The document discusses RESTful web services and Resource Oriented Architecture (ROA). It defines REST and its constraints including client-server architecture, statelessness, cacheability, uniform interface and layered system. It then explains ROA and how resources are addressed and represented in a RESTful system. Key concepts like addressability, statelessness, representations, links and connectedness, uniform interface and safety are covered in relation to ROA. The document provides examples and discusses designing a RESTful API for a content management system.

1. Smart IT Engineering Ltd. RESTful Web Services Imran M Yousuf Smart IT Engineering Ltd.

2. Smart IT Engineering Ltd. What's not covered Comparison between various Web Service technologies

3. Hands on tutorial on how code a RESTful WS

4. Details of how HTTP works

5. Details on various media formats

6. Smart IT Engineering Ltd. What to expect REST Definition

7. Discussion on its constraints

8. WWW RESTful Web Service Resource Oriented Architecture (ROA)

9. Constraints of ROA

10. Examples

11. Smart IT Engineering Ltd. What to expect A Design Case Study

12. Questions

13. Smart IT Engineering Ltd. What is REST RE presentational S tate T ransfer

14. Proposed by Dr. Roy Thomas Fielding in his PhD dissertation titled - “Architectural Styles and the Design of Network-based Software Architectures”

15. Smart IT Engineering Ltd. What is REST RE presentational S tate T ransfer

16. REST is an architectural style composed of specific constraints.

17. The Constraints - - Client-Server - Stateless - Cache - Uniform Interface - Layered System - Code-On-Demand (Optional)

18. Smart IT Engineering Ltd. REST Constraints Client-Server No restrictions on the nature of the client

19. No restrictions on the number of the clients

20. No restriction on communication medium / protocol Client (Browser) Client (CLI – curl, wget) Client (Desktop) Network Client (Mobile) Client (Another System)

21. Smart IT Engineering Ltd. REST Constraints Client-Server Separate data storage concerns

22. Improve user interface portability across multiple platforms

23. Improve scalability by simplifying server components

24. Components evolve independently

25. Smart IT Engineering Ltd. REST Constraints Stateless “ ... each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server.” Advantages Visibility Reliability Scalability

26. Smart IT Engineering Ltd. REST Constraints Cache “ ... the data within a response to a request be implicitly or explicitly labeled as cacheable or non-cacheable. If a response is cacheable, then a client cache is given the right to reuse that response data for later, equivalent requests.” Advantages Efficient Scalability Performance

27. Smart IT Engineering Ltd. REST Constraints Layered System The layered system style or also popularly referred to as n-layer system allows an architecture to be composed of hierarchical layers by constraining component behavior such that each component cannot "see" beyond the immediate layer with which they are interacting. Code-On-Demand Allows client functionality to be extended by downloading and executing code in the form of applets or scripts . This simplifies clients by reducing the number of features required to be pre-implemented.

28. Smart IT Engineering Ltd. REST Constraints Uniform Interface Central distinguishing feature of REST Involves four constraints to define 'uniform interface' for REST systems. Identification of resources

29. Manipulation of resources through representations

30. Self-descriptive messages

31. HATEOAS ( H ypermedia A s T he E ngine O f A pplication S tate)

32. Smart IT Engineering Ltd. REST Constraints Uniform Interface - Resource Any concept that might be the target of an web-author's hypertext reference must fit within the definition of a resource.

33. A resource is a conceptual mapping to a set of entities , not the entity that corresponds to the mapping at any particular point in time.

34. If compared of Object Oriented aproach, Object if referrrable is a resource.

35. Examples of resources would Books, A Book, An Author, Authors, Authors of a Book, A Publisher, Categories of a Book, A Category etc.

36. Smart IT Engineering Ltd. REST Constraints Uniform Interface – Representations & Messages A representation is a sequence of bytes describing a resource in a particular format.

37. Other commonly used but less precise names for a representation include: document, file, and HTTP message entity, instance, or variant.

