Tweet
Tweet

Slide 1

Slide 1 text

REST Best Common Practices D. Keith Casey Jr [email protected] @CaseySoftware

Slide 2

Slide 2 text

Who am I?

Slide 3

Slide 3 text

Who am I? Clarify.io - The API for businesses to build apps that Search and Understand their Audio & Videos

Slide 4

Slide 4 text

Who am I? http://TheAPIDesignBook.com

Slide 5

Slide 5 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 6

Slide 6 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 7

Slide 7 text

Assumptions • APIs are an important part of your job • Use them on a regular basis • Potentially build them too • Sometimes public, sometimes private 7

Slide 8

Slide 8 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 9

Slide 9 text

• We had single stack (monolith) applications • Self-contained • Completely independent • Built by humans for humans • Promoted duplication of components In the Beginning..

Slide 10

Slide 10 text

In the Beginning..

Slide 11

Slide 11 text

• Web Services • SOAP • XML-RPC • XML over HTTP • Other random junk.. A little later..

Slide 12

Slide 12 text

A little later..

Slide 13

Slide 13 text

• Six Constraints • Client-Server • Stateless • Cacheable • Layered System • Uniform Interfaces • Code on Demand A little more sanity: REST

Slide 14

Slide 14 text

“Strictly RESTful” 14 REST is not a Standard.

Slide 15

Slide 15 text

What REST is not… 15 • Pretty URLs • XML over HTTP • JSON over HTTP

Slide 16

Slide 16 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 17

Slide 17 text

Client-Server • We get this one • By separating them, we can vary them • Web & database servers • Scalability & Reliability

Slide 18

Slide 18 text

Stateless • Each request stands on its own • This is where we struggle • Sessions, cookies, etc • Synchronization • Sticky sessions

Slide 19

Slide 19 text

Stateless curl https://api.clarify.io/v1/search? query=dorothy \ --header "Authorization: Bearer myapikey"

Slide 20

Slide 20 text

Stateless - Why? • It’s WEB SCALE • Stability • Reliability • Flexibility

Slide 21

Slide 21 text

Cacheable • GET, PUT, and DELETE should be idempotent or “safe” • The word “safe” here means that if a given HTTP method is invoked 1 or N times, the resource remains the same after the 1st • POST.. stupid POST

Slide 22

Slide 22 text

Cacheable • Within Clarify.io • /v1/bundles/ • GET {limit, iterator, embed} • POST {name, media_url, notify_url} • PUT n/a • DELETE n/a

Slide 23

Slide 23 text

Cacheable • Within Clarify.io • /v1/bundles/{bundle_id} • GET {bundle_id, embed} • POST n/a • PUT {name, media_url, notify_url} • DELETE n/a

Slide 24

Slide 24 text

Layered System • Don’t count on the Client and Server communicating directly • We use this on the web every day • Adds silent, invisible dependencies

Slide 25

Slide 25 text

Layered System - Why? • Allows you to add intermediaries • Load balancers, caching • Logging, audit trails • Authentication & Authorization

Slide 26

Slide 26 text

Skynet Day 26 https://www.twilio.com/engineering/2011/04/22/why-twilio- wasnt-affected-by-todays-aws-issues

Slide 27

Slide 27 text

Code on Demand (optional) • A request doesn’t just retrieve a resource but also the code to act upon it • We don’t have to know or understand the code, just how to run it • Allows for flexibility and upgradability

Slide 28

Slide 28 text

28 Ummm.. gmail? (or really, any Javascript on the web) Code on Demand (optional)

Slide 29

Slide 29 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 30

Slide 30 text

Uniform Interfaces • Four Principles • Identification of resources • Manipulation of resources through these representations • Self-descriptive messages • Hypermedia as the engine of application state (HATEOAS)

Slide 31

Slide 31 text

Identification of Resources • Generally • /noun/id • /noun/action/id • But not required • /?n=noun&id=id • /?n=noun&page=n

Slide 32

Slide 32 text

Manipulation of Resources • Within Clarify.io • /v1/bundles/ • /v1/bundles/{bundles_id}/insights • /v1/bundles/{bundles_id}/metadata • /v1/bundles/{bundles_id}/tracks • GET, POST, PUT, DELETE

Slide 33

Slide 33 text

Self-Descriptive Messages • Each message should tell you • how to process itself; • how to request the next resource; • if that resource is cacheable.

Slide 34

Slide 34 text

HATEOAS Clients make state transitions only through actions that are dynamically identified within hypermedia by the server (e.g. by hyperlinks within hypertext). Except for simple fixed entry points to the application, a client does not assume that any particular actions will be available for any particular resources beyond those described in representations previously received from the server. Ref: https://en.wikipedia.org/wiki/Representational_state_transfer#RESTful_web_services

Slide 35

Slide 35 text

• Assumptions • The Origin Story • The Constraints • Uniform Interfaces • Additional Resources

Slide 36

Slide 36 text

No Pun Intended • http://TheAPIDesignBook.com • http://videos.restfest.org • Anything by Mike Amundsen • Anything by Kin Lane

Slide 37

Slide 37 text

D. Keith Casey Jr [email protected] @CaseySoftware REST Best Common Practices

Slide 38

Slide 38 text

Go Buy This! http://TheAPIDesignBook.com