Abstract image of a woman sitting on books and studying on a laptop

RESTful design

Download as PPTX, PDF
Robert MacLean, profile picture
Robert MacLean

The document provides an in-depth introduction to REST (Representational State Transfer) principles and practices, highlighting its scalability, simplicity, and HTTP-based architecture. It covers important aspects like URIs, HTTP methods, status codes, content types, authentication, and design guidelines for RESTful APIs. Additionally, it discusses common anti-patterns and emphasizes the importance of security when implementing RESTful services.

Technology
1 of 39
Downloaded 25 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Understanding REST and designing for itRESTful Design
Robert MacLeanwww.sadev.co.za@rmacleanBB&D ATCIntroductionHTTP BasicsURI’sMethodsStatus CodesContent TypeAuthenticationURI PlanningPatternsStyleAccidental ServicesExamplesActionsGuidelinesAnti-PatternsSecurityWrap UpAbout meAgendaWelcome
RESTAcronym? Representational State Transfer Source?Came about in 2000 doctoral dissertation of Roy Fielding
What is it?ROA – Resource Orientated ArchitectureWOA – Web Orientated ArchitectureThanks Gartner for another TLA It is a styleNOT APIInterfaceOfficial StandardA drop in replacement for SOAP
Benefits of RESTHighly scalableDesigned for HTTPEasy to consume & produceNo complex request/response model.No complex XML contractsEasy to understand for you and machinesURI + Method = Intent
HTTP BasicsREST builds on HTTP so you need to know HTTPHTTP is not HTMLHTTP is statelessHTTPURIHeaderhttp://www.sadev.co.zaMethodGETStatus Code200Content Typetext/plainBodytext
URI BasicsHostnameSchemeQueryhttp://www.sadev.co.za/users/1/contacthttp://www.sadev.co.za?user=1&action=contacthttp://rob:pass@bbd.co.za:8044https://bbd.co.za/index.html#aboutQueryHostnameSchemeUserinfoHostnamePortSchemeSchemeHostnameQueryFragment
Method BasicsJust a guide
Status Codes1xx – Informational 2xx – Success3xx – Redirection4xx – Client Error5xx – Server Error
Status Codes Examples100 = Continue102 = Processing200 = OK201 = Created204 = No Content206 = Partial Content301 = Moved Permanently 302 = Found (Moved Temp)307 = Temp Redirect400 = Bad Request401 = Unauthorised402 = Payment Required403 = Forbidden404 = Not Found405 = Method Not Allowed409 = Conflict418 = I’m a teapot450 = Blocked by Windows Parental Controls500 = Internal Server Error501 = Not Implemented
Content TypeProper name: Internet Media TypeAlso known as MIME typeParts: Type, SubType, Optional Parametersx- prefix for nonstandard types or subtypesvnd. prefix for vendor specific subtypesFrowned upon by purists
Content Type Examplestext/plain – Plain texttext/xml – XML text/html – HTML image/png – PNG imageaudio/basic – Wave audioaudio/mpeg – MPEG audio (MP3)video/quicktime – Quicktime Videoapplication/pdf – Adobe PDF documentapplication/javascript – JavaScriptapplication/vnd.ms-powerpoint – PowerPoint fileapplication/x-rar-compressed – RAR file
HTTP AuthenticationBasic AuthenticationEasy to do, but plain text. Easy to reverse engineer. Less of an issue when used with SSL.Digest AuthenticationHarder to do, still plain text. Hard (impossible?) to reverse engineer because of hashing. NTLM AuthenticationHard to do, Windows specific. Hard (impossible?) to reverse engineer.
Header ExampleRequestHEAD /index.htmlHTTP/1.1 Host: www.example.com ResponseHTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8
Lego CatalogueA simple system to store what LEGO’s a person owns. Want toAdd bricksSet bricks status to be in useRemove bricksGet list of bricksCheck if I have enough bricksGet picture of brick
Lego Catalogue URIHTTP ValidREST ValidIntent good
Lego Catalogue URIHTTP ValidREST ValidIntent good
Lego Catalogue URIHTTP ValidREST ValidIntent good
Lego Catalogue URIHTTP ValidREST InvalidIntent bad
Lego Catalogue URIHTTP ValidREST InvalidIntent nightmare
