Gabor Torok, profile picture
Uploaded byGabor Torok
PPTX, PDF1,246 views

Rest in practice

This document provides an overview of REST and best practices for REST API design. It discusses the core principles of REST, Richardson Maturity Model for REST API design, and examples demonstrating the different levels. It also covers Java support for REST APIs using JAX-RS and Spring frameworks. The document recommends practices like using plural nouns for resources and HTTP status codes for errors. It provides contact information for the author, Gábor Török, an experienced Solutions Architect.

Embed presentation

Downloaded 21 times
GET Gábor Török @ EPAM/Szeged
 Introduction, overview  Best practices  Java support
 Roy T Fielding, PhD dissertation, 2000  Main characteristics ◦ Client-server ◦ Stateless ◦ Caching ◦ Layered architecture ◦ Code on demand ◦ URIs
Richardson’s Maturity Model Image courtesy of Martin Fowler
 Plain Old XML (over HTTP)  One URI, one method
POST /appointmentService HTTP/1.1 <openSlotRequest date="2010-01-04" doctor="mjones"/>
Level 0: POX response HTTP/1.1 200 OK <openSlotList> <slot start="1400" end="1450"> <doctor id="mjones"/> </slot> <slot start="1600" end="1650"> <doctor id="mjones"/> </slot> </openSlotList>
POST /appointmentService HTTP/1.1 <appointmentRequest> <slot doctor="mjones" start="1400" end="1450"/> <patient id="jsmith"/> </appointmentRequest>
Level 0: POX response HTTP/1.1 200 OK <appointment> <slot doctor="mjones" start="1400" end="1450"/> <patient id="jsmith"/> </appointment>
Many URIs, one method
POST /doctors/mjones HTTP/1.1 <openSlotRequest date="2010-01-04"/>
Level 1: Resources response HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones" start="1400" end="1450"/> <slot id="5678" doctor="mjones" start="1600" end="1650"/> </openSlotList>
POST /slots/1234 HTTP/1.1 <appointmentRequest> <patient id="jsmith"/> </appointmentRequest>
Level 1: Resources response HTTP/1.1 200 OK <appointment id="2468"> <slot id="1234" doctor="mjones" start="1400" end="1450”/> <patient id="jsmith"/> </appointment>
 Many URIs, many (HTTP) methods  This is what most call REST  Best practices follow
GET /doctors/mjones/slots?date=20100104&s tatus=open HTTP/1.1
Level 2: Verbs response HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones" start="1400" end="1450"/> <slot id="5678" doctor="mjones" start="1600" end="1650"/> </openSlotList>
POST /slots/1234 HTTP/1.1 <appointmentRequest> <patient id="jsmith"/> </appointmentRequest>
Level 2: Verbs response HTTP/1.1 200 OK <appointment id="2468"> <slot id="1234" doctor="mjones" start="1400" end="1450”/> <patient id="jsmith"/> </appointment>
W3: „Cool URIs don’t change” vs Roy Fielding: „A REST API must not define fixed resource names or hierarchies”  HATEOAS & self-descriptive messages  Problems: people’s awareness, tools
Level 3: Hypermedia response HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones” start="1400" end="1450"> <link rel="/linkrels/slot/book" uri="/slots/1234"/> </slot> … </openSlotList>
Level 3: Hypermedia response HTTP/1.1 201 Created Location: http://.../slots/1234/appointment <appointment> <slot id="1234" …/> <patient id="jsmith"/> <link rel="/linkrels/appointment/cancel" uri="/slots/1234/appointment"/> <link rel="self" uri="/slots/1234/appointment"/> </appointment>
Solves interop problems WSDL contract Strong typing Client- and server bindings Operations (i.e. verbs) WS-* support (Security, GETing/POSTing an XML AtomicTransaction, etc.) Many proxies block PUT Non-intuitive Level 0
 Resources vs actions getTickets vs /tickets getMusemTickets vs /tickets?type=museum
Plural + ID CRUD-style operations Concrete not abstract names Resource GET POST PUT DELETE /tickets List tickets Create a Bulk update Delete all new ticket tickets /tickets/123 Get the Error Update a Delete a details of given ticket given ticket one ticket
 http://api.company.com/cafe/v1  Major rev only  Numbers, not nicknames, dates, etc.
 HTTP status codes 200 403 500 503 204 200 400 201 400 500 404 405 401  Short description  Pointer to more information
HTTP Status Code: 401 { "status" : "401", "message":"Authenticate", "code": 12345, "more info": http://developers.company.com/docs/er rors/12345 }
 Ways to differentiate: /tickets/123.json /tickets/123?format=json Accept: application/json  Bonus: application/company.v1+json
 Pagination: /tickets?offset=50&limit=25  Partial response: /tickets?fields=date,location  Use defaults (documentation!)
 Session management – REST is stateless  Caching – it’s very much encouraged!  What if nouns are not appropriate – use verbs
 Security – preferred is OAuth, lot of Basic/Digest over HTTPS in practice  Subdomains: ◦ api ◦ developers for SDK  Clean REST
 JSR 311: Java API for RESTful Web Services  Annotation-driven @GET, @Path, @PathParam, @Consumes  Implementations Jersey, Restlet, RESTeasy, Apache CXF  Jax-rs-hateoas
jax-rs example.java
 Spring MVC application essentially  Annotation-driven + XML configuration @RequestMapping et al. + view resolvers, message converters, et al.  spring-hateoas
spring mvc example.java
 CRUD for JPA-entities using REST semantics  @RestResource  Pagination and sorting support  spring-hateoas
spring data rest.java
 Roy Fielding’s dissertation  REST in Practice from O’Reilly  Apigee blog & video tutorials  Articles, forums
 Levels of REST – REST ≠ CRUD  Consistent view of best practices  Java support
 Has been in the industry since late ’90s  Has been @EPAM since 2009, acted as a Dev Lead/PM, now Solutions Architect  Has mobile + enterprise background gabor.i.torok@gmail.com
Rest in practice

