Demystifying the REST API

DEMYSTIFYING THE REST API
SAMANTHA QUIÑONES

View Slide

About Me
Samantha Quiñones

SW Architect & Lead Developer at POLITICO.com

Follow me: @ieatkillerbees

View Slide

View Slide

What is REST?
(and why am I talking about it?)
REpresentational State Transfer

An architectural style that describes a set of rules
for delivering content over an open network

View Slide

ROY FIELDING
DESCRIBED THE REST PATTERN IN HIS 2000 DOCTORAL DISSERTATION

View Slide

Nothing is more easy than to reduce this mass to one
quarter of its bulk. You know that curious cellular matter
which constitutes the elementary tissues of vegetable?
This substance is found quite pure in many bodies,
especially in cotton, which is nothing more than the down
of the seeds of the cotton plant. Now cotton, combined
with cold nitric acid, become transformed into a
substance eminently insoluble, combustible, and
explosive. It was first discovered in 1832, by Braconnot, a
French chemist, who called it xyloidine. In 1838 another
Frenchman, Pelouze, investigated its different properties,
and finally, in 1846, Schonbein, professor of chemistry at
Bale, proposed its employment for purposes of war. This
powder, now called pyroxyle, or fulminating cotton, is
prepared with great facility by simply plunging cotton for
fifteen minutes in nitric acid, then washing it in water,
then drying it, and it is ready for use.

View Slide

Nothing is more easy than to reduce this mass to one
quarter of its bulk. You know that curious cellular matter
which constitutes the elementary tissues of vegetable?
This substance is found quite pure in many bodies,
especially in cotton, which is nothing more than the
down of the seeds of the cotton plant. Now cotton,
combined with cold nitric acid, become transformed into
a substance eminently insoluble, combustible, and
explosive. It was first discovered in 1832, by Braconnot, a
French chemist, who called it xyloidine. In 1838 another
Frenchman, Pelouze, investigated its different properties,
and finally, in 1846, Schonbein, professor of chemistry at
Bale, proposed its employment for purposes of war. This
powder, now called pyroxyle, or fulminating cotton, is
prepared with great facility by simply plunging cotton for
fifteen minutes in nitric acid, then washing it in water,
then drying it, and it is ready for use.

View Slide

View Slide

Apache
PHP
5.4
MariaDB
Typical Application Design

View Slide

Hopefully…
Requirements are met

Users are happy

Invoices are paid

View Slide

MO’ ENDPOINTS, MO’ PROBLEMS
`

View Slide

View Slide

Ordo ab chao
REST is a set of constraints designed to bring
order of the chaos of free-form hypermedia

The young web was extremely disordered

Fielding envisioned the web as a system that
could be moulded by carefully applying
constraints

View Slide

The Early Web
Hypertext
Data
Flash
Media
Java Applets
Cat Pictures

View Slide

The Early Web
GIEF CAT PIX
PL0X!!1!

View Slide

Null Style
The Null Style describes an
empty set of constraints

There are no boundaries
and no structure

View Slide

CLIENT-SERVER
ARCHITECTURE
CONSTRAINT #1

View Slide

Client-Server Architecture
The system is divided in to clients and servers

Servers store hypermedia resources

Clients manage the display and caching of
resources

View Slide

PORTABILITY PREMIUM
INFINITE DIVERSITY IN INFINITE CLIENTS

View Slide

STATELESSNESS
CONSTRAINT #2

View Slide

Implicit State
Requesting the “next”
resource in a collection
requires the server to know
what you asked for last

This information may need
to be shared among many
servers in a cluster

This information may be lost
due to server errors
Gief
next cat pic
pls!

View Slide

Explicit State
The client is better suited to
choose what state is
important

Server failures do not cause
loss of state

Improved performance and
reliability

Load-balancing becomes
trivial
Gief
cat pic
#3427 pls!

