REST for the rest of us
or “Roy Fielding Ever Said That!?”
Antonio Ognio // Lima, Perú
Red Científica Peruana
@gnrfan
Slide 2
Slide 2 text
REST
Slide 3
Slide 3 text
REPRESENTATIONAL
STATE
TRANSFER
Slide 4
Slide 4 text
TRANSFERING
STATE
THROUGH
REPRESENTATIONS?
Slide 5
Slide 5 text
STATE?
Slide 6
Slide 6 text
REPRESENTATIONS?
Slide 7
Slide 7 text
CONFUSING!!!
Slide 8
Slide 8 text
ROY T. FIELDING
Slide 9
Slide 9 text
MAKING SENSE
OF IDEAS
PRESENTED IN HIS
DOCTORAL THESIS
Slide 10
Slide 10 text
No content
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
http://www.ietf.org/rfc/rfc2616.txt
Slide 13
Slide 13 text
BASICALLY
ONE OF THE AUTHORS OF
HTTP/1.1
AND THE STANDARD FOR
INTERNET URIs
Slide 14
Slide 14 text
No content
Slide 15
Slide 15 text
REST IS NOT...
Slide 16
Slide 16 text
SOAP
Slide 17
Slide 17 text
MAPPING HTTP
VERBS TO
CRUD OPERATIONS
Slide 18
Slide 18 text
ANY FORM OF RPC
OVER HTTP
Slide 19
Slide 19 text
REST IS...
Slide 20
Slide 20 text
AN ARCHITECTURAL
STYLE FOR
DISTRIBUTED
SOFTWARE
Slide 21
Slide 21 text
ARCHITECTURAL
STYLE
Slide 22
Slide 22 text
THE WAY THE WEB
IS ARCHITECTED
Slide 23
Slide 23 text
IF YOU REALLY
UNDERSTAND THE
ARCHITECTURE OF
THE WEB...
Slide 24
Slide 24 text
...YOU ALREADY
UNDERSTAND
REST :)
Slide 25
Slide 25 text
IN THE 90s...
THE WEB EVOLVED
Slide 26
Slide 26 text
...FROM SERVING
STATIC FILES
OUT OF WEB SERVERS’
HARD DRIVES
Slide 27
Slide 27 text
...TO BECOMING AN
UNIVERSAL
INFRASTRUCTURE FOR
MANIPULATING THINGS
OVER PLANET-WIDE HIGH-
LATENCY NETWORKS
Slide 28
Slide 28 text
HTTP 1.1 (1999)
Slide 29
Slide 29 text
HTTP 1.1 (1999)
STILL IN USE TODAY
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
CGI, Servlets, mod_*, web
frameworks, customizable-
web servers, etc..
Slide 32
Slide 32 text
2013:
REALLY EASY TO
GENERATE DYNAMIC
WEB CONTENT
USING CLEAN URLs
Slide 33
Slide 33 text
HOW WAS
REST INVENTED?
Slide 34
Slide 34 text
REST WAS
REVERSE-ENGINEERED
BY FIELDING
FROM THE DESIGN OF
THE WEB
Slide 35
Slide 35 text
ARCHITECTURAL
STYLE?
Slide 36
Slide 36 text
set of constraints that
restricts the
roles/features of
architectural elements
Slide 37
Slide 37 text
architectural elements:
components,
connectors
and data
Slide 38
Slide 38 text
TOO ACADEMIC?
Slide 39
Slide 39 text
A RECIPE FOR REST
Slide 40
Slide 40 text
A RECIPE FOR REST
IN FOUR STEPS
Slide 41
Slide 41 text
IDENTIFY THE
“THINGS” IN YOUR
PROBLEM SPACE AND
GIVE THE UNIQUE
IDs
1
Slide 42
Slide 42 text
URIs
Slide 43
Slide 43 text
LINK THE “THINGS”
TOGETHER SO YOU
CAN NAVIGATE
FROM ONE TO THE
OTHERS
2
Slide 44
Slide 44 text
HYPERMEDIA
Slide 45
Slide 45 text
PROVIDE A
WELL-KNOWN WAY
OF MUNIPULATING
THE “THINGS”
3
Slide 46
Slide 46 text
STANDARD HTTP VERBS
Slide 47
Slide 47 text
DON’T REQUIRE
A PIECE OF THE
SYSTEM TO
“REMEMBER” THE
STATE OF ANOTHER
4
Slide 48
Slide 48 text
STATELESS
COMMUNICATION
Slide 49
Slide 49 text
WHY REST?