38. Message consists of control data, metadata, messages and in some cases hyperlinks to resources.

39. Examples: Images (image/jpg, image/png, etc.), Markups (text/html, application/xml etc.) and more.

40. Smart IT Engineering Ltd. REST Constraints Uniform Interface – HATEOAS A hypermedia in each server response will contain links that correspond to all the actions that the client can currently perform.

41. Therefore, dependent on the current application state, every server response describes the new actions that are available.

42. The server can change the range of allowable responses in a dynamic way, and a client should adapt its behavior to these changes.

43. A client of a RESTful application need only know a single fixed URL to access it.

44. Smart IT Engineering Ltd. REST Constraints Uniform Interface – HATEOAS All future actions should be discoverable dynamically from hypermedia links included in the representations of the resources that are returned from that URL.

45. The link relations should be standardized , so that the client knows what selecting that state transition means.

46. Standardized media types are also expected to be understood by any client that might use the API.

47. Application state transitions are driven by a combination of the known processing rules for each media type, client selection from the server-provided choices in representations received, and the user's manipulation of those representations. Thus interactions are driven by hypermedia .

48. Smart IT Engineering Ltd. REST What is the biggest known RESTful System on planet Earth?

49. Smart IT Engineering Ltd. REST World Wide Web a.k.a Internet HTTP Web Pages HTML pages are hypermedia CSS

50. Feeds

51. Media etc. JavaScript - Code-On-Demand Email Copy

52. Reply address FTP Files

53. Folders

54. Smart IT Engineering Ltd. REST Questions?

55. Smart IT Engineering Ltd. RESTful Web Service What is RESTful Web Service or API? Any system following fulfilling the constraints, thus definition, of REST is a RESTful Web Service.

56. Smart IT Engineering Ltd. RESTful Web Service RESTful Web Service system communicates over HTTP protocol

57. RESTful Web Service design and architecture grows around resource .

58. All WWW sites are inherently REST-like and can easily be RESTful hence RESTful Web Service; e.g. Google Search Engine.

59. Web Service not only consists of either HTML markups, CSS and JavaScript, or other media formats, but may consist both

60. Smart IT Engineering Ltd. Resource Oriented Architecture Introduced in the book “RESTful Web Services”

61. Resource-Oriented Architecture is about REST-ful system with the technologies of the Web

62. Smart IT Engineering Ltd. ROA - Resource A Resource is anything, a concept, that is worth having a URI to linked to. E.g. http://basis.com.bd/softexpo/2011/

63. A URI is a name and address of a resource.

64. A Resource may have many URIs but needs to have at least one .

65. A Resource may have one or more representations; i.e. it may not have any representations at all.

66. Smart IT Engineering Ltd. ROA - Resource Having a nice URI is not mendatory as in REST clients do not form URIs rather discover them. So it is indifferent to have basis.com.bd/softexpo/2011/ instead of basis.com.bd/abc/def as long as they name and address the same resource.

67. It does not hurt to have readable URIs

68. If Resource has multiple variants, i.e. combination of media format (atom xml, html etc.), encoding (ASCII, UTF-8 etc.) and language (en-US, bn etc.), besides supporting content negotiation, URI for each variant is beneficial for external linking.

69. Smart IT Engineering Ltd. ROA - Resource HTTP Hints Content negotiation for representation in HTTP is done through request headers – Accept, Accept-Encoding, Accept-Language

70. Use Vary header in response in case a URI support multiple representations

71. Use Location header in response to specify the exact URI to the variant in case of nice URIs.

72. Smart IT Engineering Ltd. ROA - Features Key Features of ROA Addressability

73. Statelessness Representations

74. Links & Connectedness The Uniform Interface

75. Safety & Idempotence

76. Smart IT Engineering Ltd. ROA - Addressability If an application exposes all conceivable or interesting aspects of its data set as resources then it is addressable.