Real Life URI ExampleResource: PhotosWhere:http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}.jpghttp://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}_[mstb].jpghttp://farm{farm-id}.static.flickr.com/{server-id}/{id}_{o-secret}_o.(jpg|gif|png)What: JPEG, GIF or PNG (defined in the URL)http://farm1.static.flickr.com/2/1418878_1e92283336_m.jpg
REST Method Style“The big four”
Accidental ServicesAccidental services do not use all methodsSome URL’s offering all of them and others a limited set
Methods Examplehttp://bbddb01/northwind/users[firstname=“rob%”]+ POST = Error + GET = Returns everyone who begins with rob+ PUT = Error+ DELETE = Deletes everyone who begins with robhttp://bbddb01/northwind/users+ we add some input data+ POST = Creates a new user+ GET = Returns everyone who meets criteria+ PUT = Creates/Updates a user (based on data)+ DELETE = Deletes everyone who meets criteria
Methods Examplehttp://bbddb01/northwind/users[firstname=“rob%”]+ POST = Error + PUT = ErrorWhat would the error be?HTTP 400 would be best405 or 500 could also be appropriate
What about actions?GetStoreOpenTime(Location)GET http://lc/stores/{location}/times?state=openRejectDesign(Design)POST http://lc/rejections + form dataPerformBrickCount(Design)POST http://lc/design/124/brickCountGET http://lc/design/124/brickCount/2
GuidelinesDesign to be statelessDesign for resources, not servicesStock quote service vs. A way to work with stock resourcesUse cookies for self-contained state
GuidelinesNaming: Favour nouns over verbsGET /brick/2/deleteDELETE /brick/2Shorter nice URI’s preferred, not requiredDo not change URI’sUse 3xx redirection if needed
GuidelinesGive every resource an IDhttp://lc/brick/1http://lc/project/planned/223More URI’s the better
GuidelinesSupport for multiple data types or representationsFor data use XML and/or JSONPostfixes to define typeGET /brick/2/image.jpgGET /brick/2/image.png
GuidelinesDesign with standards in mind – for example RSS & ATOMCreate should return URI’s not resourcesUse the right HTTP methods for the right actionsYou are on HTTP – use the infrastructure.Proxy, Caching, Etag, Expires
GuidelinesHyperlinks are good<project self=“http://lc/project/753”> <bricksUsed> <brick ref=“http://lc/brick/234” /> <brick ref=“http://lc/brick/286” /><brick ref=“http://lc/brick/12” /> </bricksUsed> <coloursUsed> <colour name=“red” code=“ff0000” ref=“http://lc/brick/red”/> </coloursUsed></project>
GuidelinesOffer paging<bricks self=“http://lc/bricks”> <link rel=“next” ref=“http://lc/bricks?page=20” /> …</bricks>
GuidelinesOffer collections of information<bricks> <brick ref=“http://lc/brick/1” /> <brick ref=“http://lc/brick/2” /><brick ref=“http://lc/brick/3” /></brick><bricks> <brick ref=“http://lc/brick/1”> <colour>red</colour> </brick> <brick ref=“http://lc/brick/2”><colour>red</colour> </brick> <brick ref=“http://lc/brick/3”><colour>red</colour> </brick></brick>
Anti-PatternsUse one HTTP method – like GET for everythingOften called GET or POST TunnellingPass everything in URI’sAssume this is a replacement for SOAP or WS*
Security101Are RESTful services secure?It’s a style, not a technology so that depends on how you implement it.Are you open to SQL injection attacks?When you look at http://bbddb01/northwind/users[firstname=“rob%”], you may think so but you shouldn’t be. Because:The parameter shouldn’t be SQLIf it is SQL, why are you not filtering it?Remember the old rule: Do not trust user inputURI’s are user input
Security102How can I do authentication?It’s built on HTTP, so everything you have for authentication in HTTP is availablePLUSYou could encode your authentication requirements into the input fields
Good ExamplesWCF Data ServicesPreviously called ADO.NET Data Services & AstoriaNerdDinner.comTwitter.comMediaWikiTheir action’s are frowned upon by purists
Benefits of RESTHighly scalableDesigned for HTTP and statelessEasy to consumeNo complex request/response model.No complex XML contractsEasy to understand for you and machinesURI + Method = Intent