Slide 50
Slide 50 text
BECAUSE LARGE-SCALE
DISTRIBUTED SYSTEMS
ARE HARD
Slide 51
Slide 51 text
AND THE WEB IS BY FAR
THE MOST SUCCESSFUL
OF THOSE
Slide 52
Slide 52 text
...SO LET’S LEARN
FROM ITS DESIGN
Slide 53
Slide 53 text
REST
emphazsizes
Slide 54
Slide 54 text
SCALABILITY
Slide 55
Slide 55 text
GENERALITY OF INTERFACES
Slide 56
Slide 56 text
INDEPENDENT
DEPLOYMENT
OF
COMPONENTS
Slide 57
Slide 57 text
THE USE OF MIDDLEWARE
(e.g. reducing latency, security)
Slide 58
Slide 58 text
architectural elements:
components,
connectors
and data
Slide 59
Slide 59 text
No content
Slide 60
Slide 60 text
No content
Slide 61
Slide 61 text
No content
Slide 62
Slide 62 text
USE THE WHOLE
RANGE OF WEB-RELATED
TECHNOLOGIES
FOR BUILDING
YOUR SYSTEM
Slide 63
Slide 63 text
KEY CONCEPTS
Slide 64
Slide 64 text
RESOURCE
Slide 65
Slide 65 text
RESOURCE
UNIQUELY IDENTIFIED BY AN URI
Slide 66
Slide 66 text
REPRESENTATION
Slide 67
Slide 67 text
REPRESENTATION
SPECIFIC DOCUMENT INSTANCE
OF A MEDIA TYPE
REPRESENTING THE CURRENT
STATE OF A RESOURCE
Slide 68
Slide 68 text
VERB
Slide 69
Slide 69 text
VERB
A KIND OF ACTION TO PERFORM OVER A
RESOURCE THAT CAN POTENTIALLY
ALTER THE STATE OF THE SYSTEM
Slide 70
Slide 70 text
HTTP’S
UNIFORM INTERFACE
Slide 71
Slide 71 text
GET
RETRIEVE A REPRESENTATION OF THE
CURRENT STATE OF A RESOURCE
Slide 72
Slide 72 text
HEAD
RETRIEVE ONLY THE HEADERS OF A
REPRESENTATION OF THE CURRENT
STATE OF A RESOURCE
Slide 73
Slide 73 text
POST
SEND INFORMATION FOR THE RESOURCE
TO PROCESS
Slide 74
Slide 74 text
PUT
REPLACE THE CURRENT STATE OF
A RESOURCE BASED ON A COMPLETE
REPRESENTATION
Slide 75
Slide 75 text
DELETE
GET RID OF THE RESOURCE
Slide 76
Slide 76 text
OPTIONS
LEARN ABOUT WHAT VERBS ARE
SUPPORTED FOR THE RESOURCE
Slide 77
Slide 77 text
No content
Slide 78
Slide 78 text
STATUS CODES
Slide 79
Slide 79 text
200 OK
HERE IS THE REPRESENTATION
OF THE RESOURCE YOU
ASKED FOR
Slide 80
Slide 80 text
201 CREATED
A NEW RESOURCE HAS BEEN CREATED
AND HERE IS A LINK TO IT
Slide 81
Slide 81 text
202 ACCEPTED
THE OPERATION YOU REQUESTED
HAS BEEN ACCEPTED FOR PROCESSING.
PLEASE POLL THE LINKED RESOURCE
TO LEARN ABOUT THE PROGRESS.
