This presentation will discuss how the Representational State Transfer (REST) architectural style can be applied to the design of your web services.
You will learn how to use HTTP methods and status codes properly and we will discuss how to use Hypermedia As The Engine Of Application State (HATEOAS). The principles of REST and HATEOAS will be demonstrated through the Atom Publishing Protocol (AtomPub) using the Google Data APIs and other AtomPub implementations as examples.
PHP 5.3 was released in 2009 and is the newest version of PHP. Bradley Holt will talk about the new features available including namespaces, closures (lamdba/anonymous functions), and late static binding. Learn how these new features might be useful to you and why the next major version of the big PHP frameworks will require PHP 5.3.
PHP 5.3 was released in 2009 and is the newest version of PHP. Bradley Holt will talk about the new features available including namespaces, closures (lamdba/anonymous functions), and late static binding. Learn how these new features might be useful to you and why the next major version of the big PHP frameworks will require PHP 5.3.
BUILDING MODERN PYTHON WEB FRAMEWORKS USING FLASK WITH NEIL GREYCodeCore
How to get up and running in minutes with the lean, scalable, and easy to maintain Python web framework, Flask. Attendees will get to see how Flask acts as the sturdy glue between your database framework, front-end templates and operating system. Keep an eye out for tips/tricks using SQLite, Jinja2, and Werkzeug.
Neil is a software developer with a background in 3D graphics programming and management information systems. Presently he's working with Image Engine on feature-film visual effects projects like Teenage Mutant Ninja Turtles, Elysium, Fast & Furious. He's also a co-founder of ComboMash Entertainment, an independent game studio based in Vancouver.
From Tek-X Cross Platform interoperability with PHP including history lesson, a bit about each category of operating systems, and gotchas related to PHP
This is the presentation from Null/OWASP/g4h December Bangalore MeetUp by Akash Mahajan.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Abstract:
This will cover the basics of Hyper Text Transfer Protocol. You will learn how to send HTTP requests like GET, POST by crafting them manually and using a command line tool like CURL. You will also see how session management using cookies happens using the same tools.
To practice along please install curl (http://curl.haxx.se/download.html).
BUILDING MODERN PYTHON WEB FRAMEWORKS USING FLASK WITH NEIL GREYCodeCore
How to get up and running in minutes with the lean, scalable, and easy to maintain Python web framework, Flask. Attendees will get to see how Flask acts as the sturdy glue between your database framework, front-end templates and operating system. Keep an eye out for tips/tricks using SQLite, Jinja2, and Werkzeug.
Neil is a software developer with a background in 3D graphics programming and management information systems. Presently he's working with Image Engine on feature-film visual effects projects like Teenage Mutant Ninja Turtles, Elysium, Fast & Furious. He's also a co-founder of ComboMash Entertainment, an independent game studio based in Vancouver.
From Tek-X Cross Platform interoperability with PHP including history lesson, a bit about each category of operating systems, and gotchas related to PHP
This is the presentation from Null/OWASP/g4h December Bangalore MeetUp by Akash Mahajan.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Abstract:
This will cover the basics of Hyper Text Transfer Protocol. You will learn how to send HTTP requests like GET, POST by crafting them manually and using a command line tool like CURL. You will also see how session management using cookies happens using the same tools.
To practice along please install curl (http://curl.haxx.se/download.html).
Slides for my talk about designing good (or just good enough) Web APIs - https://hryniewski.net/great-web-apis-learn-how-to-make-one-in-45-minutesor-so/
HTTP is the protocol of the web, and in this session we will look at HTTP from a web developer's perspective. We will cover resources, messages, cookies, and authentication protocols and we will see how the web scales to meet demand using cache headers. Armed with the fundamentals about HTTP, you will have the knowledge not only to build better Web/Mobile applications but also for consuming Web API.
Fulfilling the Hypermedia Constraint via HTTP OPTIONS, The HTTP Vocabulary In...ruyalarcon
WS-REST 2011.
Second International Workshop on RESTful Design.
Chairs: Cesare Pautasso, Erik Wilde, Rosa Alarcon.