More Related Content

PDF
REST in peace @ IPC 2012 in Mainz
Alessandro Nadalin
 
PPT
Joseph-Smarr-Plaxo-OSCON-2006
guestfbf1e1
 
PPT
Plaxo OSCON 2006
gueste8e0fb
 
PDF
The Case for HTTP/2
Andy Davies
 
ODP
HTML5
Hatem Mahmoud
 
PPT
HTML5 Overview
reybango
 
PDF
HTTP colon slash slash: end of the road? @ CakeFest 2013 in San Francisco
Alessandro Nadalin
 
ZIP
Looking into HTML5
Christopher Schmitt
 
REST in peace @ IPC 2012 in Mainz
Alessandro Nadalin
 
Joseph-Smarr-Plaxo-OSCON-2006
guestfbf1e1
 
Plaxo OSCON 2006
gueste8e0fb
 
The Case for HTTP/2
Andy Davies
 
HTML5
Hatem Mahmoud
 
HTML5 Overview
reybango
 
HTTP colon slash slash: end of the road? @ CakeFest 2013 in San Francisco
Alessandro Nadalin
 
Looking into HTML5
Christopher Schmitt
 

What's hot (20)

PPT
Html5 Overview
Owen Williams
 
ODP
A Holistic View of Website Performance
Rene Churchill
 
PPT
Joomla security nuggets
guestbd1cdca
 
PDF
Speed Matters!
Andy Davies
 
PDF
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Andy Davies
 
PDF
The Case for HTTP/2 - EpicFEL Sept 2015
Andy Davies
 
PPTX
Internet protocalls & WCF/DReAM
Woody Pewitt
 
PDF
The Future of the Web: HTML5
Derek Bender
 
PDF
Html 5 in a big nutshell
Lennart Schoors
 
PDF
HTML5 & Friends
Remy Sharp
 
PPTX
Getting the most out of WebPageTest
Patrick Meenan
 
PPT
Internet Explorer 8 for Developers by Christian Thilmany
Christian Thilmany
 
PPT
PHP
Gouthaman V
 
PDF
HTML5 for PHP Developers - IPC
Mayflower GmbH
 
PPTX
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Peter Lubbers
 
PDF
HTML5 Semantics, Accessibility & Forms [Carsonified HTML5 Online Conference]
Aaron Gustafson
 
PPT
Pragmatics of Declarative Ajax
davejohnson
 
PPTX
Css, xhtml, javascript
Trần Khải Hoàng
 
PDF
What the heck is HTML 5?
Simon Willison
 
PPT
PHP Presentation
Ankush Jain
 
Html5 Overview
Owen Williams
 
A Holistic View of Website Performance
Rene Churchill
 
Joomla security nuggets
guestbd1cdca
 
Speed Matters!
Andy Davies
 
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Andy Davies
 
The Case for HTTP/2 - EpicFEL Sept 2015
Andy Davies
 
Internet protocalls & WCF/DReAM
Woody Pewitt
 
The Future of the Web: HTML5
Derek Bender
 
Html 5 in a big nutshell
Lennart Schoors
 
HTML5 & Friends
Remy Sharp
 
Getting the most out of WebPageTest
Patrick Meenan
 
Internet Explorer 8 for Developers by Christian Thilmany
Christian Thilmany
 
PHP
Gouthaman V
 
HTML5 for PHP Developers - IPC
Mayflower GmbH
 
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Peter Lubbers
 
HTML5 Semantics, Accessibility & Forms [Carsonified HTML5 Online Conference]
Aaron Gustafson
 