More Related Content

PDF
Owasp eee 2015 csrf
byAurelijus Stanislovaitis
 
PPTX
Приложения для Windows Phone: как мы это делаем #codefest
byActis Wunderman
 
PPT
Blog de pol
bypolpoma
 
PPSX
Com es comenta un text històric
byCarmen Barrero
 
PDF
The balancing act
byValerieb64
 
PPTX
(แก้)บุคลสำคัญของบางกอก
bynearary
 
PPTX
บุคคลสำคัญของบางกอก
bynearary
 
PPSX
Mosaic romà
byCarmen Barrero
 
Owasp eee 2015 csrf
byAurelijus Stanislovaitis
 
Приложения для Windows Phone: как мы это делаем #codefest
byActis Wunderman
 
Blog de pol
bypolpoma
 
Com es comenta un text històric
byCarmen Barrero
 
The balancing act
byValerieb64
 
(แก้)บุคลสำคัญของบางกอก
bynearary
 
บุคคลสำคัญของบางกอก
bynearary
 
Mosaic romà
byCarmen Barrero
 

Viewers also liked

PPTX
Daron malakian
byBayron Valencia
 
PPTX
Creative Marketing
byChena Tucker
 
PPTX
Как выгодно продать интерактивное агентство (РИФ+КИБ 2010)
byActis Wunderman
 
PPTX
Nokia Metallica Quest 2010 (кейс)
byActis Wunderman
 
PPTX
Pinterest Presentation for Small Businesses
byChena Tucker
 
PPT
VinaWealth Stock Investing Basics
byThai Nguyen
 
PPTX
5 Ways to Spring Clean Your Credit Report
byChena Tucker
 
PPTX
A Marketing Fable
byActis Wunderman
 
PDF
아이들을 위한 공공지원 사업 계획안
by종원 윤
 
PPT
Blog de pol
bypolpoma
 
PPT
Blog de pol
bypolpoma
 
PPT
Blog de pol
bypolpoma
 
PPTX
Организация social media отдела в крупном агентстве #nastachku
byActis Wunderman
 