77. IOW an addressable application exposes URI for every bit of information it can conceivably serve

78. This usually refers to infinite URIs

79. Consider a search resource, e.g. Google Search, A paginated atom feed of all books of a bookstore etc.

80. Smart IT Engineering Ltd. ROA - Statelessnes Same as that of REST

81. Introducing Application State and Resource State.

82. Application State resides on client side ensuring every request can be treated individually by the server without considering the past requests from the client

83. Resource State is data that makes up the resource. It resides server side and in case of write-able resource can be modified through its representation

84. Smart IT Engineering Ltd. ROA – Statelessnes Representations Lets consider a resource we call Book.

85. Book has name, ISBN only. (ignoring publisher, author(s) and categories for now).

86. It has 2 representations HTML and WWW URL Encoded.

87. Client can track how it reached the book in its client application state. Note different apps may reach to the same resource in different ways. E.g., one from Google Search another from a Facebook app.

88. The resource state, i.e. the current name and ISBN resides on the server side and is indifferent for any client.

89. Clients receive the representations of the resource and provides the server with the same to edit its information.

90. Smart IT Engineering Ltd. ROA – Statelessnes Link & Connectedness Lets enrich the Book dataset to contain author(s), publisher and categories.

91. So for every book resource there would be at least 5 related, i.e. Connected/Linked resource. They are the book's authors resource , the book's categories resource , the book's publisher resource , an author of the book (from first resource), a category of the book (from the 3 rd resource).

92. Smart IT Engineering Ltd. ROA – Resources /books /books/A /books/B /books/C /books/A/authors /books/A/publishers /pubs/A /authors/A /pubs/A/books /authors/A/books /pubs /authors /

93. Smart IT Engineering Ltd. ROA – Resource Templates /books /books/{id} /books/{id} /books/{id} /books/{id}/authors /books/{id}/publishers /pubs/{id} /authors/{id} /pubs/{id}/books /authors/{id}/books /pubs /authors /

94. Smart IT Engineering Ltd. ROA – The Uniform Interface Specifies the generic definition of Uniform Interface from REST

95. The specifics are in context to HTTP

96. It basically follows the HTTP specification, does not change any definition but restricts on some of the operations usually performed

97. IMPORTANT – It remains same across all RESTful WS Providers, reducing learning curve.

98. Smart IT Engineering Ltd. ROA – The Uniform Interface Methods GET – To read resources. Query parameters can be used to restrict the scope of the data set

99. PUT – To create a resource if the URI is known or replace (completely) the current state of the resource

100. DELETE – Delete the current resource. Might not actually physically delete the data just change the state.

101. Smart IT Engineering Ltd. ROA – The Uniform Interface Methods POST – Has multiple functions Create sub-ordinate resource

102. Append state data to current resource, i.e. partially update the state of the resource

103. Submit data to some background process, e.g. POST to search data. The first 2 are uniform but the last is not and is advisable to avoid

104. In overloading POST with 2 ops one should consider breaking the resource to avoid overloading.

105. Smart IT Engineering Ltd. ROA – The Uniform Interface Headers For pre-condition based locking Entity Tag – ETag & If-Match

106. Last Modified Date – Last-Modified & If-Unmodified-Since

107. Implementation specific Client side caching Last Modified Date & Entity Tag for conditional GET using If-Modified-Since and If-None-Match

108. Cache-Control header for controlling cache

109. Use Vary to support variants. Use Location to redirect or point to the permanent URI

110. Smart IT Engineering Ltd. ROA – The Uniform Interface Status (commonly used) 200 OK for returning success of request.

111. 201 Created for returning that resource is created, in conjunction with Location header pointing to the created resource.

112. 202 Accepted for returning that request accepted but will process at a later time without any guarantee.

113. 204 No Content for specifying no message entity

114. Smart IT Engineering Ltd. ROA – The Uniform Interface Status (commonly used) 302 Found for redirecting, prefer 303 instead.

115. 303 See Other for redirecting using the Location header pointing to the actual resource.

116. 304 Not Modified for conditional GET when condition is unmet, i.e. client can server from client cache.