Pragmatics of Declarative Ajax
davejohnson
 
Css, xhtml, javascript
Trần Khải Hoàng
 
What the heck is HTML 5?
Simon Willison
 
PHP Presentation
Ankush Jain
 
Ad

Viewers also liked (20)

PPTX
Enterprise Library 5
Robert MacLean
 
PPT
Windows Server AppFabric
Robert MacLean
 
PPTX
Sikuli
Robert MacLean
 
PPT
.NET Reflection
Robert MacLean
 
PPTX
Putting the DOT in .NET - Dev/Ops/Test
Robert MacLean
 
PPTX
Visual Studio ❤ JavaScript
Robert MacLean
 
PPTX
DevConf Survival Guide
Robert MacLean
 
PPTX
Lightswitch
Robert MacLean
 
PPTX
Windows Server AppFabric Caching - What it is & when you should use it?
Robert MacLean
 
PPTX
Win8 architecture for developers
Robert MacLean
 
PDF
Summer club
Mad Mary
 
PPTX
Ti
Karythoo Mendez
 
PPTX
Tipos de redes !
Moisés Flores
 
PPTX
Thalia
thaliagafaro
 
PPT
Dia da mulher
eecdda
 
PPT
Biarritz leblon
Mad Mary
 
PDF
Taller # 1 camilo
kamilo1997
 
PPT
Green park apresentação
Mad Mary
 
PDF
One Hundred and One Domatia
Amy Luckhurst
 
PPTX
Cálculo resistencia limitadora a diodo led
John Travolta
 
Enterprise Library 5
Robert MacLean
 
Windows Server AppFabric
Robert MacLean
 
Sikuli
Robert MacLean
 
.NET Reflection
Robert MacLean
 
Putting the DOT in .NET - Dev/Ops/Test
Robert MacLean
 
Visual Studio ❤ JavaScript
Robert MacLean
 
DevConf Survival Guide
Robert MacLean
 
Lightswitch
Robert MacLean
 
Windows Server AppFabric Caching - What it is & when you should use it?
Robert MacLean
 
Win8 architecture for developers
Robert MacLean
 
Summer club
Mad Mary
 
Ti
Karythoo Mendez
 
Tipos de redes !
Moisés Flores
 
Thalia
thaliagafaro
 
Dia da mulher
eecdda
 
Biarritz leblon
Mad Mary
 
Taller # 1 camilo
kamilo1997
 
Green park apresentação
Mad Mary
 
One Hundred and One Domatia
Amy Luckhurst
 
Cálculo resistencia limitadora a diodo led
John Travolta
 
Ad

Similar to RESTful design (20)

PPTX
WWW and HTTP
BG Java EE Course
 
PPT
Web Scraper Shibuya.pm tech talk #8
Tatsuhiko Miyagawa
 
PPT
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
PPT
RESTful SOA - 中科院暑期讲座
Li Yi
 
PPT
Introduction To ASP.NET MVC
Alan Dean
 
ODP
Ruby off Rails---rack, sinatra and sequel
Jiang Wu
 
ODP
Sword v2 at UKCoRR
SWORD Project
 
PPT
Web services - REST and SOAP
Compare Infobase Limited
 
PPT
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
PPT
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
Pamela Fox
 
PDF
Services web RESTful
goldoraf
 
ODP
Phing - A PHP Build Tool (An Introduction)
Michiel Rook
 
PDF
HTTP Caching in Web Application
Martins Sipenko
 
PDF
HTTP Basics Demo
InMobi Technology
 
PPT
GTLAB Installation Tutorial for SciDAC 2009
marpierc
 
PDF
Revisiting HTTP/2
Fastly
 
ODP
Basic testing with selenium
Søren Lund
 
PPT
Front End Website Optimization
Gerard Sychay
 
ZIP
GTAC: AtomPub, testing your server implementation
David Calavera
 
PPT
How the web works june 2010
Mark Carter
 
WWW and HTTP
BG Java EE Course
 
Web Scraper Shibuya.pm tech talk #8
Tatsuhiko Miyagawa
 
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
RESTful SOA - 中科院暑期讲座
Li Yi
 
