REST IntroductionChristopher Jimenez

● Short of Representation State Transfer(Roy Thomas)

● A style of software arquitecture (Client-Server)

● It’s the way the Web already works, just formalized a bit and with some do’s and don’ts.

What is REST??

What’s a Web Service?● A web service is just a web page meant for a

computer to request and process● More precisely, a Web service is a Web

page that’s meant to be consumed by an autonomous program as opposed to a Web browser or similar UI tool

Key REST principles● Give every “thing” an ID● Link things together● Use standard methods● Resources with multiple

representations● Communicate statelessly

Give every “thing” an ID

Give every “thing” an ID

● A “Thing” is actually a resource

● URIs can also be IDs● URIS should be human-

readable

Give every “thing” an ID

http://example.com/customers/1234

http://example.com/orders/2007/10/776654

http://example.com/products/4554

Collection of “things”

http://example.com/customers/

http://example.com/orders/2007/11

http://example.com/products?color=green

To Summarize!!Use URIs to identify everything that merits being identifiable, specifically, all of the “high-level” resources that your application provides, whether they represent individual items, collections of items, virtual and physical objects, or computation results.

Link things Together

Link things together

● At its core is the concept of hypermedia, or in other words: the idea of links

● Links are something we’re all familiar with from HTML, but they are in no way restricted to human consumption.

Link things together

<order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> </order>

Result!The beauty of the link approach using URIs is that the links can point to resources that are provided by a different application, a different server, or even a different company on another continent

Use Standard Methods

Use Standard methods

● HTTP calls these Verbs

● The two everyone knows are GET and POST

● But there is also, PUT, DELETE, HEAD and OPTIONS

Use Standard MethodsHTTP Method CRUD Guaranties.POST CREATE Create - GET RETRIEVE Retrieve Safe, Cacheable,Idempotent

PUT UPDATE Update IdempotentDELETE DELETE Delete Idempotent

Safe??

Safe?

● Takes no action other than retrieval

● User did not request the side-effects, so therefore cannot be held accountable for them.

Cacheable?

Cacheable?

● GET supports very efficient and sophisticated caching

● In many cases, you don’t even have to send a request to the server

WTF! Idempotent?

WTF! Idempotent? ● (Idempotent) unchanged in value following

multiplication by itself

● If you issue a GET request and don’t get a result, you might not know whether your request never reached its destination or the response got lost on its way back to you

● The idempotence guarantee means you can simply issue the request again

Standard Methods

class Resource { Resource(URI u); Response get(); Response post(Request r); Response put(Request r); Response delete();}

Example Not RESTOrders & Customers

RESTful AproachThe Rest Way

Multiple representations

Multiple standards

● XML● JSON● V-CARD● RSS

Multiple representationshttp://www.pixel16.com/callmenot/phones/20.xml<?xml version="1.0" encoding="UTF-8"?><response><phone><Phone><id>18</id><phone>3434343</phone><description>asf</description><created>2013-07-10 17:04:23</created><modified>2013-07-10 17:04:23</modified></Phone></phone></response>

Multiple representationwww.pixel16.com/callmenot/phones/18.json{

"phone":{ "Phone":{

"id":"18", "phone":"3434343", "description":"asf", "created":"2013-07-10 17:04:23", "modified":"2013-07-10 17:04:23"

} }

}

Communicate statelessly

Statelessly

● REST mandates that state be either turned into resource state, or kept on the client

● The server should not have to retain some sort of communication state for any of the clients it communicates with beyond a single request.

Statelessly● Scalability — the number of clients interacting would

seriously impact the server’s footprint if it had to keep client state

● A client could receive a document containing links from the server, and while it does some processing, the server could be shut down, its hard disk could be ripped out and be replaced, the software could be updated and restarted — and if the client follows one of the links it has received from the server, it won’t notice.

Authentication?

Authentication● HTTP basic auth over HTTPS

● Session via Cookies

● Query Authentication

HTTP basic auth over HTTPS● Based on the standard HTTPS protocol

● Awful authentication window displayed on the Browser

● Some server-side additional CPU consumption

● User-name and password are transmitted (over HTTPS) into the Server

Session via Cookies● Is not truly Stateless

● The cookie technique itself is HTTP-linked, so it's not truly RESTful, which should be protocol-independent.

Query AuthenticationConsists in signing each RESTful request via some additional parameters on the URI.

Server-side data caching can be always available(cache the responses at the SQL level, not at the URI level)

Amazon Example

Amazon Example

Useful Resources

Google TeckTalkHow To Design A Good API and Why it Matters

Questions?