PDF
Mental health
byValerieb64
 
PPTX
บุคคลสำคัญของบางกอก
bynearary
 
PPTX
บุคคลสำคัญของบางกอก
bynearary
 
Daron malakian
byBayron Valencia
 
Creative Marketing
byChena Tucker
 
Как выгодно продать интерактивное агентство (РИФ+КИБ 2010)
byActis Wunderman
 
Nokia Metallica Quest 2010 (кейс)
byActis Wunderman
 
Pinterest Presentation for Small Businesses
byChena Tucker
 
VinaWealth Stock Investing Basics
byThai Nguyen
 
5 Ways to Spring Clean Your Credit Report
byChena Tucker
 
A Marketing Fable
byActis Wunderman
 
아이들을 위한 공공지원 사업 계획안
by종원 윤
 
Blog de pol
bypolpoma
 
Blog de pol
bypolpoma
 
Blog de pol
bypolpoma
 
Организация social media отдела в крупном агентстве #nastachku
byActis Wunderman
 
Mental health
byValerieb64
 
บุคคลสำคัญของบางกอก
bynearary
 
บุคคลสำคัญของบางกอก
bynearary
 

Similar to Rest in practice

PPTX
ASP.NET WEB API
byThang Chung
 
PDF
Rest web services
byPaulo Gandra de Sousa
 
PPTX
rest-api-basics.pptx
byFikiRieza2
 
PPTX
Rest Webservice
byViyaan Jhiingade
 
PPTX
RESTful Web Services
byMartin Necasky
 
PDF
Web 7 | HTTP Request and Response
byMohammad Imam Hossain
 
PDF
wsadddddddddddddddddeb-servsdddddddddddaaaaaaaice.pdf
byPrincessMonicaCostel
 
PPTX
About REST. Архитектурные семинары Softengi
bySoftengi
 
PPT
RESTful SOA - 中科院暑期讲座
byLi Yi
 
PPTX
RESTful Web Services
byGordon Dickens
 
PPTX
Creating Truly RESTful APIs
byDomenic Denicola
 
PPTX
Restful web services
bySurinder Mehra
 
PPTX
REST Api Tips and Tricks
byMaksym Bruner
 
PPTX
REST Methodologies
byjrodbx
 
PPTX
Rest WebAPI with OData
byMahek Merchant
 
PPTX
A Deep Dive into RESTful API Design Part 2
byVivekKrishna34
 
PPTX
Real world RESTful service development problems and solutions
byBhakti Mehta
 