<br>
Hypermedia and Model-Driven Development Session. Tomas Steiner and Jan Algermissen
Simple REST-API overview for developers. An newer version is here: https://www.slideshare.net/patricksavalle/super-simple-introduction-to-restapis-2nd-version-127968966
A RESTful Introduction will cover the basics of what REST means and takes advantage of. We will talk about status codes, verbs and APIs in general.
The presentation was held by Daniel Toader and Andrei Pirjoleanu from eMAG.
Domain-driven design is a collaborative process involving both domain experts and software practitioners that attempts to address issues of complexity in software. This process is described in the book Domain-Driven Design (Addison-Wesley 2004) written by Eric Evans. Domain-driven design starts with the assertion that (for almost all software) complexity is in the domain, not in the technology. Accordingly, we must let technology play a supporting role. Domain-driven design attempts to focus on and distill the core domain for a given project.
Philosopher and scientist Alfred Korzybski said, "The map is not the territory." As such, a person practicing domain-driven design does not attempt to model reality. Instead, domain experts and software practitioners use a mental model as a tool for solving problems within a given domain. The domain experts and software practitioners collaborate to explore and develop this model. No software of any reasonable scope has just one model. We will look at the concept of a bounded context within which each model can be isolated and explored. Within a bounded context, collaborators must speak a ubiquitous language in order to reason about and discuss the model.
We will also talk about domain-driven design's building block patterns including entities, value objects, aggregates, repositories, services, and domain events. We will look at domain-driven design practices including supple design, strategic design, and distillation of the core. We will see how test-driven development can be used as a means of exploring the model. Examples in PHP will be provided of the building block patterns as well as other techniques including closure of operations, intention revealing interfaces, side-effect free functions, and assertions.
Domain-driven design is a collaborative process involving both domain experts and software practitioners that attempts to address issues of complexity in software. This process is described in the book Domain-Driven Design written by Eric Evans. Domain-driven design starts with the assertion that complexity is in the domain, not in the technology. Accordingly, we must let technology play a supporting role.
A person practicing domain-driven design does not attempt to model reality. Instead, domain experts and software practitioners use a mental model as a tool for solving problems within a given domain. The domain experts and software practitioners collaborate to explore and develop this model. We will look at the concept of a bounded context within which models can be isolated and explored. We will talk about domain-driven design's building block patterns including entities, value objects, aggregates, repositories, services, and domain events. We will see how test-driven development can be used as a means of exploring the model.
Entity Relationships in a Document Database at CouchConf BostonBradley Holt
Unlike relational databases, document databases like CouchDB and Couchbase do not directly support entity relationships. This talk will explore patterns of modeling one-to-many and many-to-many entity relationships in a document database. These patterns include using an embedded JSON array, relating documents using identifiers, using a list of keys, and using relationship documents.
In this talk we'll see how to build CouchApps using CouchDB, Javascript, and HTML5. We'll look at related tools such as the couchapp command ine tool, the Evently jQuery plugin, the CouchDB API jQuery plugin, the CouchApp Loader, Pathbinder, and the Mustache templating framework.
Domain-driven design is a collaborative process involving both domain experts and software practitioners. This high-level overview takes a look at the driving principles behind domain-driven design. It also explores domain-driven design's building block patterns, supple design, strategic design, and distillation of the core.
CouchDB is a document-oriented database that uses JSON documents, has a RESTful HTTP API, and is queried using map/reduce views. Each of these properties alone, especially MapReduce views, may seem foreign to developers more familiar with relational databases. This tutorial will teach web developers the concepts they need to get started using CouchDB in their projects. Several CouchDB libraries are available for PHP and we will take a look at the more popular ones.
jQuery Conference Boston 2011 CouchAppsBradley Holt
CouchApps are web applications built using CouchDB, JavaScript, and HTML5. CouchDB is a document-oriented database that stores JSON documents, has a RESTful HTTP API, and is queried using MapReduce views. This talk will answer your fundamental questions about CouchDB and will cover the basics of building CouchApps using jQuery and various jQuery plugins.
