similar to Designing Practical RESTful APIs (20)

Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
 
Building the Eventbrite API Ecosystem
Building the Eventbrite API EcosystemBuilding the Eventbrite API Ecosystem
Building the Eventbrite API Ecosystem
 
Enterprise REST
Enterprise RESTEnterprise REST
Enterprise REST
 
REST-API's for architects and managers
REST-API's for architects and managersREST-API's for architects and managers
REST-API's for architects and managers
 
Restful web-services
Restful web-servicesRestful web-services
Restful web-services
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
 
Web Services
Web ServicesWeb Services
Web Services
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
 
Creating Sustainable Website Processes
Creating Sustainable Website ProcessesCreating Sustainable Website Processes
Creating Sustainable Website Processes
 
Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API" Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API"
 
Together Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with HypermediaTogether Cheerfully to Walk with Hypermedia
Together Cheerfully to Walk with Hypermedia
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
 
Cqrs api
Cqrs apiCqrs api
Cqrs api
 
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIs
 
REST and RESTful Services
REST and RESTful ServicesREST and RESTful Services
REST and RESTful Services
 
DataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best PracticesDataHero / Eventbrite - API Best Practices
DataHero / Eventbrite - API Best Practices
 

More from Hiroshi Ogino

ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介
Hiroshi Ogino
 
レッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rbレッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rb
Hiroshi Ogino
 
今すぐAWSが使いたくなる話
今すぐAWSが使いたくなる話今すぐAWSが使いたくなる話
今すぐAWSが使いたくなる話
Hiroshi Ogino
 
"地方エンジニア" という考え方はすでに終わっている
"地方エンジニア" という考え方はすでに終わっている"地方エンジニア" という考え方はすでに終わっている
"地方エンジニア" という考え方はすでに終わっている
Hiroshi Ogino
 
信頼される仕事
信頼される仕事信頼される仕事
信頼される仕事Hiroshi Ogino
 
ビジネスモデルキャンバス素振り会
ビジネスモデルキャンバス素振り会ビジネスモデルキャンバス素振り会
ビジネスモデルキャンバス素振り会Hiroshi Ogino
 
Agile japan 2013 四国サテライト(LT)
Agile japan 2013 四国サテライト(LT)Agile japan 2013 四国サテライト(LT)
Agile japan 2013 四国サテライト(LT)Hiroshi Ogino
 
「正しいアジャイル」でなくてもいい
「正しいアジャイル」でなくてもいい「正しいアジャイル」でなくてもいい
「正しいアジャイル」でなくてもいいHiroshi Ogino
 
仲間になろう!~ We are the World ~
仲間になろう!~ We are the World ~仲間になろう!~ We are the World ~
仲間になろう!~ We are the World ~Hiroshi Ogino
 
エンジニアがとるべき8つの行動
エンジニアがとるべき8つの行動エンジニアがとるべき8つの行動
エンジニアがとるべき8つの行動Hiroshi Ogino
 

More from Hiroshi Ogino (10)

ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介ハートレイルズ流リモートワークのご紹介
ハートレイルズ流リモートワークのご紹介
 
レッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rbレッツゴーゆるふわ.Rb
レッツゴーゆるふわ.Rb
 
今すぐAWSが使いたくなる話
今すぐAWSが使いたくなる話今すぐAWSが使いたくなる話
今すぐAWSが使いたくなる話
 
"地方エンジニア" という考え方はすでに終わっている
"地方エンジニア" という考え方はすでに終わっている"地方エンジニア" という考え方はすでに終わっている
"地方エンジニア" という考え方はすでに終わっている
 
信頼される仕事
信頼される仕事信頼される仕事
信頼される仕事
 
ビジネスモデルキャンバス素振り会
ビジネスモデルキャンバス素振り会ビジネスモデルキャンバス素振り会
ビジネスモデルキャンバス素振り会
 
Agile japan 2013 四国サテライト(LT)
Agile japan 2013 四国サテライト(LT)Agile japan 2013 四国サテライト(LT)
Agile japan 2013 四国サテライト(LT)
 