117. 301 Move Permanently If a resource URI has been changed, e.g. the template for books changed to /r/books from /books.

118. Smart IT Engineering Ltd. ROA – The Uniform Interface Status (commonly used) 400 Bad Request when request information is sufficient to process the data, e.g. required field of an HTML Form is missing.

119. 401 Unauthorized and 403 Forbidden for authentication and authorization failures respectively.

120. 404 Not Found for not being able to resolve the URI to a resuorce.

121. 406 Not Acceptable If none variants requested can be served by the server

122. 412 Preconditioned Failed if the conditions in request not met. Useful lock like feature in case of updates.

123. 415 Unsupported Media Type when request entity is not recognized by server for processing.

124. Smart IT Engineering Ltd. ROA – Safety & Idempotence If designed according to the spec we get safety and idempotence for free.

125. Safety – refers to GET and HEAD not changing any state of the resources concerned, but might have side effects, e.g. hit counters.

126. Idempotence – Repeating any one of PUT, POST, DELETE on a resource any number of will yield the same result.

127. Smart IT Engineering Ltd. RESTful vs RESTlike/REST-RPC Web Service Failures with my initial RESTful WS experiments Overloaded POST

128. Not realizing HATEOAS, i.e. Linked and Connectedness

129. Not realizing the strength of content negotiation, i.e. variant support

130. Not realizing strength of conditional requests

131. Not realizing the power of HTTP Cache

132. Smart IT Engineering Ltd. RESTful Web Services & ROA Questions?

133. Smart IT Engineering Ltd. A Design Walk-through What remains unchanged? Use of HTTP as message vessel

134. Use of URI to address resources

135. No application state, i.e. session, on server side What changes? Resources and their interlinkings

136. Support of different media formats

137. Support of variants

138. Smart IT Engineering Ltd. Design – Content Repository My Steps to design Identify domain objects using Object Oriented Approach

139. Identify cardinal relationships among domains

140. Identify resource templates from objects and their cardinal relations

141. Design uri templates for resource templates

142. Specify Entity tag generation algorithm for resources as applicable

143. Specify cache directives for resources

144. Choose supporting media types for resources

145. Smart IT Engineering Ltd. Design – Content Repository Requirement

146. Contents can be separated logically in a boundary such that their definition and data can easily identified. Contents should extensively searchable, that is, by the logical partition definition type, free text etc. Contents and their fields can have multiple user configurable representations. All logical partitions should have featured contents.

147. Smart IT Engineering Ltd. Design – Content Repository Objects - /(search)? Workspace - /w/{workspaceId}(/search)? Representation Template - /w/{workspaceId}/reps(/{repId})?

148. Variation Template - /w/{workspaceId}/vars(/{varId})?

149. Root Contents a.k.a. Container - /w/{workspaceId}/container Contents Friendly Workspace - /w/{workspaceId}/friendlies

150. Content types - /w/{workspaceId}/types Content - /c/{workspaceId}/{contentId} Field - /c/{workspaceId}/{contentId}/fields(/{fieldName})? Variation - /c/{workspaceId}/{contentId}/fields/{fieldName}/{varId} Representation - /c/{workspaceId}/{contentId}/fields(/{repId})? Content Type -/t/{workspaceId}/{contentTypeId}(/search)?

151. Smart IT Engineering Ltd. Design – Content Repository Objects - /(search)? Workspace - /w/{workspaceId}(/search)?

152. Content Type -/t/{workspaceId}/{contentTypeId}(/search)? The later 2 searches URIs are equivalent of /search?workspace={workspaceId}

153. /search?workspace={workspaceId}&type={typeId}

154. Smart IT Engineering Ltd. Design – Content Repository Media Types Collections Atom Feed

155. Text URI-list Single Objects JSON

156. HTTP URL Encoded (Write only) Search HTML using Form

157. XForms in XML

158. Open Search Description (my only preference)

159. Smart IT Engineering Ltd. Design Questions? [email_address]