How to PATCH in HTTP APIs

PATCH & HTTP APIs

Honza Python API design Apiary Pyvo {…} PR API Blueprint
@honzajavorek honzajavorek.cz

Modifying Resources { "type": "Mazda", "color": "red", "stolen": true }
! { "type": "Mazda", "color": "blue", "stolen": false }

Web { "type": "Mazda", "color": "red", "stolen": true } !
{ "type": "Mazda", "color": "blue", "stolen": false }

API { "type": "Mazda", "color": "red", "stolen": true } !
{ "type": "Mazda", "color": "blue", "stolen": false } PUT /car

Has flaws vs. Good enough • Needs recent GET on
the resource. • Even with recent GET , there's obviously still race condition. • We need to send the whole resource (bandwidth). • But come on, we do this all the time with web forms…

Partial Update aka PATCH

PATCH • New HTTP method for partial updates (RFC 5789)
• Body contains a description of changes. • The changes must be applied atomically by server.

Content-Type: my-favorite-diff-format some diff instructions PATCH /car Content-Type: application/json {
"type": "Mazda", "color": "blue", "stolen": false } 200

Content-Type: application/json { "color": "blue", "stolen": false } PATCH /car
Content-Type: application/json { "type": "Mazda", "color": "blue", "stolen": false } 200

application/json • Does not actually say anything about the diff
format. • No shared libraries. • It is ambiguous: delete property vs. set to null? • You meet limits very soon: adding to arrays?

JSON Patch

JSON Patch • JavaScript Object Notation Patch (RFC 6902) •
Way to describe changes made on JSON. • Not ambiguous, supports addressing nested structures (e.g. replacing properties of nested objects, adding to array). • application/json-patch+json

Content-Type: application/json-patch+json [ {"op": "replace", "path": "/color", "value": "blue"}, {"op":
"replace", "path": "/stolen", "value": false} ] PATCH /car Content-Type: application/json { "type": "Mazda", "color": "blue", "stolen": false } 200

JSON Patch • atomic operations • path is able to
address any element in JSON document • RFC is very short and half of it are examples. Just read it. • libraries…

• JSON Pointer (RFC 6901) • Easy to address any
part of JSON document • "/pets/0" (first element in array pets) What "path"?

• test: check if path has given value (if not,
the patch fails) • remove: remove path • add: insert new value at path • replace: replace value at path • move: remove + add • copy: clones node inside the document Operations

Content-Type: application/json { "color": "blue", "stolen": false } PATCH /car

JSON Merge Patch

JSON Merge Patch • RFC 7396 • Way to describe
changes made on JSON. • Not ambiguous, supports addressing nested structures (e.g. replacing properties of nested objects). Replaces arrays. • application/merge-patch+json

Content-Type: application/merge-patch+json { "color": "blue", "stolen": false } PATCH /car

JSON Merge Patch • standardization & exact spec of what
everyone already does • very young • some libraries… • supported by orchestrate.io

Misc Tricks • Return "Undo Patch" in response (or link
it) to provide undo. • Conditional requests can prevent race conditions: • use If-Match headers & 412 HTTP status • PUT/PATCH exposes whole document: • use JSON Schema & 400/422 for access control

More • RFCs: 1855, 6902, 5789, 7396, 6901, 7230-7237, …
• Misc: • http://williamdurand.fr/2014/02/14/please-do-not-patch-like-an-idiot/ • https://github.com/apicraft/detroit2013/wiki/PATCH-and-partial-updates • https://www.mnot.net/blog/2012/09/05/patch • http://jsonpatch.com/ • http://slides.com/warpech/introduction-to-json-patch#/

How to PATCH in HTTP APIs

How to PATCH in HTTP APIs

Honza Javorek

More Decks by Honza Javorek

Other Decks in Technology

Featured

Transcript

PATCH & HTTP APIs

Honza Python API design Apiary Pyvo {…} PR API Blueprint

Modifying Resources { "type": "Mazda", "color": "red", "stolen": true }

Web { "type": "Mazda", "color": "red", "stolen": true } !

API { "type": "Mazda", "color": "red", "stolen": true } !

Has flaws vs. Good enough • Needs recent GET on

Partial Update aka PATCH

PATCH • New HTTP method for partial updates (RFC 5789)

Content-Type: my-favorite-diff-format some diff instructions PATCH /car Content-Type: application/json {

Content-Type: application/json { "color": "blue", "stolen": false } PATCH /car

Content-Type: application/json { "color": "blue", "stolen": false } PATCH /car

application/json • Does not actually say anything about the diff

JSON Patch

JSON Patch • JavaScript Object Notation Patch (RFC 6902) •

Content-Type: application/json-patch+json [ {"op": "replace", "path": "/color", "value": "blue"}, {"op":

JSON Patch • atomic operations • path is able to

• JSON Pointer (RFC 6901) • Easy to address any

• test: check if path has given value (if not,

Content-Type: application/json { "color": "blue", "stolen": false } PATCH /car

JSON Merge Patch

JSON Merge Patch • RFC 7396 • Way to describe

Content-Type: application/merge-patch+json { "color": "blue", "stolen": false } PATCH /car

JSON Merge Patch • standardization & exact spec of what

Misc Tricks • Return "Undo Patch" in response (or link

More • RFCs: 1855, 6902, 5789, 7396, 6901, 7230-7237, …