「正しいアジャイル」でなくてもいい
「正しいアジャイル」でなくてもいい「正しいアジャイル」でなくてもいい
「正しいアジャイル」でなくてもいい
 
仲間になろう!~ We are the World ~
仲間になろう!~ We are the World ~仲間になろう!~ We are the World ~
仲間になろう!~ We are the World ~
 
エンジニアがとるべき8つの行動
エンジニアがとるべき8つの行動エンジニアがとるべき8つの行動
エンジニアがとるべき8つの行動
 

Recently uploaded

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 

Recently uploaded (20)

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 

Designing Practical RESTful APIs

  • 2. Who am I? • Hiroshi Ogino • web developer • home-based worker • founder of @yurufuwarb
  • 3. Agenda • What is REST? • How should we design practical APIs? • Conclusion
  • 4. Agenda • What is REST? • How should we design practical APIs? • Conclusion
  • 5. REST • REpresentational State Transfer • Architecture style, where data and functionality are accessed as URIs • Simple, Lightweight, and Fast
  • 7. REST • Resource-Oriented • Uniform Interface • Stateless
  • 8. Resource-Oriented • Addressable, Indexable • Resources are identified as Uniform Resource Identifiers (URIs) • Connectedness • Resources should link together in their representation
  • 9.
  • 10. The world is filled with a lot of resources
  • 12. REST • Resource-Oriented • Uniform Interface • Stateless
  • 13. HTTP METHODS Uniform Resource Locator (URL) GET PUT PATCH POST DELETE Collection https://api.xxx/items List details of the collection Replace the entire collection with another one Not generally used Create a new entry in the collection Delete a entire collection Element https://api.xxx/items/12 Retrieve a representation of the member of the collection Replace the member of the collection, or Create it if it does not exist Update the member of the collection Not generally used Delete the member of the collection
  • 14. REST • Resource-Oriented • Uniform Interface • Stateless
  • 15.
  • 16. Hi, for here or to go? For here. STATEFUL
  • 17. What can I get you? Can I have two cheeseburgers and one order of fries? STATEFUL
  • 18. What size fries would you like? Small. STATEFUL
  • 19. Would you like anything to drink? I’ll have coke. STATEFUL
  • 20. Would you like anything else? No, I’m good. STATEFUL
  • 21. STATEFUL • Cashier remembers your past orders • You only have to put your latest order
  • 22. Hi, for here or to go? For here. STATELESS
  • 23. What can I get you? For here. Can I have two cheeseburgers and one order of fries? STATELESS
  • 24. What size fries would you like? For here. Can I have two cheeseburgers and one order of fries? Small. STATELESS
  • 25. Would you like anything to drink? For here. Can I have two cheeseburgers and one order of fries? Small. I’ll have coke. STATELESS
  • 26. STATELESS • Cashier DOES NOT remember your past orders • You have to put orders including past orders
  • 27. STATELESS • Cashier DOES NOT remember your past orders • You have to put orders including past orders What good will come of it? 🤔
  • 28. STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out
  • 29. STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out • Nowadays … • LB can dispatch the same server which is scaled out • scaled out servers can share the same session store (RDS, Redis, …) It’s no longer a big deal!
  • 30. Agenda • What is REST? • How should we design practical APIs? • Conclusion
  • 32. Practical • Dictionary says • involving activity rather than study or theory • likely to be successful or useful
  • 33. Practical SHU-HA-RI is a Japanese martial art concept, and describes the stage of learning to mastery
  • 34. Practical Repeat the forms and discipline ourselves to absorb the forms and to find the values lurking behind them SHU → obey, protect
  • 35. Practical Based on the fundamentals learned with break the forms and make innovation HA → detach ,
  • 36. Practical Completely depart from the forms, act in accordance with what we want RI → leave
  • 37. Practical Find the key to PRACTICAL hiding around here