PPTX
Rest APIs Training
byShekhar Kumar
 
PDF
REST Api with Asp Core
byIrina Scurtu
 
PDF
What is REST?
bySaeid Zebardast
 
ASP.NET WEB API
byThang Chung
 
Rest web services
byPaulo Gandra de Sousa
 
rest-api-basics.pptx
byFikiRieza2
 
Rest Webservice
byViyaan Jhiingade
 
RESTful Web Services
byMartin Necasky
 
Web 7 | HTTP Request and Response
byMohammad Imam Hossain
 
wsadddddddddddddddddeb-servsdddddddddddaaaaaaaice.pdf
byPrincessMonicaCostel
 
About REST. Архитектурные семинары Softengi
bySoftengi
 
RESTful SOA - 中科院暑期讲座
byLi Yi
 
RESTful Web Services
byGordon Dickens
 
Creating Truly RESTful APIs
byDomenic Denicola
 
Restful web services
bySurinder Mehra
 
REST Api Tips and Tricks
byMaksym Bruner
 
REST Methodologies
byjrodbx
 
Rest WebAPI with OData
byMahek Merchant
 
A Deep Dive into RESTful API Design Part 2
byVivekKrishna34
 
Real world RESTful service development problems and solutions
byBhakti Mehta
 
Rest APIs Training
byShekhar Kumar
 
REST Api with Asp Core
byIrina Scurtu
 
What is REST?
bySaeid Zebardast
 

Recently uploaded

PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 

Rest in practice

  • 1.
  • 2.
    Introduction, overview  Best practices  Java support
  • 4.
    Roy T Fielding, PhD dissertation, 2000  Main characteristics ◦ Client-server ◦ Stateless ◦ Caching ◦ Layered architecture ◦ Code on demand ◦ URIs
  • 5.
    Richardson’s Maturity Model Image courtesy of Martin Fowler
  • 6.
    Plain Old XML (over HTTP)  One URI, one method
  • 7.
    POST /appointmentService HTTP/1.1 <openSlotRequestdate="2010-01-04" doctor="mjones"/>
  • 8.
    Level 0: POXresponse HTTP/1.1 200 OK <openSlotList> <slot start="1400" end="1450"> <doctor id="mjones"/> </slot> <slot start="1600" end="1650"> <doctor id="mjones"/> </slot> </openSlotList>
  • 9.
    POST /appointmentService HTTP/1.1 <appointmentRequest> <slot doctor="mjones" start="1400" end="1450"/> <patient id="jsmith"/> </appointmentRequest>
  • 10.
    Level 0: POXresponse HTTP/1.1 200 OK <appointment> <slot doctor="mjones" start="1400" end="1450"/> <patient id="jsmith"/> </appointment>
  • 11.
  • 12.
  • 13.
    Level 1: Resourcesresponse HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones" start="1400" end="1450"/> <slot id="5678" doctor="mjones" start="1600" end="1650"/> </openSlotList>
  • 14.
    POST /slots/1234 HTTP/1.1 <appointmentRequest> <patient id="jsmith"/> </appointmentRequest>
  • 15.
    Level 1: Resourcesresponse HTTP/1.1 200 OK <appointment id="2468"> <slot id="1234" doctor="mjones" start="1400" end="1450”/> <patient id="jsmith"/> </appointment>
  • 16.
    Many URIs, many (HTTP) methods  This is what most call REST  Best practices follow
  • 17.
  • 18.
    Level 2: Verbsresponse HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones" start="1400" end="1450"/> <slot id="5678" doctor="mjones" start="1600" end="1650"/> </openSlotList>
  • 19.
    POST /slots/1234 HTTP/1.1 <appointmentRequest> <patient id="jsmith"/> </appointmentRequest>
  • 20.
    Level 2: Verbsresponse HTTP/1.1 200 OK <appointment id="2468"> <slot id="1234" doctor="mjones" start="1400" end="1450”/> <patient id="jsmith"/> </appointment>