View Slide

Debugging State Stinks
All requests contain all the context needed to
execute them

Simpliﬁes debugging

Makes traﬃc “replayable”

View Slide

CACHE-ABILITY
CONSTRAINT #3

View Slide

Cacheable Requests
Transmitting state with each request increases
overhead

Allowing clients to cache responses can drastically
reduce the number required requests

View Slide

Best Parsed By…
Resources can carry an
expiration time

Clients can wait until a
resource expires before
requesting it again

View Slide

UNIFORM
INTERFACE
CONSTRAINT #4

View Slide

Resources
Resources are abstractions
of data with a globally
unique identiﬁer

http://i.imgur.com/eqTIb.jpg

View Slide

Representations
{
name: “Kitty McAwesome”,
awesome: true,
cute: “very”,
image_uri: “http://i.imgur.com/eqTIb.jpg”
}

View Slide

Self-Contained Requests
GET /eqTIb.jpg HTTP/1.1
Host: i.imgur.com
If-‐Modified-‐Since: Fri, 02 Dec 2011 19:47:21 GMT

View Slide

HATEOAS
Hypermedia

As

The

Engine

Of

Application

State

View Slide

View Slide

HATEOAS
GET /events/201
!
200 OK

201
Summer Bridge Party

David Wildstein
[email protected]

View Slide

Hypermedia Types
HTML

XML

CSS

XHTML

Atom

View Slide

JSON IS NOT A
HYPERMEDIA TYPE

View Slide

View Slide

JSON & Hypermedia
GET /events/201
!
200 OK
{
id: 201,
name: “Summer Bridge Party”,
organizer: {
name: “David Wildstein”,
email: “[email protected]”
}
}

View Slide

JSON Hyper-Schema
Extension of json-schema that allows for
hypermedia descriptions

http://json-schema.org

View Slide

Hypertext Application
Language (HAL)
Proposed standard that extends the JSON type
with hypermedia data

application/json+hal

Small but growing acceptance

View Slide

HAL
GET /events/201
!
200 OK
{
“id”: 201,
“name”: “Summer Bridge Party”,
“_links”: {
“self”: { “href”: “/events/201” },
},
“_embedded”: {
“organizer”: {
“_links”: {
“self”: { “href”: “/organizers/42” }
}
}
}

View Slide

CONSTRAINT
LAYERING
CONSTRAINT #5

View Slide

Layered System
Any two layers can only see one another

Client > Proxy > Load Balancer > Server

View Slide

CODE-ON-
DEMAND
CONSTRAINT #6

View Slide

Batteries Included
Representations can include executable code

Allows clients to have extended functionality
without updating multiple code bases

JavaScript, Flash, Java Applets

View Slide

REPRESENTATIONS
& RESOURCES
UNDERSTANDING THE PARTS

View Slide

Elements of Rest
Resources

Representations

Meta Data

Control Data

View Slide

“A resource (R) is a temporally varying
membership function MR(t), which for time t maps
to a set of entities, or values, which are
equivalent.”
–Roy Fielding
Resources

View Slide

View Slide

Resources
An abstraction of some entity, or a collection of
entities, that we can identify by name.


“all accounts created on October 12th”

“the most recent 100 tweets containing the string
‘#redwedding’”

View Slide

Resources
On the web, we use Uniform Resource Identiﬁers


Resource named eqTIb.jpg available via HTTP
from i.imgur.com

View Slide

Representations
In order to interact with a resource, we use a
representation

Representations contain data and metadata

View Slide

Representations
GET /accounts/42
!
200 OK
Content-‐Type: application/json+hal
!
{
account_id: 42,
account_name: “Samantha Quiñones”,
account_status: “awesome”
_links: { self: { href: “/accounts/42” } }
}

View Slide

Representations
Resources are abstract, representations are
concrete

Representations are the actual bytes that are
transferred between clients and servers, including
metadata

Often called a “ﬁle,” “document,” or “entity”

View Slide

Control Data
Control data is extra information used by the client
and server to coordinate