Slide 82
Slide 82 text
204 NO CONTENT
THE OPERATION WAS COMPLETED
SUCCESSFULLY AND DON’T WORRY
ABOUT THE BODY BEING BLANK
Slide 83
Slide 83 text
400 BAD REQUEST
DON’T EVEN BOTHER RETRYING WITH
THE EXACT SAME REQUEST BECAUSE
IT WON’T WORK
Slide 84
Slide 84 text
401 UNAUTHORIZED
PLEASE, AUTHENTICATE SO WE CAN
TELL IF YOU ARE AUTHORIZED OR NOT
TO ACCESS THE RESOURCE
Slide 85
Slide 85 text
403 FORBIDDEN
SORRY, WE JUST CHECKED AND YOU
DON’T HAVE ACCESS TO THE RESOURCE
Slide 86
Slide 86 text
404 NOT FOUND
THE RESOURCE LOCATED AT THE
PROVIDED URI DOES NOT EXISTS
(AT LEAST FOR YOU)
Slide 87
Slide 87 text
405 METHOD NOT ALLOWED
THE RESOURCE DOES NOT SUPPORT
THE VERB YOU ARE TRYING
TO USE AGAINST IT
Slide 88
Slide 88 text
406 NOT ACCEPTABLE
SORRY, WE CAN’T PROVIDE A
REPRESENTATION FOR THE RESOURCE
USING ANY OF THE MEDIA TYPES
YOU ACCEPT
Slide 89
Slide 89 text
409 CONFLICT
SORRY, THERE IS A CONFLICT WITH THE
CURRENT STATE OF THE RESOURCE
AND THE NEW STATE IT WOULD HAVE
IF WE PERFORM THE REQUESTED OPERATION
Slide 90
Slide 90 text
Quick guide to HTTP status codes:
http://httpstatus.es
Slide 91
Slide 91 text
RESTFUL HTTP APIs
Slide 92
Slide 92 text
RESTFUL HTTP APIs
Web services that take full
advantage of an specific
incarnation of REST (HTTP) and
it’s full ecosystem
Slide 93
Slide 93 text
WHO IS DOING
IT RIGHT?
Slide 94
Slide 94 text
Text
http://developer.github.com/
Slide 95
Slide 95 text
No content
Slide 96
Slide 96 text
Github HTTP APIs use:
- Their own media types
- JSON-based hypermedia
- Full URIs to every resource
- Home documents with links
- Useful metadata in the headers
Slide 97
Slide 97 text
Github also provides:
- Connectors:
Client libraries for many languages
- Components:
Desktop and mobile-based user
agents for different platforms
Slide 98
Slide 98 text
“PRAGMATIC”
REST?
Slide 99
Slide 99 text
“Pragmatic REST”:
- Don’t use custom media types
- Don’t include full URIs of resources
- Don’t use home documents
- Don’t include metadata as headers
Slide 100
Slide 100 text
DON’T
Slide 101
Slide 101 text
BROKEN
REST
Slide 102
Slide 102 text
NOT REST
AT ALL
Slide 103
Slide 103 text
DON’T CALL THAT
REST
Slide 104
Slide 104 text
GET YOUR OWN
BUZZWORD
Slide 105
Slide 105 text
HOW TO PROTECT
YOUR HTTP API?
Slide 106
Slide 106 text
SSL ALONE
WON’T DO!!!
Slide 107
Slide 107 text
LEARN ABOUT
THE BREACH
VULNERABILITY
Slide 108
Slide 108 text
USE
ONE-TIME
PASSWORDS
Slide 109
Slide 109 text
No content
Slide 110
Slide 110 text
LEARN ABOUT
DIGEST
AUTHENTICATION
Slide 111
Slide 111 text
SEND A
NONCE
WITH EVERY REQUEST
Slide 112
Slide 112 text
PROTECT FROM
REPLAY
ATTACKS
Slide 113
Slide 113 text
READ
RFC 2616
HTTP
Slide 114
Slide 114 text
READ
RFC 2617
HTTP AUTHENTICATION
Slide 115
Slide 115 text
READ
RFCs 4226 / 6238
HMAC/TIME-BASED OTPs
Slide 116
Slide 116 text
REST IS THE WEB
Slide 117
Slide 117 text
REST IS THE WEB
JUST USE IT
Slide 118
Slide 118 text
PLEASE DON’T
REINVENT
SQUARE-SHAPED
WHEELS!!!
Slide 119
Slide 119 text
REST for the rest of us
or “Roy Fielding Ever Said That!?”
Antonio Ognio // Lima, Perú
Red Científica Peruana
@gnrfan