Upgrade to Pro — share decks privately, control downloads, hide ads and more …


Honza Javorek
November 20, 2013


How to design proper RESTful API.

Honza Javorek

November 20, 2013

More Decks by Honza Javorek

Other Decks in Technology


  1. REST API MANUAL Honza Javorek, 11/2013 Based on Steve Klabnik's

    great article Haters gonna HATEOAS http://timelessrepo.com/haters-gonna-hateoas
  2. REST = Representational State Transfer Fielding, Roy Thomas (2000), Architectural

    Styles and the Design of Network-based Software Architectures, Doctoral dissertation, University of California, Irvine no implementation details goals constraints → REST + HTTP REST × SOAP et al. 4/154
  3. REST constraints • client-server • stateless state of the resource

    • cacheable • layered system load balancing, cache, etc. • uniform interface guiding principles 5/154
  4. REST guiding principles • identification of resources URIs • manipulation

    of resources through these representations representation and it's metadata = enough information to manipulate it • self-descriptive messages each message = enough information to process it (MIME, cache, ...) • hypermedia as the engine of application state HATEOAS, hyperlinks, hypertext 7/154
  5. 4 levels of “REST support” 1. “The Swamp of POX”

    You’re using HTTP to make RPC calls. HTTP is only really used as a tunnel. 2.Resources Rather than making every call to a service endpoint, you have multiple endpoints that are used to represent resources, and you’re talking to them. 3.HTTP verbs You interact with resources using HTTP verbs, rather than always using POST. 4.HATEOAS Hypermedia Controls. HATEOAS. You’re 100% REST compliant. 9/154
  6. REST can be provided over any protocol. Boring fact: Everyone

    implementing REST uses HTTP. HTTP REST architecture You want your API to be here 11/154
  7. Content negotiation as we know it Accept-Language: de; q=1.0, en;

    q=0.5 Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6, image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1
  8. Content negotiation & API formats Accept: application/json {'body': {'nipples': 2,

    'legs': 2}} Accept: application/xml <?xml version="1.0" encoding="UTF-8" ?> <body> <nipples>2</nipples> <legs>2</legs> </body>
  9. Content negotiation & API versions Accept: application/json {'body': {'nipples': 2,

    'legs': 2}} Accept: application/mattel.v1+json {'body': {'nipples': 2}} http://barelyenough.org/blog/2008/05/versioning-rest-web-services/
  10. Content negotiation & language Accept-Language: en {'title': 'The Good Soldier

    Švejk'} Accept-Language: cs {'title': 'Osudy dobrého vojáka Švejka za světové války'}
  11. HATEOAS • Hypertext As The Engine Of Application State •

    hypertext • engine • application state
  12. HATEOAS • single entry endpoint to your API • you

    can do whatever you need just by inspecting the API • transitions are made by hyperlinks – URIs • abstracting away implementation details iOS apps Sounds familiar? Yes, it's exactly how HTML and websites work.
  13. GET /author/10 { 'id': 10, 'name': 'Gargamel', } GET /author/10/posts/

    [ {'id': 3, 'title': 'How to cook smurfs', ...}, {'id': 2, 'title': 'How to chase smurfs', ...}, ] GET /author/10/comments/ [ {'id': 12293, 'text': 'I hate you.'}, {'id': 49939, 'text': 'Smurfs are idiots.'}, ]
  14. GET /author/10 { 'uri': '/author/10', 'name': 'Gargamel', 'posts': '/author/10/posts/', 'comments':

    '/author/10/comments/', } GET /author/10/posts/ [ {'uri': '/posts/3', 'title': 'How to...', ...}, {'uri': '/posts/2', 'title': 'How to...', ...}, ] GET /author/10/comments/ [ {'uri': '/comments/12293', 'text': 'I hate you.'}, {'uri': '/comments/49939', 'text': 'Smurfs...'}, ]
  15. RESTful API pros & cons • Beautifully consistent and usable.

    API clients will love you. Look at Django REST framework's browsable APIs. • It is the future. (Everyone says it, so it must be true.) HTTP2.0 solves the biggest flaws. HTTP2.0 async, multiplexing, compression, pipelining, etc. → • Designed for scale. Everything is designed for massive caching and counts with presence of middleware. • Change tolerant. Change business logic in a single place! Without the links the client must implement logic for building links. If you put this code inside your iPhone or Android clients you cannot change the URI structure on the server without breaking existing clients. If a link is present the client can follow the link. A client application does not have to repeat the business logic for deciding if a book can be purchased or downloaded. • URIs are implementation detail. Choose a URI naming scheme that fits whatever framework or coding conventions that we find useful. 150/154
  16. Conclusion • stick to HTTP • ensure that everything is

    a resource • implement CRUD as HTTP verbs • use content negotiation instead of crippling your URIs • use the old mighty hypertext instead of juggling with IDs on client side 151/154
  17. Other suff – best practices • HTTP status codes •

    caching • authorization • rate limiting • OPTIONS • error handling • ... 152/154