CouchApps are web applications built using CouchDB, JavaScript, and HTML5. CouchDB is a document-oriented database that stores JSON documents, has a RESTful HTTP API, and is queried using map/reduce views. This talk will answer your basic questions about CouchDB, but will focus on building CouchApps and related tools.
CouchDB is a document-oriented database that uses JSON documents, has a RESTful HTTP API, and is queried using map/reduce views. Each of these properties alone, especially MapReduce views, may seem foreign to developers more familiar with relational databases. This tutorial will teach web developers the concepts they need to get started using CouchDB in their projects. CouchDB’s RESTful HTTP API makes it suitable for interfacing with any programming language. CouchDB libraries are available for many programming languages and we will take a look at some of the more popular ones.
This is a presentation made at the Burlington, Vermont PHP Users Group about configuring load balancing using the Apache HTTP Server. Load balancing is a technique that can distribute work across multiple server nodes—here we will discuss load balancing HTTP (i.e. web) traffic. There are many software and hardware load balancing options available including HAProxy, Varnish, Pound, Perlbal, Squid, nginx, and Linux-HA (High-Availability Linux) on Linux Standard Base (LSB). However, many web developers are already familiar with Apache as a web server and it is relatively easy to also configure Apache as a load balancer.
Related concepts such as shared nothing architecture are discussed. We also take a look at some basic load balancing scenarios and features including sticky sessions and proxying requests based on HTTP method. Distributed load testing with Tsung is briefly discussed as well.
This is a presentation on CouchDB that I gave at the New York PHP User Group. I talked about the basics of CouchDB, its JSON documents, its RESTful API, writing and querying MapReduce views, using CouchDB from within PHP, and scaling.
This is a "PHP 201" presentation that was given at the December 2010 Burlington, Vermont PHP Users group meeting. Going beyond the basics, this presentation covered working with arrays, functions, and objects.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. This presentation will discuss how the Representational State
Transfer (REST) architectural style can be applied to the design
of your web services.
You will learn how to use HTTP methods and status codes
properly and we will discuss how to use Hypermedia As The
Engine Of Application State (HATEOAS).
The principles of REST and HATEOAS will be demonstrated
through the Atom Publishing Protocol (AtomPub) using the
Google Data APIs and other AtomPub implementations as
examples.
3. HTTP
"Hypertext Transfer Protocol (HTTP) is an
application-level protocol for distributed,
collaborative, hypermedia information systems. Its
use for retrieving inter-linked resources led to the
establishment of the World Wide Web."[1]
7. Limited Vocabulary
There are only 8 methods: HEAD, GET, POST, PUT,
DELETE, TRACE, OPTIONS, CONNECT (we're only
going to talk about 4 of them); but you get to de ne
your own resources.[2]
8. REST Architecture
• HTTP is just one (very popular) instance of the REST
architecture.
• You can use HTTP correctly and not be RESTful and you
can use REST without HTTP.
• REST is about de ning a uniform interface.
Example of a non-RESTful standard based on HTTP:
• WebDAV
9. What Makes a Service RESTful?
If the HTTP method doesn’t match the method
information, the service isn’t RESTful. If the scoping
information isn’t in the URI, the service isn’t
resource-oriented. These aren’t the only
requirements, but they’re good rules of thumb.
From RESTful Web Services[3]
10. HTTP Methods
How are you manipulating a resource?
We’ll cover four of the eight methods...
11. GET
• GET a representation of a resources.
• Safe: Can't hold the user responsible for side-effects.
• Idempotent: N > 0 identical requests are each the same
as a single request.
• Cacheable.
Example:
GET /people HTTP/1.1
Note that the HTTP request and response examples in this
presentation are meant to be illustrative and are not
always complete. Some HTTP headers may be missing.
12. More on Safety
A hit counter is generally "safe". Yes, it changes state
but the user is not held accountable for that state
transition.
Deleting something is not safe: you've held the user
accountable. For example, Google Web Accelerator
(cache pre-fetching) broke 37signals' Backpack web
application because they were using GET to delete
information[4].
13. POST
• POST a new representation of a resource.
• New resource is subordinate to the requested resource.
• Not safe.
• Not idempotent.