Cache control information

Parameters

Content-type negotiation

View Slide

What is REST?
Resource-oriented

DRY

Cache-ready

Stateless

View Slide

HTTP
HYPERTEXT TRANSFER
PROTOCOL

View Slide

HyperText Transfer
Protocol
Version 0.9 (1991), Version 1.0 (1996)

Current Version 1.1 deﬁned by RFC 2616

Nine methods, ~40 response codes

View Slide

Request-Response Cycle
Client opens a connection to a server

Client sends a request containing a method, a
resource, and optionally meta/control data

Server responds with a status code and a
representation of the requested resource, along
with meta/control data

View Slide

Methods
“Safe” methods: GET, HEAD, TRACE, OPTIONS

“Unsafe” methods: PUT, POST, DELETE, PATCH

“Control” method: CONNECT

View Slide

GET
Requests a representation of a resource

Safe method without side eﬀects

View Slide

!
$app-‐>get("/foo/{id}", function (Request $request, Application $app, $id) {
if ( ! $app['db']-‐>has($id)) {
throw new HttpNotFoundException();
}
!
return new Response($app['db']-‐>get($id));
});
GET

View Slide

HEAD, OPTIONS, and
TRACE
HEAD requests the headers that would have been
sent with the equivalent GET request

OPTIONS requests the HTTP methods that the
server supports for a given resource

TRACE requests the server echo back the request.
This is useful for determining if an intermediate
server is altering a requests in ﬂight.

View Slide

DELETE
Delete a resource

View Slide

DELETE
$app-‐>delete("/foo/{id}", function (Request $request, Application $app, $id) {
if ( ! $app['db']-‐>has($id)) {
throw new HttpNotFoundException();
}
!
$app['db']-‐>delete($id);
!
return new Response("", Response::HTTP_NO_CONTENT);
});

View Slide

PUT
Asks the server to store a resource at a speciﬁc
URI, overwriting it if it already exists

View Slide

PUT
$app-‐>put("/foo/{id}", function (Request $request, Application $app, $id) {
if ($app['db']-‐>has($id)) {
$app['db']-‐>update($id, $request-‐>getBody());
return new Response("", Response::HTTP_OK)
}
!
$app['db']-‐>insertWithId($id, $request-‐>getBody());
return new Response("", Response::HTTP_CREATED);
});

View Slide

POST
Asks the server to store a resource as a sub-
resource of a speciﬁed resource or collection

View Slide

POST
$app-‐>post("/foo", function (Request $request, Application $app) {
$newId = $app['db']-‐>insert($request-‐>getBody());
$responseData = array(
"_links" => array(
"self" => array(
"href" => "/foo/$newId"
)
)
);
return new Response($responseData, Response::HTTP_CREATED);
});

View Slide

POST is Versatile
Annotate existing resources

Posting to a message board, mailing list, etc

Providing a block of data to a data-handling
process

Appending to a database

View Slide

PUT vs POST
PUT creates or replaces a resources with a known
identiﬁer

POST creates a sub-resource of an existing
resource or collection

View Slide

Idempotence
When the result of an operation remains the same
no matter how many times the operation is
performed, the operation is “idempotent”

View Slide

Idempotence
Safe & Idempotent
• GET

• TRACE

• HEAD

• OPTIONS
Unsafe & Idempotent
• PUT

• DELETE

!
Unsafe & Non-Idempotent
• POST

• PATCH

View Slide

DELETE is Idempotent
Deleting a resource causes the server to return a
status code of 204 (NO CONTENT)

Subsequent DELETE requests will cause the
server to return a status code of 404 (NOT
FOUND)

How is that idempotent?

View Slide

Idempotence Refers to
Resource State
Even though the ﬁrst DELETE request returns a
diﬀerent status code than subsequent requests,
the state of that resource (that is, it’s lack of
existence) remains the same!