  • 38. Practical • Dictionary says • involving activity rather than study or theory • likely to be successful or useful • MAY NOT OBEY all constraints of the REST architecture style • BREAK theory now and then for a specific purpose • FOCUS ON successful / useful
  • 40. Q.1 How should we design the ENDPOINT to get our own information?
  • 41. GET /customers/:id From GET method, easy to expect retrieving the customer information from customers table while requesting Anyone CAN GUESS other’s endpoints
  • 42. GET /me or /mypage From GET method, easy to expect retrieving my information from customers table while requesting Anyone CAN NOT GUESS other’s endpoints
  • 43. However, we need to store customer_id in a session to identify the customer and it makes this endpoint STATEFUL … is it okay? 🤔 GET /me or /mypage
  • 44. STATELESS • It was said that the main advantage of STATELESS was SCALABILITY in the past • It was believed that STATEFUL COULD NOT scale out • Nowadays … • LB can dispatch the same server which is scaled out • scaled out servers can share the same session store (RDS, Redis, …) It’s no longer a big deal!
  • 45. REMAINS scalable even if we store customer_id in a session Caution: we should not manage long-life objects in a session because it may deprive the independency of each request GET /me or /mypage
  • 46. Learned from Q.1 • SHOULD NOT allow anyone to guess the other’s endpoints if the resources of the endpoint are serious information • CAN use a session for a specific purpose
  • 47. Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
  • 48. Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
  • 49. This resource CAN NOT represent updating Terms of Service This resource CAN NOT manage enforced datetime id int nickname string : agreement booleancustomers ADD agreement column to customers table
  • 50. This resource CAN represent updating Terms of Service This resource CAN manage enforced datetime ● enforced date is managed by version column ● enforced datetime is managed by start_at column CREATE terms / terms_agreement tables customers term_agreements terms id int version string start_at datetime : id int customer_id int term_id int :
  • 51. Q.2 How should we design the RESOURCE and the ENDPOINT that allow customers to agree with the Terms of Service?
  • 52. :version is enforced date (ex. /terms/20180515/agreements) clear to agree with which version of terms From POST method, easy to expect inserting a new term agreement record while requesting POST /terms/:version/agreements
  • 53. Learned from Q.2 • SHOULD maximize representation of a resource • SHOULD make an Endpoint semantic
  • 54. Q.3 How should we design the SEQUENCE in which customers buy something in an application?
  • 55. Back-end ServerCustomer https://api.example.com/items Network (1) SEARCH Back-end ServerCustomer Network (2) CONFIRM Back-end ServerCustomer Network (3) PURCHASE https://api.example.com/items/order? confirm=true https://api.example.com/items/order
  • 56. Customer STORE purchase data CONFIRM Network Back-end Server Session Store COMPLETE confirmation PURCHASE VALIDATE purchase data DELETE purchase data PROCESS purchase COMPLETE purchase - (2) CONFIRM - (3) PURCHASE
  • 57. Customer STORE purchase data CONFIRM Network Back-end Server Session Store PURCHASE VALIDATE purchase data DELETE purchase data PROCESS purchase - PREVENT duplicated requests COMPLETE confirmation COMPLETE purchase
  • 58. Learned from Q.3 • SHOULD establish a confirmation phase to operate significant action, such as a purchase • MUST use a session intentionally to prevent duplicated requests
  • 59. Agenda • What is REST? • How should we design practical APIs? • Conclusion
  • 60. Learned from Q.1 • SHOULD NOT allow anyone to guess the other’s endpoints if the resources of the endpoint are serious information • CAN use a session for a specific purpose
  • 61. Learned from Q.2 • SHOULD maximize representation of a resource • SHOULD make an Endpoint semantic
  • 62. Learned from Q.3 • SHOULD establish a confirmation phase to operate significant action, such as a purchase • MUST use a session intentionally to prevent duplicated requests