  • 21.
    W3: „Cool URIsdon’t change” vs Roy Fielding: „A REST API must not define fixed resource names or hierarchies”  HATEOAS & self-descriptive messages  Problems: people’s awareness, tools
  • 22.
    Level 3: Hypermediaresponse HTTP/1.1 200 OK <openSlotList> <slot id="1234" doctor="mjones” start="1400" end="1450"> <link rel="/linkrels/slot/book" uri="/slots/1234"/> </slot> … </openSlotList>
  • 23.
    Level 3: Hypermediaresponse HTTP/1.1 201 Created Location: http://.../slots/1234/appointment <appointment> <slot id="1234" …/> <patient id="jsmith"/> <link rel="/linkrels/appointment/cancel" uri="/slots/1234/appointment"/> <link rel="self" uri="/slots/1234/appointment"/> </appointment>
  • 24.
    Solves interop problems WSDL contract Strong typing Client- and server bindings Operations (i.e. verbs) WS-* support (Security, GETing/POSTing an XML AtomicTransaction, etc.) Many proxies block PUT Non-intuitive Level 0
  • 26.
    Resources vs actions getTickets vs /tickets getMusemTickets vs /tickets?type=museum
  • 27.
    Plural + ID CRUD-styleoperations Concrete not abstract names Resource GET POST PUT DELETE /tickets List tickets Create a Bulk update Delete all new ticket tickets /tickets/123 Get the Error Update a Delete a details of given ticket given ticket one ticket
  • 28.
    http://api.company.com/cafe/v1  Major rev only  Numbers, not nicknames, dates, etc.
  • 29.
    HTTP status codes 200 403 500 503 204 200 400 201 400 500 404 405 401  Short description  Pointer to more information
  • 30.
    HTTP Status Code:401 { "status" : "401", "message":"Authenticate", "code": 12345, "more info": http://developers.company.com/docs/er rors/12345 }
  • 31.
    Ways to differentiate: /tickets/123.json /tickets/123?format=json Accept: application/json  Bonus: application/company.v1+json
  • 32.
    Pagination: /tickets?offset=50&limit=25  Partial response: /tickets?fields=date,location  Use defaults (documentation!)
  • 33.
    Session management – REST is stateless  Caching – it’s very much encouraged!  What if nouns are not appropriate – use verbs
  • 34.
    Security – preferred is OAuth, lot of Basic/Digest over HTTPS in practice  Subdomains: ◦ api ◦ developers for SDK  Clean REST
  • 36.
    JSR 311: Java API for RESTful Web Services  Annotation-driven @GET, @Path, @PathParam, @Consumes  Implementations Jersey, Restlet, RESTeasy, Apache CXF  Jax-rs-hateoas
  • 37.
  • 38.
    Spring MVC application essentially  Annotation-driven + XML configuration @RequestMapping et al. + view resolvers, message converters, et al.  spring-hateoas
  • 39.
  • 40.
    CRUD for JPA-entities using REST semantics  @RestResource  Pagination and sorting support  spring-hateoas
  • 41.
  • 43.
    Roy Fielding’s dissertation  REST in Practice from O’Reilly  Apigee blog & video tutorials  Articles, forums
  • 44.
    Levels of REST – REST ≠ CRUD  Consistent view of best practices  Java support
  • 45.
    Has been in the industry since late ’90s  Has been @EPAM since 2009, acted as a Dev Lead/PM, now Solutions Architect  Has mobile + enterprise background gabor.i.torok@gmail.com