View Slide

PUT vs POST Redux
PUT is idempotent

POST is not always idempotent, though it can be

Use PUT to create or replace resources whose
name you already know

Use POST to create sub-resources and to append
to a collection

View Slide

PUT vs POST Example
PUT /talks/demystifying-‐the-‐rest-‐api
!
{
talk_name: “Demystifying the REST API”,
speaker: “Samantha Quiñones”,
conferences: []
}

View Slide

PUT vs POST Example
GET /talks/demystifying-‐the-‐rest-‐api
!
200 OK
{
conferences: []
}

View Slide

PUT vs POST Example
POST /talks/demystifying-‐the-‐rest-‐api/conferences
!
{conference_name: “Northeast PHP”}

View Slide

PUT vs POST Example
GET /talks/demystifying-‐the-‐rest-‐api
!
{
conferences: [{conference_name: “Northeast PHP”}
{conference_name: “Northeast PHP”},

View Slide

PATCH
Asks the server to modify a resource

Newest method

Not widely supported (yet)

Must be used with caution because of potentially
high collision risk

View Slide

Why PATCH?
PUT requires us to send a complete copy of the
resource, which causes a lot of overhead

POST is often used to modify resources, but there
is no standard methodology

Standards (like JSON Patch) are being developed

Patching XML is (partially) supported in RFC 5261

View Slide

JSON Patch
PATCH /foo
!
200 OK
[
{ "op": "test", "path": "/a/b/c", "value": "foo" },
{ "op": "remove", "path": "/a/b/c" },
{ "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] },
{ "op": "replace", "path": "/a/b/c", "value": 42 },
{ "op": "move", "from": "/a/b/c", "path": "/a/b/d" },
{ "op": "copy", "from": "/a/b/d", "path": "/a/b/e" }
]

View Slide

CONNECT
Used with proxies that allow for tunneling or
protocol switching and other things that are both
interesting and intensely boring

View Slide

Status Codes
1xx - Informational Messages

2xx - Success

3xx - Redirection

4xx - Client error (“you messed up!”)

5xx - Server error (“I messed up!”)

View Slide

BUILDING
GREAT APIS
THOUGHTS, TIPS, AND
RESOURCES

View Slide

What happens when you
assume…
REST makes assumptions safe by applying well-
established patterns

A REST API should be self-documenting so that
clients can easily integrate with it

View Slide

Respect safe methods
GET should never cause side-eﬀects!

GET /events/delete?id=201

View Slide

Use response codes
everyone understands
It’s easier for a client to respond to “401
Unauthorized” than “500 Your login has timed out”

View Slide

Don’t overload POST
“When in doubt, use POST”

Reconsider your application design. Does another
method ﬁt better?

Are you not really working just with objects and
interactions? Is REST the right pattern for your
application?

View Slide

Resources
RFC 2616 “Hypertext Transfer Protocol” (http://bit.ly/
LkW6OW)

RFC 5789 “PATCH Method for HTTP” (http://bit.ly/1cFpvtq)

JSON HAL Proposal (http://bit.ly/1kJLvgw)

RFC 6902 “JSON PATCH” (http://bit.ly/LkWyww)

Fielding’s Dissertation (http://bit.ly/1eTY8AI)

REST Cookbook (http://restcookbook.com)

View Slide

PHP Resources
HATEOAS for PHP: http://hateoas-php.org/

Well-supported, Symfony-ready HATEOAS library

REST APIs with Symfony2: The Right Way (http://
williamdurand.fr/2012/08/02/rest-apis-with-
symfony2-the-right-way/)

Building APIs You Won’t Hate - Phil Sturgeon
https://leanpub.com/build-apis-you-wont-hate

View Slide

Feedback & Contact
Joind.in https://joind.in/11470

Twitter: @ieatkillerbees

Email: [email protected]

View Slide

Demystifying the REST API

Demystifying the REST API

Samantha Quiñones

More Decks by Samantha Quiñones

Other Decks in Programming

Featured

Transcript