Introduction To ASP.NET MVC
Alan Dean
 
Ruby off Rails---rack, sinatra and sequel
Jiang Wu
 
Sword v2 at UKCoRR
SWORD Project
 
Web services - REST and SOAP
Compare Infobase Limited
 
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
Pamela Fox
 
Services web RESTful
goldoraf
 
Phing - A PHP Build Tool (An Introduction)
Michiel Rook
 
HTTP Caching in Web Application
Martins Sipenko
 
HTTP Basics Demo
InMobi Technology
 
GTLAB Installation Tutorial for SciDAC 2009
marpierc
 
Revisiting HTTP/2
Fastly
 
Basic testing with selenium
Søren Lund
 
Front End Website Optimization
Gerard Sychay
 
GTAC: AtomPub, testing your server implementation
David Calavera
 
How the web works june 2010
Mark Carter
 

More from Robert MacLean (20)

PPTX
Deno ...................................
Robert MacLean
 
PPTX
14 things you need to be a successful software developer (v3)
Robert MacLean
 
PPTX
Git
Robert MacLean
 
PPTX
OWASP TOP 10
Robert MacLean
 
PPTX
Building a µservice with Kotlin, Micronaut & GCP
Robert MacLean
 
PPTX
Looking at the Vue
Robert MacLean
 
PPTX
Kotlin 101
Robert MacLean
 
PPTX
Features of Kotlin I find exciting
Robert MacLean
 
PPTX
JavaScript Gotchas
Robert MacLean
 
PPTX
The state of testing @ Microsoft
Robert MacLean
 
PPTX
What is new in C# 6?
Robert MacLean
 
PPTX
A Developer Day 2014 - Durban
Robert MacLean
 
PPTX
Agile lessons learned in the Microsoft ALM Rangers
Robert MacLean
 
PPTX
Hour of code - Train the trainer
Robert MacLean
 
PPTX
Building services for apps on a shoestring budget
Robert MacLean
 
PPTX
3 things your app API is doing WRONG
Robert MacLean
 
PPTX
ASP.NET
Robert MacLean
 
PPTX
LightSwitch
Robert MacLean
 
PPTX
How to build a Mobile API or HTML 5 app in 5 minutes
Robert MacLean
 
PPTX
Protection of Personal Information Bill (POPI)
Robert MacLean
 
Deno ...................................
Robert MacLean
 
14 things you need to be a successful software developer (v3)
Robert MacLean
 
Git
Robert MacLean
 
OWASP TOP 10
Robert MacLean
 
Building a µservice with Kotlin, Micronaut & GCP
Robert MacLean
 
Looking at the Vue
Robert MacLean
 
Kotlin 101
Robert MacLean
 
Features of Kotlin I find exciting
Robert MacLean
 
JavaScript Gotchas
Robert MacLean
 
The state of testing @ Microsoft
Robert MacLean
 
What is new in C# 6?
Robert MacLean
 
A Developer Day 2014 - Durban
Robert MacLean
 
Agile lessons learned in the Microsoft ALM Rangers
Robert MacLean
 
Hour of code - Train the trainer
Robert MacLean
 
Building services for apps on a shoestring budget
Robert MacLean
 
3 things your app API is doing WRONG
Robert MacLean
 
ASP.NET
Robert MacLean
 
LightSwitch
Robert MacLean
 
How to build a Mobile API or HTML 5 app in 5 minutes
Robert MacLean
 
Protection of Personal Information Bill (POPI)
Robert MacLean
 

Recently uploaded (20)

PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PDF
Auditboard EB SOX Playbook 2023 edition.
DROK2
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PPTX
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
Auditboard EB SOX Playbook 2023 edition.
DROK2
 
Configure Apache Mutual Authentication
Antonino Piraino
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Internet of Everything -Basic concepts details
sendilkumar66
 