• Can be cached only through the Cache-Control or
Expires header elds.
Example:
POST /people HTTP/1.1
Content-Type: application/x-www-form-urlencoded
fn=Bradley+Holt&url=http%3A%2F%2Fbradley-holt.blogspot.com%2F
14. PUT
• PUT a modi ed representation of a resource.
• Not safe.
• Idempotent: PUTting the same thing multiple times is
the same as doing it once.
• Responses are not cacheable.
Example:
PUT /people/bradley-holt HTTP/1.1
Content-Type: application/x-www-form-urlencoded
fn=Bradley+Holt&url=http%3A%2F%2Fbradley-holt.blogspot.com%2F
15. DELETE
• DELETE a resource.
• Not safe.
• Idempotent. Deleting something multiple times is the
same as doing it once.
• Responses are not cacheable.
Example:
DELETE /people/bradley-holt HTTP/1.1
26. 405 Method Not Allowed
Request:
POST /people/bradley-holt HTTP/1.1
Response:
HTTP/1.1 405 Method Not Allowed
Allow: GET, PUT, DELETE
27. 409 Con ict
Request:
PUT /people/bradley-holt HTTP/1.1
Content-Type: application/x-www-form-urlencoded
fn=Bradley+Holt&url=http%3A%2F%www.foundline.com%2F&revision=5
Response:
HTTP/1.1 409 Conflict
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Conflict</title>
</head>
<body>
<p>You are editing revision 5 and the latest revision number is 6.</p>
</body>
</html>
28. 418 I’m A Teapot
According to the Hyper Text Coffee Pot
Control Protocol (HTCPCP/1.0)[6]:
Any attempt to brew coffee with a teapot should result
in the error code "418 I'm a teapot". The resulting entity
body MAY be short and stout.
Clipped photo by revolution cycle / CC BY 2.0
http://www. ickr.com/photos/11795120@N06/3832234809/
29. 500 Internal Server Error
Request:
GET /people/bradley-holt HTTP/1.1
Response:
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Internal Server Error</title>
</head>
<body>
<p>Oops, someone broke the application.</p>
</body>
</html>
30. 503 Service Unavailable
Request:
GET /people/bradley-holt HTTP/1.1
Response:
HTTP/1.1 503 Service Unavailable
Retry-After: 120
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Service Unavailable</title>
</head>
<body>
<p>Try again in two minutes.</p>
</body>
</html>
32. Uniform Interface
• URI identi es the resource.
• HTTP method says how we're manipulating the
resource.
• Entity-header elds and entity-body[7] represent the
resource.
• Requests and responses are self-descriptive and
stateless.
33. Hypermedia As The Engine Of
Application State (HATEOAS)
From Chapter 5 of the Fielding Dissertation[8]:
In order to obtain a uniform interface, multiple architectural constraints are
needed to guide the behavior of components. REST is de ned by four interface
constraints: identi cation of resources; manipulation of resources through
representations; self-descriptive messages; and, hypermedia as the engine of
application state.
34. State of What?
Wait, you just said requests and responses
are "stateless" and now you're talking about
application state?
35. Requests and Responses
• Each request and each response is, itself stateless
(forget about cookies for a minute).
• All relevant state information is included in the request
or response.
• Not just state, but state transitions can be part of a
request: POST, PUT and DELETE can change state on
the server.
36. Hypermedia
• XHTML
• HTML 5
• microformats
• RDFa
• URI Templates
• WADL
• Atom
37. Follow the Hyperlinks
• Link from current resource to another resource
• Form to nd resources (i.e. a "search" form)
• Form to manipulate resource's state
(via POST, PUT or DELETE)
39. AtomPub
• An actual protocol that is RESTful
• Uses XML document hypermedia formats to represent
entities
• Originally designed for publishing blogs
• Used as the base for many RESTful web services
including:
• Google Data APIs (GData)
• Amazon Simple Storage Service (Amazon S3)
• Windows Azure Platform
40. GET Atom Service
Document
Request:
GET / HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: application/atomsvc+xml
<?xml version="1.0" encoding="utf-8"?>
<service xmlns="http://www.w3.org/2007/app"
xmlns:atom="http://www.w3.org/2005/Atom">
<workspace>
<atom:title>Blog</atom:title>
<collection href="http://example.org/blog">
<atom:title>Blog Entries</atom:title>
</collection>
<collection href="http://example.org/media">
<atom:title>Media</atom:title>
<accept>image/png</accept>
<accept>image/jpeg</accept>
<accept>image/gif</accept>
</collection>
</workspace>
</service>
Note: Service Document tells us everything we need to know to get started (loose coupling). For example, it
tells us the URIs of the collections to GET or POST to. URIs are up to the server to decide and should be opaque
to the client.
