Kfir Bloch, profile picture
Uploaded byKfir Bloch
PPTX, PDF775 views

Rest is bad

Kfir Bloch argues against using RESTful APIs between microservices, citing complexity in authorization, payload handling, and documentation challenges. He advocates for Remote Procedure Call (RPC) as a simpler alternative that effectively abstracts network complexities and provides better error handling and documentation. The document emphasizes that while REST can become verbose and difficult to manage, RPC offers a more efficient solution established since the 1970s.

Embed presentation

Download to read offline
REST is Bad Kfir Bloch Head of Backend Engineering @Wix.com github.com/kfiron@kfirondevkfirb@wix.com
Restful API between Microservices is the worst choice you can make.
POST http://sms-server/messages { "from": "054-555-6666", "to": "055-222-333", "message": "hi, what's up Rony" } Response Status code 200 { “id”: “55666322123”, “success”: true } SMS Server
GET http://sms-server/messages/0545556666 [ { ”id:" “55666322123”, "to:" "055-222-3333", "message": "hi, what's up Rony" }, { ”id:" “44666322345”, "to:" "055-111-4444", "message": "I am sleeping" } ]
But that’s not enough, is it?
POST http://sms-server/messages Accept: “json” / “xml” { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll want to ask for a payload type Smelly! Mix between API protocol and semantics
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll need security Hash calculate is a difficult, complex integration
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and sometimes tenant identification
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and language
POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Sometimes you have parameters
POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en Cache-Control: max-age=0 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and cache control
and rate-limiting support Status: 403 Forbidden X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1377013266 Connection: keep-alive
POST http://sms-server/messages?page=1 Accept-Language: en Authorization: xxkgkkgslslls;ffgg/ Timestamp: 324884545454 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Status: 403 Forbidden Cache-Control: max-age=0 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 and you end up with something like this Verbose! It’s difficult to document a broken API
Adding more requests, another protocol integration?
Continuous Integration is painful. We want to break CI whenever the protocol changes.
Should we run all servers to test this thing?
How your code will look like String url = "http://sms-server/messages?page=1"; HttpClient client = new DefaultHttpClient(); HttpGet request = new HttpGet(url); // add request header request.addHeader(”Authorization", calculateHash(request)); request.addHeader(”Accept", “json”); HttpResponse response = client.execute(request); BufferedReader rd = new BufferedReader( new InputStreamReader(response.getEntity().getContent())); StringBuffer result = new StringBuffer(); String line = ""; while ((line = rd.readLine()) != null) { result.append(line); } Verbose!
So we hide the pain into a function public class SMSService { public SMSResponse sendSMS(Message message); public SMSMessages messagesForUser(UUID user); }
RPC is a proper solution Hide network complexity and focus on the API semantic Calling a function and implementing a function is simple
We do RPC since the 70’s CORBA RMI Spring-Remoting JSON-RPC XML-RPC SOAP Thrift Protobuf Avro Akka-Remoting Lagom Grpc
Why RPC is good for you It’s easy to use It covers cross cutting concerns Dependency with IDL as source of truth – breaks in CI It has proper error handling Proper documentation
Thank You github.com/kfiron@kfirondevkfirb@wix.com

More Related Content

PPTX
Elastic stack
byMinsoo Jun
 
KEY
Composing re-useable ETL on Hadoop
byPaul Lam
 
PPTX
Server architecture
byMasters Academy
 
PPTX
Webinar slides "Building Real-Time Collaborative Web Applications"
bySachin Katariya
 
PDF
Moving from HTTP to HTTPS
byBlake Crosby
 
PDF
Varnish Cache and Django (Falcon, Flask etc)
byДанил Иванов
 
PDF
Integrity protection for third-party JavaScript
byFrancois Marier
 
ODP
Building Websocket Applications with GlassFish and Grizzly
byJustin Lee
 
Elastic stack
byMinsoo Jun
 
Composing re-useable ETL on Hadoop
byPaul Lam
 
Server architecture
byMasters Academy
 
Webinar slides "Building Real-Time Collaborative Web Applications"
bySachin Katariya
 
Moving from HTTP to HTTPS
byBlake Crosby
 
Varnish Cache and Django (Falcon, Flask etc)
byДанил Иванов
 
Integrity protection for third-party JavaScript
byFrancois Marier
 
Building Websocket Applications with GlassFish and Grizzly
byJustin Lee
 

What's hot

PDF
Web service introduction
bySagara Gunathunga
 
PDF
[OpenTRS-001] ooops
byTheori
 
PDF
URL to HTML
byFrancois Marier
 
PPTX
Altitude San Francisco 2018: Programming the Edge
byFastly
 
PDF
Nginx + PHP
byWataru OKAMOTO
 
PDF
Preparing your web services for Android and your Android app for web services...
byDroidcon Eastern Europe
 
