REST - Valtech

Hi!
My name is Mårten Gustafson

View Slide

I used to work here...

View Slide

...now I work here...
(and I brought give-away readers)

View Slide

Representational State Transfer

View Slide

REST

View Slide

RESTful

View Slide

HTTP

View Slide

means of
INTEGRATING
disparate stuff

View Slide

(my DARK and shameful PAST)
* 4 years of:
** IBM WebSphere
** ESB
** SOAP/WSDL
** Enterprisey
* REST vs SOAP vs HTTP vs JMS vs WMQ vs PUB/SUB vs EDA vs HA vs D/R

View Slide

INTEGRATIONs

View Slide

APIs

View Slide

INTERFACEs

View Slide

UNIFORM
* REST deﬁnes a uniform interface
* As opposed to SOAP, CORBA, etc

View Slide

GET
PUT
POST
DELETE
- list all foo
- 501
- create a new foo
- 501
a/b/c/foo

View Slide

GET
PUT
POST
DELETE
- details of {id}
- update the {id}
- 501
- delete the {id}
a/b/c/foo/{id}

View Slide

VERBs

View Slide

(OPTIONS)
* not common (yet)
* mention: pre-ﬂight

View Slide

GET
* retrieve

View Slide

HEAD
* retrieve without content (ie metadata)

View Slide

POST
* create (without known id) or update (with/without - unsafe)

View Slide

PUT
* update or create with known id (idempotent)

View Slide

DELETE
* remove

View Slide

(TRACE)
* ?

View Slide

(CONNECT)
* ?

View Slide

IDEMPOTENT
* Without side effects
* Fine to call multiple times

View Slide

safe idempotent unsafe
OPTIONS X (x)
GET X (x)
HEAD X (x)
POST X
PUT X X
DELETE X X
TRACE X (x)
CONNECT

View Slide

DEVELOPing

View Slide

WELL BEHAVED
* be well behaved
* read up on HTTP/1.1

View Slide

ETag
* The most overlooked HTTP header in API design?
Allows concurrency control
* if-match: “”
* if-none-match: “”
* 304 not modiﬁed
* version number

View Slide

VARY
* Tell clients/caches which headers that forms the response (ie what’s the cache-combo)
* ie: Vary: Accept ( /foo/bar vs /foo/bar : XML vs JSON)

View Slide

CACHE-CONTROL
* age
* no-cache
* no-store

View Slide

EXPIRES
* Expire any cached copies after...

View Slide

BENEFITs

View Slide

CLIENTS
PROXIES
SERVERS
LOAD BALANCERS
* will all understand and act accordingly
* in addition cool modern software does HTTP/REST out-of-the-box (CouchDB, Riak)

View Slide

PLANNING

View Slide

URLs
* What will your URL scheme look like
* How will it evolve
* Identify natural points of extension/evolution

View Slide

DNS
* This is part of your URL
* Think about partitioning (subdomains)
* Think about future transition, separation, isolation
* Does Wildcard DNS make sense to you?

View Slide

SECURITY
* HTTPS + basic auth (one stop shop)
* API auth (client certiﬁcates, OAuth)
* SSL cookies

View Slide

VERSIONING
* This is the hard part

View Slide

http://api.foo/v1/bar
application/xml
+ easy (ie browser compatible)

View Slide

http://api.foo/v1/bar
application/xml
- URL changes with version
- Breaks the URL = resource REST thingy

View Slide

http://api.foo/bar
application/vnd.bar-v1+xml
- hard (ie NOT browser compatible)

View Slide

http://api.foo/bar
+ version is independent of URL

View Slide

application/vnd.foo-v1+xml
application/vnd.foo-v2+xml
* Vary: “Accept”

View Slide

REPRESENTATION

View Slide

http://api.foo/bar
application/xml
+ easy (ie browser compatible)

View Slide

http://api.foo/bar.xml
+ even easier (ie really browser compatible)
- more info in URL

View Slide

http://api.foo/bar

View Slide

http://api.foo/bar
+ representation is independent of URL

View Slide

USABILITY

View Slide

PROXIES

View Slide

http://api.foo/v1/bar.xml

View Slide

http://api.foo/bar

View Slide

HATEOAS

View Slide

WAT?!

View Slide

LINKs
* State transitions

View Slide

MIMEs
* Representations

View Slide

LINK + MIME

View Slide

CONTRACTS
* What do we promise our clients?
* Read these:
- http://martinfowler.com/bliki/TolerantReader.html
- http://martinfowler.com/articles/consumerDrivenContracts.html

View Slide

SERIALIZED
FORM
+ Easy programming (initially, typed proxies)
- Rigid (will not bend, will break)

View Slide

SCHEMAS
* Good for automated testing
* If you give them away, assume people will generate proxies (and depend on serialized form)
* Consider not providing any (or model them loose, xs:any etc - I’m not sure it’s a good idea)

View Slide

GUARANTEES
* Fields annotated with “#userid” will have the following form
* Attributes named “email” will conform standard X
* This document contains one, and only one ﬁeld annotated “#id”, which is the unique id for
Y

View Slide

ROBUSTNESS

View Slide

1234

Mårten
Gustafson

* XPath

View Slide

1234

Mårten
Gustafson

/user/name/last
* Rigid

View Slide

1234

Mårten
Gustafson

//last
* Adaptive
* Might return multiple

View Slide

1234

Mårten
Gustafson

//last[1]
* Adaptive
* Only one

View Slide

1234

Mårten
Gustafson

* Annotated

View Slide

1234

Mårten
Gustafson

//last[1]
* Still works

View Slide

1234

Mårten
Gustafson

//*[@id='#name.last'][1]
* Adaptive

View Slide

1234
Mårten
Gustafson

* Still works

View Slide

Mårten
Gustafson

* Still works

View Slide

INFORMATION
MODELLING
* This is hard, usually “versioning hard”

View Slide

#name.first
* Format
* Values
* Guarantees

View Slide

URL
DNS
MIME
LINKS
PROXY

View Slide

URL
DNS
MIME
LINKS
=CONTRACT

View Slide

?

View Slide

@martengustafson
[email protected]
http://marten.gustafson.pp.se/talks
* Representations

View Slide

REST - Valtech

REST - Valtech

Mårten Gustafson

More Decks by Mårten Gustafson

Other Decks in Programming

Featured

Transcript