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 

RESTful design

  • 1. Understanding REST and designing for itRESTful Design
  • 2. Robert MacLeanwww.sadev.co.za@rmacleanBB&D ATCIntroductionHTTP BasicsURI’sMethodsStatus CodesContent TypeAuthenticationURI PlanningPatternsStyleAccidental ServicesExamplesActionsGuidelinesAnti-PatternsSecurityWrap UpAbout meAgendaWelcome
  • 3. RESTAcronym? Representational State Transfer Source?Came about in 2000 doctoral dissertation of Roy Fielding
  • 4. What is it?ROA – Resource Orientated ArchitectureWOA – Web Orientated ArchitectureThanks Gartner for another TLA It is a styleNOT APIInterfaceOfficial StandardA drop in replacement for SOAP
  • 5. Benefits of RESTHighly scalableDesigned for HTTPEasy to consume & produceNo complex request/response model.No complex XML contractsEasy to understand for you and machinesURI + Method = Intent
  • 6. HTTP BasicsREST builds on HTTP so you need to know HTTPHTTP is not HTMLHTTP is statelessHTTPURIHeaderhttp://www.sadev.co.zaMethodGETStatus Code200Content Typetext/plainBodytext
  • 9. Status Codes1xx – Informational 2xx – Success3xx – Redirection4xx – Client Error5xx – Server Error
  • 10. Status Codes Examples100 = Continue102 = Processing200 = OK201 = Created204 = No Content206 = Partial Content301 = Moved Permanently 302 = Found (Moved Temp)307 = Temp Redirect400 = Bad Request401 = Unauthorised402 = Payment Required403 = Forbidden404 = Not Found405 = Method Not Allowed409 = Conflict418 = I’m a teapot450 = Blocked by Windows Parental Controls500 = Internal Server Error501 = Not Implemented
  • 11. Content TypeProper name: Internet Media TypeAlso known as MIME typeParts: Type, SubType, Optional Parametersx- prefix for nonstandard types or subtypesvnd. prefix for vendor specific subtypesFrowned upon by purists
  • 12. Content Type Examplestext/plain – Plain texttext/xml – XML text/html – HTML image/png – PNG imageaudio/basic – Wave audioaudio/mpeg – MPEG audio (MP3)video/quicktime – Quicktime Videoapplication/pdf – Adobe PDF documentapplication/javascript – JavaScriptapplication/vnd.ms-powerpoint – PowerPoint fileapplication/x-rar-compressed – RAR file
  • 13. HTTP AuthenticationBasic AuthenticationEasy to do, but plain text. Easy to reverse engineer. Less of an issue when used with SSL.Digest AuthenticationHarder to do, still plain text. Hard (impossible?) to reverse engineer because of hashing. NTLM AuthenticationHard to do, Windows specific. Hard (impossible?) to reverse engineer.
  • 14. Header ExampleRequestHEAD /index.htmlHTTP/1.1 Host: www.example.com ResponseHTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8
  • 15. Lego CatalogueA simple system to store what LEGO’s a person owns. Want toAdd bricksSet bricks status to be in useRemove bricksGet list of bricksCheck if I have enough bricksGet picture of brick
  • 16. Lego Catalogue URIHTTP ValidREST ValidIntent good
  • 17. Lego Catalogue URIHTTP ValidREST ValidIntent good
  • 18. Lego Catalogue URIHTTP ValidREST ValidIntent good
  • 19. Lego Catalogue URIHTTP ValidREST InvalidIntent bad
  • 20. Lego Catalogue URIHTTP ValidREST InvalidIntent nightmare
  • 21. Real Life URI ExampleResource: PhotosWhere:http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}.jpghttp://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}_[mstb].jpghttp://farm{farm-id}.static.flickr.com/{server-id}/{id}_{o-secret}_o.(jpg|gif|png)What: JPEG, GIF or PNG (defined in the URL)http://farm1.static.flickr.com/2/1418878_1e92283336_m.jpg
  • 23. Accidental ServicesAccidental services do not use all methodsSome URL’s offering all of them and others a limited set