Editor's Notes

  • #5 Roy Fielding &amp; hisdissertationOne of theprincipalauthorsof HTTP specCo-founder of Apache HTTP server projectWasheavilyinvolvedin HTML and URIsDissertationNo mention of CRUD or POSTLater Fielding saysinhisblogthateven HTTP itself is not a mandatory part of REST (but URI is)HATEOAS is more importantthan CRUD (hypertextdrivesappstatechanges; contentnegotiation)Layeredsystem: gateways, loadbalancers, firewalls, sharedcaches, etc.
  • #6 Per Roy F: fromlevel 0-2 it’s not REST, 3 IS REST … thetermREST has beenmostlycoupledwithCRUD-likeaccesstodomainobjects0 – URI tunneling:oneURI, one HTTP method POST to a single URI, allattributesasparameter  lookslike SOAP w/o envelope  part of the Web, limited use of availablefeaturesFirewallfriendly (HTTP)Lackssophistication1 – resources … manyURIs, one HTTP method  lots of thought-to-be-RESTfulservices  stilltoocomplex2 – verbs … manyURIs, many HTTP methods  verynice, butstill limited to CRUD scenariosonly3 – hypermedia  resourcesdescribetheirowncapabilities and interconnections  it’s like a HTML pagefromwhereyoucan go vialinks  inadditiontolinks, it’s alsoaboutcontentnegotiation – own (MIME) types, dynamicdiscoveryLevel 1 tackles the question of handling complexity by using divide and conquer, breaking a large service endpoint down into multiple resources.Level 2 introduces a standard set of verbs so that we handle similar situations in the same way, removing unnecessary variation.Level 3 introduces discoverability, providing a way of making a protocol more self-documenting.
  • #7 Itcan be anythingelsethan XML, really (JSON, YAML, etc)RPC-stylesolutionBasicallylike SOAP
  • #22 PronounciationHate o’sHateyo’ assHate eeohsExamples:Get the second 50 items from 500, we may get a link back to the first 50 as well as the thirdWe get the resource data along with possible actions we may take upon it  these actions may depend on my authority (authorization)http://www.soatothecloud.com/2012/04/api-gateway-support-for-hateoas-first.html  great JSON example + mention of Gateway APIhttp://timelessrepo.com/haters-gonna-hateoas  good XML example  link tonew comment, commentstoblogentry + toselfproblems that it solves- w3c: coolurisdon’t change  http://www.w3.org/Provider/Style/URI.htmlREST calls return with content in a requested format  these formats have their media types with hints (links) as to what clients can do with the resource  application state may change while „jumping” from one resource to another  self-descriptive messagesREST APIs require the user to know that fixed URL structure (i.e. conventions)  client rewrite is needed when API changesWith SOAP clients figure out what they can do with a given resource from the WSDL  client-side (SOAP) vs server-side (HATEOAS)  fixed vs dynamicproblems that it causesMany applications simply map their backend (DB) object to HTTP (api)  resources != domain objects  resources == domain objects + metadataNew resource definitions might (and should) have their own MIME typesProblemsPeopledon’t understandit’s a problemNo tooling for thisLinkscould be part of theresponseheader  http://blog.steveklabnik.com/posts/2011-08-07-some-people-understand-rest-and-http
  • #23 Each slot now has a link element which contains a URI to tell us how to book an appointment.
  • #25 SOAPProtocolvsarchitecturalstyle SOAP has a standard whereas REST doesn’tOperationsvsresources verbsvsnounsRigid (typecheckingin SOAP – sometimesit’s a goodthing), light-weight (REST needs no wrapper, like XML in SOAP)Non-intuitivenessvssimplicity  in REST URL describes almost everything and quiteintuitivetouse &amp; modifySecurity: WS-Securityvs HTTPS/TLS  message-levelvstunnel-levelsecurity  http://blogs.msdn.com/b/vbertocci/archive/2005/04/25/end-to-end-security-or-why-you-shouldn-t-drive-your-motorcycle-naked.aspxWS-AtomicTransaction  ACID transactions over a serviceManyproxiesblock PUT (badto REST)
  • #28 Safety &amp; Idempotencysafe: no side-effectsIdempotent: can be repeatedinsuccessionwithoutfailureGET is safe and idempotentPUT and DELETE arenotsafe, butidempotentPOST is neithersafenoridempotentAssociationbetweenresources: /owners/123/dogs don’t go deeperthan /resource/identifier/resourceUse ‚?’ for attributes  /dogs?color=blackBe consistent, no mixed plurals&amp;singularsConcretethingslikecoffee, beer NOT drink
  • #29 api.company.comPut version # asmuchinthe front aspossibleMajor version # onlyDatesas version #s  long, hardtoremember, whichdateformat?Optionalversioning and alwaystakethelatestifomitted
  • #30 200 – OK201 – created204 – No content (after DELETE)400 – Badrequest401 – unauthorized403 – Forbidden404 – notfound405 – methodnotallowed500 – internalerror503 – Service unavailablewithRetry-AfterheaderUltimatelythefollowingthreeshould be enough: 200, 400 (pointingourwherevalidationfailed) and 500
  • #32 JSON wins over otherformats, like XML
  • #33 PATCH - http://weblog.rubyonrails.org/2012/2/26/edge-rails-patch-is-the-new-primary-http-method-for-updates
  • #34 Session managementCaching – reducenetworktraffic, loadon servers, latency, hidenetworkfailuresLocal cache + server cacheActions in the absence of resources  use verbs, like /currencyconverter/convert?from=EUR&amp;to=BYR&amp;amount=1000
  • #35 Thingsremovedfrom here tokeeptime:PATCH - http://weblog.rubyonrails.org/2012/2/26/edge-rails-patch-is-the-new-primary-http-method-for-updates noteveryoneknowswhat HTTP methodsare forParameters/attributes in URL or as part of HTTP header  much easier to develop if in URLSuppress HTTP response codes  usefulwhenourcode is runningin a containerthatintercepts HTTP commslike status codes
  • #36 Wadl – web applicationdescriptionlanguage (W3.org), wadl2java tool
  • #41 Spring Data REST (SDR) representsthebottom-upapproach, whereSDRcomesfromthedomainobjectlayer … it’s notreallyRESTful, imo
  • #46 Has beenintheindustrysince 1998Developer, tester, architect, project managerMobile, enterpriseForum nokiachampion(?), blogger