41. GET Atom Collection
Document
Request:
GET /blog HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Blog Entries</title>
<link rel="self" href="http://example.org/blog"/>
<updated>2009-09-01T20:28:54Z</updated>
<id>urn:uuid:17040b30-9737-11de-8a39-0800200c9a66</id>
</feed>
42. POST Entry to Atom
Collection Document
Request:
POST /blog HTTP/1.1
Slug: =?utf-8?q?blog-entry?=
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>A Blog Entry</title>
<updated>2009-09-01T20:32:06Z</updated>
<summary>Summary of my blog entry...</summary>
</entry>
Response:
HTTP/1.1 201 Created
Location: /blog/blog-entry
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>A Blog Entry</title>
<link rel="edit" href="http://example.org/blog/blog-entry"/>
<id>urn:uuid:337f26a0-9737-11de-8a39-0800200c9a66</id>
<updated>2009-09-01T20:32:06Z</updated>
<summary>Summary of my blog entry...</summary>
</entry>
43. GET Atom Collection
Document (again)
Request:
GET /blog HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Blog Entries</title>
<link rel="self" href="http://example.org/blog"/>
<updated>2009-09-01T20:32:06Z</updated>
<id>urn:uuid:17040b30-9737-11de-8a39-0800200c9a66</id>
<entry>
<title>A Blog Entry</title>
<link rel="edit" href="http://example.org/blog/blog-entry"/>
<id>urn:uuid:337f26a0-9737-11de-8a39-0800200c9a66</id>
<updated>2009-09-01T20:32:06Z</updated>
<summary>Summary of my blog entry...</summary>
</entry>
</feed>
44. GET Atom Entry
Document
Request:
GET /blog/blog-entry HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>A Blog Entry</title>
<link rel="edit" href="http://example.org/blog/blog-entry"/>
<id>urn:uuid:337f26a0-9737-11de-8a39-0800200c9a66</id>
<updated>2009-09-01T20:32:06Z</updated>
<summary>Summary of my blog entry...</summary>
</entry>
45. PUT Atom Entry
Document
Request:
PUT /blog/blog-entry HTTP/1.1
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>A Blog Entry</title>
<updated>2009-09-01T20:34:51Z</updated>
<summary>Updated summary...</summary>
</entry>
Response:
HTTP/1.1 200 OK
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>A Blog Entry</title>
<link rel="edit" href="http://example.org/blog/blog-entry"/>
<id>urn:uuid:337f26a0-9737-11de-8a39-0800200c9a66</id>
<updated>2009-09-01T20:34:51Z</updated>
<summary>Updated summary...</summary>
</entry>
46. POST Atom Media Entry
Document
Request:
POST /media HTTP/1.1
Slug: =?utf-8?q?vacation-photo?=
Content-Type: image/png
...binary data...
Response:
HTTP/1.1 201 Created
Location: /media/vacation-photo.png
Content-Type: application/atom+xml
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>vacation-photo</title>
<link rel="edit-media" href="http://example.org/media/vacation-photo.png"/>
<link rel="edit" href="http://example.org/media/vacation-photo"/>
<id>urn:uuid:00518590-973f-11de-8a39-0800200c9a66</id>
<updated>2009-09-01T20:37:18Z</updated>
</entry>
Note:
• edit-media URI represents the actual media
• edit URI represents the media entry (Atom Entry)
47. DELETE Atom Entry
Document
Request:
DELETE /blog/blog-entry HTTP/1.1
Response:
HTTP/1.1 200 OK
48. Google Calendar API
The Google Calendar Data API allows client
applications to view and update calendar events in
the form of Google Data API feeds.