  • 24. Methods Examplehttp://bbddb01/northwind/users[firstname=“rob%”]+ POST = Error + GET = Returns everyone who begins with rob+ PUT = Error+ DELETE = Deletes everyone who begins with robhttp://bbddb01/northwind/users+ we add some input data+ POST = Creates a new user+ GET = Returns everyone who meets criteria+ PUT = Creates/Updates a user (based on data)+ DELETE = Deletes everyone who meets criteria
  • 25. Methods Examplehttp://bbddb01/northwind/users[firstname=“rob%”]+ POST = Error + PUT = ErrorWhat would the error be?HTTP 400 would be best405 or 500 could also be appropriate
  • 26. What about actions?GetStoreOpenTime(Location)GET http://lc/stores/{location}/times?state=openRejectDesign(Design)POST http://lc/rejections + form dataPerformBrickCount(Design)POST http://lc/design/124/brickCountGET http://lc/design/124/brickCount/2
  • 27. GuidelinesDesign to be statelessDesign for resources, not servicesStock quote service vs. A way to work with stock resourcesUse cookies for self-contained state
  • 28. GuidelinesNaming: Favour nouns over verbsGET /brick/2/deleteDELETE /brick/2Shorter nice URI’s preferred, not requiredDo not change URI’sUse 3xx redirection if needed
  • 29. GuidelinesGive every resource an IDhttp://lc/brick/1http://lc/project/planned/223More URI’s the better
  • 30. GuidelinesSupport for multiple data types or representationsFor data use XML and/or JSONPostfixes to define typeGET /brick/2/image.jpgGET /brick/2/image.png
  • 31. GuidelinesDesign with standards in mind – for example RSS & ATOMCreate should return URI’s not resourcesUse the right HTTP methods for the right actionsYou are on HTTP – use the infrastructure.Proxy, Caching, Etag, Expires
  • 32. GuidelinesHyperlinks are good<project self=“http://lc/project/753”> <bricksUsed> <brick ref=“http://lc/brick/234” /> <brick ref=“http://lc/brick/286” /><brick ref=“http://lc/brick/12” /> </bricksUsed> <coloursUsed> <colour name=“red” code=“ff0000” ref=“http://lc/brick/red”/> </coloursUsed></project>
  • 33. GuidelinesOffer paging<bricks self=“http://lc/bricks”> <link rel=“next” ref=“http://lc/bricks?page=20” /> …</bricks>
  • 34. GuidelinesOffer collections of information<bricks> <brick ref=“http://lc/brick/1” /> <brick ref=“http://lc/brick/2” /><brick ref=“http://lc/brick/3” /></brick><bricks> <brick ref=“http://lc/brick/1”> <colour>red</colour> </brick> <brick ref=“http://lc/brick/2”><colour>red</colour> </brick> <brick ref=“http://lc/brick/3”><colour>red</colour> </brick></brick>
  • 35. Anti-PatternsUse one HTTP method – like GET for everythingOften called GET or POST TunnellingPass everything in URI’sAssume this is a replacement for SOAP or WS*
  • 36. Security101Are RESTful services secure?It’s a style, not a technology so that depends on how you implement it.Are you open to SQL injection attacks?When you look at http://bbddb01/northwind/users[firstname=“rob%”], you may think so but you shouldn’t be. Because:The parameter shouldn’t be SQLIf it is SQL, why are you not filtering it?Remember the old rule: Do not trust user inputURI’s are user input
  • 37. Security102How can I do authentication?It’s built on HTTP, so everything you have for authentication in HTTP is availablePLUSYou could encode your authentication requirements into the input fields
  • 38. Good ExamplesWCF Data ServicesPreviously called ADO.NET Data Services & AstoriaNerdDinner.comTwitter.comMediaWikiTheir action’s are frowned upon by purists
  • 39. Benefits of RESTHighly scalableDesigned for HTTP and statelessEasy to consumeNo complex request/response model.No complex XML contractsEasy to understand for you and machinesURI + Method = Intent