PPTX
Altitude San Francisco 2018: Testing with Fastly Workshop
byFastly
 
PDF
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
byPROIDEA
 
PPSX
Real User Monitoring at Scale @ Atmosphere Conference 2016
byDreamLab
 
PDF
Cross site calls with javascript - the right way with CORS
byMichael Neale
 
PDF
COMET in Plone
byChristian Scholz
 
PDF
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
byFelipe Prado
 
PPTX
HTTP
byjangezkhan
 
PDF
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
PPTX
Ajax basics
byHernán Garzón de la Roza
 
KEY
REST Easy - Building RESTful Services in Zend Framework
byChris Weldon
 
PDF
HTTP 완벽가이드- 13 다이제스트 인증
by박 민규
 
PPTX
Maximizing SPDY and SSL Performance (June 2014)
byZoompf
 
Web service introduction
bySagara Gunathunga
 
[OpenTRS-001] ooops
byTheori
 
URL to HTML
byFrancois Marier
 
Altitude San Francisco 2018: Programming the Edge
byFastly
 
Nginx + PHP
byWataru OKAMOTO
 
Preparing your web services for Android and your Android app for web services...
byDroidcon Eastern Europe
 
Altitude San Francisco 2018: Testing with Fastly Workshop
byFastly
 
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
byPROIDEA
 
Real User Monitoring at Scale @ Atmosphere Conference 2016
byDreamLab
 
Cross site calls with javascript - the right way with CORS
byMichael Neale
 
COMET in Plone
byChristian Scholz
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
byFelipe Prado
 
HTTP
byjangezkhan
 
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
Ajax basics
byHernán Garzón de la Roza
 
REST Easy - Building RESTful Services in Zend Framework
byChris Weldon
 
HTTP 완벽가이드- 13 다이제스트 인증
by박 민규
 
Maximizing SPDY and SSL Performance (June 2014)
byZoompf
 

Similar to Rest is bad

PPTX
CocoaConf: The Language of Mobile Software is APIs
byTim Burks
 
KEY
A Conversation About REST - Extended Version
byJeremy Brown
 
KEY
A Conversation About REST
byMike Wilcox
 
KEY
A Conversation About REST
byJeremy Brown
 
PDF
gRPC - RPC rebirth?
byLuís Barbosa
 
PDF
Inter process communication
byTamer Rezk
 
PDF
gRPC
byDharshana Ratnayake
 
PPTX
Messaging APIs of RingCentral
byAnirban Sen Chowdhary
 
PDF
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
byapidays
 
PDF
Building APIs in a Cloud Native Era
byNuwan Dias
 
PPTX
Nom Nom: Consuming REST APIs
byTessa Mero
 
PDF
Creating Great REST and gRPC API Experiences (in Swift)
byTim Burks
 
PDF
Android App Development 06 : Network & Web Services
byAnuchit Chalothorn
 
PPTX
Webservices Overview : XML RPC, SOAP and REST
byPradeep Kumar
 
PDF
There is REST and then there is "REST"
byRadovan Semancik
 
PPTX
Nom Nom: Consuming REST APIs
byTessa Mero
 
PDF
Networked APIs with swift
byTim Burks
 
PPTX
REST APIs and MQ
byMatt Leming
 
PPTX
Android and REST
byRoman Woźniak
 
PDF
"gRPC vs REST: let the battle begin!" GeeCON Krakow 2018 edition
byAlex Borysov
 