Your client application can use the Calendar Data
API to create new events, edit or delete existing
events, and query for events that match particular
criteria.
From the Developer's Guide[9]
52. Cache-Control
• Allows client and server to control caching of resource.
• An example of why URIs are important (cache only applies
to a given URI).
• Reduces latency.
• Reduces network traffic.
• Cached by: browser, proxy, gateway.
Request:
GET /people/bradley-holt HTTP/1.1
Cache-Control: max-age=1800
Response:
HTTP/1.1 200 OK
Content-Type: text/html
Cache-Control: max-age=3600
...HTML data...
53. Conditional GET
• An entity tag (ETag) allows for a conditional GET.
• An example of why URIs are important (conditional GET
only applies to a given URI).
• Reduces latency.
• Reduces network traffic.
54. Conditional GET (continued)
Request:
GET /people/bradley-holt HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/html
ETag: 6f6327696a7c8c6e7e
...HTML data...
Request:
GET /people/bradley-holt HTTP/1.1
If-None-Match: 6f6327696a7c8c6e7e
Response:
HTTP/1.1 304 Not Modified
55. Content Negotiation
• Different representations of a resource served by the same
URI.
Request HTML:
GET /people/bradley-holt HTTP/1.1
Accept: text/html
Response:
HTTP/1.1 200 OK
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Bradley Holt</title>
</head>
<body>
<div class="vcard">
<a class="url fn" href="http://bradley-holt.blogspot.com/">Bradley Holt</a>
</div>
</body>
</html>
58. REST is Not...
• XML/JSON over HTTP
• Flickr API
• Twitter API
• If it says, "REST API" there's a good chance it isn't RESTful.
59. Trade-Offs
• No ne-grained function/method calling: course-grained
representation exchange instead.
• Uniform interface and loose coupling over efficiency.
60. Credits
Author: Bradley Holt
Technical Review: Josh Sled
Layout & Design: Jason Pelletier
Photo: Revolution Cycle, Solar Powered Tea Pot, http://www. ickr.com/photos/11795120@N06/3832234809/
This presentation licensed under Creative Commons -- Attribution 3.0 United States License.
[1]: Hypertext Transfer Protocol. (2009, August 25). In Wikipedia, The Free Encyclopedia. Retrieved August 25, 2009, from
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
[2]: HTTP/1.1: Method De nitions. (n.d.). Retrieved August 26, 2009, from World Wide Web Consortium - Web Standards:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
[3]: Richardson, L., & Ruby, S. (2007). RESTful Web Services. Sebastopol, CA: O’Reilly Media, Inc.
[4]: Google Web Accelerator: Hey, not so fast - an alert for web app designers. (2005, May 6). Retrieved September 8, 2009, from Signal
vs. Noise: http://37signals.com/svn/archives2/google_web_accelerator_hey_not_so_fast_an_alert_for_web_app_designers.php
[5]: HTTP/1.1: Status Code De nitions. (n.d.). Retrieved August 27, 2009, from World Wide Web Consortium - Web Standards:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
[6]: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) (1998, April 1). Retrieved August 31, 2009, from The Internet Engineering Task
Force (IETF): http://www.ietf.org/rfc/rfc2324.txt
[7]: HTTP/1.1: Entity (n.d.). Retrieved September 1, 2009, from World Wide Web Consortium - Web Standards: http://www.w3.org/
Protocols/rfc2616/rfc2616-sec7.html
[8]: Fielding Dissertation: CHAPTER 5: Representational State Transfer (REST) (2000). Retrieved September 1, 2009, from Architectural
Styles and the Design of Network-based Software Architectures: http://www.ics.uci.edu/~ elding/pubs/dissertation/
rest_arch_style.htm#sec_5_1_5
[9]: Developer's Guide - Google Calendar APIs and Tools (n.d.). Retrieved September 1, 2009, from Google Data APIs:
http://code.google.com/apis/calendar/docs/2.0/developers_guide.html