Why REST § Web services are especially popular § Cross-language support § Users know how to use it § Reduce documentation § Reduce coding of a separate API/UI path
Specific Error Codes § 200 OK § 201 Created OK § 204 Deleted OK § 302 Redirect § 400 Bad Request § 401 Unauthorized § 403 Forbidden § 404 Not Found § 409 Conflict § 500 Internal Server Error
Authentication (Humans) § POST /api/v1/login § { “user” : “bob”, “password” : “12345” } § => { ”session-ID” : “ABCDEFGABCDEFG” } § GET /api/v1/something_restricted § HEADER: § X-SESSION-ID: “ABCDEFGABCDEFG” § Backend looks for headers § Session table keeps track of last time token was used § Sessions not used for ~30 minutes may expire (auto-log- out) § Client handles re-login or keep-alive as needed
Testing § Most REST frameworks should allow § Run database setup § Call some method that simulates a JSON GET/PUT/POST/DELETE § Use database methods to see if rows are present § Check error codes § For each URL § Check all verbs/methods § Unauthorized user § Authorized user § Forbidden user § Invalid inputs § Valid inputs, correct results
Finishing Up § How To Tell If It’s Good § Discoverability, Consistency § Everything Is Paginated § UI can render any page of O(1), not O(n) § Actions and Weird Verbs § Jobs & Job Templates § Complex Endpoints for UI Simplicity § (Whiteboard Discussion)