CocoaConf: The Language of Mobile Software is APIs
byTim Burks
 
A Conversation About REST - Extended Version
byJeremy Brown
 
A Conversation About REST
byMike Wilcox
 
A Conversation About REST
byJeremy Brown
 
gRPC - RPC rebirth?
byLuís Barbosa
 
Inter process communication
byTamer Rezk
 
gRPC
byDharshana Ratnayake
 
Messaging APIs of RingCentral
byAnirban Sen Chowdhary
 
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
byapidays
 
Building APIs in a Cloud Native Era
byNuwan Dias
 
Nom Nom: Consuming REST APIs
byTessa Mero
 
Creating Great REST and gRPC API Experiences (in Swift)
byTim Burks
 
Android App Development 06 : Network & Web Services
byAnuchit Chalothorn
 
Webservices Overview : XML RPC, SOAP and REST
byPradeep Kumar
 
There is REST and then there is "REST"
byRadovan Semancik
 
Nom Nom: Consuming REST APIs
byTessa Mero
 
Networked APIs with swift
byTim Burks
 
REST APIs and MQ
byMatt Leming
 
Android and REST
byRoman Woźniak
 
"gRPC vs REST: let the battle begin!" GeeCON Krakow 2018 edition
byAlex Borysov
 

More from Kfir Bloch

PDF
Increasing velocity via serless semantics
byKfir Bloch
 
PPTX
The secrets of building a team that can do everything
byKfir Bloch
 
PPTX
A sweet taste of clean code and software design
byKfir Bloch
 
PPTX
TDD For Mortals
byKfir Bloch
 
PPTX
Design pattern-refactor-functional
byKfir Bloch
 
PPTX
Refactoring Design Patterns the Functional Way (in Scala)
byKfir Bloch
 
PPTX
Scala from the Trenches - Java One 2016
byKfir Bloch
 
PPTX
Scala from the Trenches
byKfir Bloch
 
PDF
The art of decomposing monoliths
byKfir Bloch
 
Increasing velocity via serless semantics
byKfir Bloch
 
The secrets of building a team that can do everything
byKfir Bloch
 
A sweet taste of clean code and software design
byKfir Bloch
 
TDD For Mortals
byKfir Bloch
 
Design pattern-refactor-functional
byKfir Bloch
 
Refactoring Design Patterns the Functional Way (in Scala)
byKfir Bloch
 
Scala from the Trenches - Java One 2016
byKfir Bloch
 
Scala from the Trenches
byKfir Bloch
 
The art of decomposing monoliths
byKfir Bloch
 

Recently uploaded

PPTX
1.Module 4-Clamping of jigs and fixtures for manufacturing.pptx
bycondieki
 
PDF
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
PDF
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
PDF
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PDF
Infinite Sequence and Series: It Includes basic Sequence and Series
byDynamicDomain1
 
PPTX
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
PDF
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
PPTX
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PPTX
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PPT
Cloud computing-1.ppt presentation preview
byMohanaPriya780617
 
PPTX
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
PDF
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
PPT
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
PPTX
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
1.Module 4-Clamping of jigs and fixtures for manufacturing.pptx
bycondieki
 
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
Infinite Sequence and Series: It Includes basic Sequence and Series
byDynamicDomain1
 
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
Cloud computing-1.ppt presentation preview
byMohanaPriya780617
 
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 

Rest is bad

  • 1.
    REST is Bad KfirBloch Head of Backend Engineering @Wix.com github.com/kfiron@kfirondevkfirb@wix.com
  • 2.
    Restful API betweenMicroservices is the worst choice you can make.
  • 3.
    POST http://sms-server/messages { "from": "054-555-6666", "to":"055-222-333", "message": "hi, what's up Rony" } Response Status code 200 { “id”: “55666322123”, “success”: true } SMS Server
  • 4.
    GET http://sms-server/messages/0545556666 [ { ”id:" “55666322123”, "to:""055-222-3333", "message": "hi, what's up Rony" }, { ”id:" “44666322345”, "to:" "055-111-4444", "message": "I am sleeping" } ]
  • 5.
    But that’s notenough, is it?
  • 6.
    POST http://sms-server/messages Accept: “json”/ “xml” { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll want to ask for a payload type Smelly! Mix between API protocol and semantics
  • 7.
    POST http://sms-server/messages Accept: “json”/ “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll need security Hash calculate is a difficult, complex integration
  • 8.
    POST http://sms-server/messages Accept: “json”/ “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and sometimes tenant identification
  • 9.
    POST http://sms-server/messages Accept: “json”/ “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and language
  • 10.
    POST http://sms-server/messages?page=1 Accept: “json”/ “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Sometimes you have parameters
  • 11.
    POST http://sms-server/messages?page=1 Accept: “json”/ “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en Cache-Control: max-age=0 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and cache control
  • 12.
    and rate-limiting support Status:403 Forbidden X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1377013266 Connection: keep-alive
  • 13.
    POST http://sms-server/messages?page=1 Accept-Language: en Authorization:xxkgkkgslslls;ffgg/ Timestamp: 324884545454 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Status: 403 Forbidden Cache-Control: max-age=0 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 and you end up with something like this Verbose! It’s difficult to document a broken API
  • 14.
    Adding more requests, anotherprotocol integration?
  • 15.
    Continuous Integration ispainful. We want to break CI whenever the protocol changes.
  • 16.
    Should we runall servers to test this thing?
  • 17.
    How your codewill look like String url = "http://sms-server/messages?page=1"; HttpClient client = new DefaultHttpClient(); HttpGet request = new HttpGet(url); // add request header request.addHeader(”Authorization", calculateHash(request)); request.addHeader(”Accept", “json”); HttpResponse response = client.execute(request); BufferedReader rd = new BufferedReader( new InputStreamReader(response.getEntity().getContent())); StringBuffer result = new StringBuffer(); String line = ""; while ((line = rd.readLine()) != null) { result.append(line); } Verbose!
  • 18.
    So we hidethe pain into a function public class SMSService { public SMSResponse sendSMS(Message message); public SMSMessages messagesForUser(UUID user); }
  • 19.
    RPC is a propersolution Hide network complexity and focus on the API semantic Calling a function and implementing a function is simple
  • 20.
    We do RPC sincethe 70’s CORBA RMI Spring-Remoting JSON-RPC XML-RPC SOAP Thrift Protobuf Avro Akka-Remoting Lagom Grpc
  • 21.
    Why RPC is goodfor you It’s easy to use It covers cross cutting concerns Dependency with IDL as source of truth – breaks in CI It has proper error handling Proper documentation
  • 22.