background preloader

Articles/etc | Protocols - REST

Facebook Twitter

Hypermedia APIs (hypermediaapis) REST & Hypermedia Figure out a good standard for how to use the HTTP response codes in a 'truly RESTful' (Now called 'Hypermedia API' apparently) way.

REST & Hypermedia

HTTP Methods (Verbs) Spec: Display which HTTP methods can be called on a resource.GET: Just get a resource.PUT: Update a resourcePATCH: Partial update of a resource (not universally supported)DELETE: Delete a resourcePOST: Create a resourceHTTP Status (Response) codes Twitter: (This is the most acceptable and comprehensive list I have found) Potentially adding: 10.2.2 201 Created: The request has been fulfilled and resulted in a new resource being created10.2.3 202 Accepted: The request has been accepted for processing, but the processing has not been completed. MailGun HAL - Hypertext Application Language Don't need to specifically implement this to the letter, but it gives some good ideas/examples of the hypermedia linking/discoverability idea.

Github Verb Description HEAD Can be issued against any resource to get just the HTTP header info. Designing Hypermedia APIs. Building Hypermedia APIs with HTML5 and Node: Mike Amundsen: 9781449306571: RESTful Web Services: Leonard Richardson, Sam Ruby, David Heinemeier Hansson: 9780596529260: REST, Hypermedia & HATEOAS - Django REST framework. You keep using that word "REST".

REST, Hypermedia & HATEOAS - Django REST framework

I do not think it means what you think it means.— Mike Amundsen, REST fest 2012 keynote. First off, the disclaimer. The name "Django REST framework" was chosen simply to sure the project would be easily found by developers. Throughout the documentation we try to use the more simple and technically correct terminology of "Web APIs". If you are serious about designing a Hypermedia APIs, you should look to resources outside of this documentation to help inform your design choices. The following fall into the "required reading" category. For a more thorough background, check out Klabnik's Hypermedia API reading list. REST framework is an agnostic Web API toolkit. What REST framework provides. REST is OVER! Yep.


Sorry to have to inform you. REST is totally over. The cool kids are moving on. We're building "Hypermedia APIs" now. Such is life. Some People Understand REST and HTTP. This is a follow-up post to my post here.

Some People Understand REST and HTTP

You probably want to read that first. UPDATE: Please note that 'REST is over'. 'Hypermedia API' is the proper term now. Nobody Understands REST or HTTP. Since I've posted this, I've refined a few of my positions on things.

Nobody Understands REST or HTTP

Everyone learns and grows, and while I still stand by most of what I said, I specifically don't agree that versioning the media type is how to properly version APIs. Hypermedia APIs should not actually use explicit versioning, but I'd rather see a version in the URI with HATEOAS than no HATEOAS and versioned media types. A Brief Introduction to REST. You may or may not be aware that there is debate going on about the “right” way to implement heterogeneous application-to-application communication: While the current mainstream clearly focuses on web services based on SOAP, WSDL and the WS-* specification universe, a small, but very vocal minority claims there’s a better way: REST, short for REpresentational State Transfer.

A Brief Introduction to REST

In this article, I will try to provide a pragmatic introduction to REST and RESTful HTTP application integration without digressing into this debate. I will go into more detail while explaining those aspects that, in my experience, cause the most discussion when someone is exposed to this approach for the first time. Addressing Doubts about REST. Invariably, learning about REST means that you’ll end up wondering just how applicable the concept really is for your specific scenario.

Addressing Doubts about REST

And given that you’re probably used to entirely different architectural approaches, it’s only natural that you start doubting whether REST, or rather RESTful HTTP, really works in practice, or simply breaks down once you go beyond introductory, “Hello, World”-level stuff. In this article, I will try to address 10 of the most common doubts people have about REST when they start exploring it, especially if they have a strong background in the architectural approach behind SOAP/WSDL-based Web services. 1. REST may be usable for CRUD, but not for “real” business logic This is the most common reaction I see among people who are skeptical about REST benefits. First of all, the HTTP verbs - GET, PUT, POST, and DELETE - do not have a 1:1 mapping to the CRUD database operations. 2.

There are three answers to this very frequently asked question. 3. 4. 5. Interview and Book Excerpt: RESTful Web Services. Today, InfoQ publishes a sample chapter from RESTful Web Services, a book authored by Leonard Richardson and Sam Ruby.

Interview and Book Excerpt: RESTful Web Services

The book covers the principles of the REST style, and explains how to build RESTful applications using Ruby on Rails, Restlet (for Java) and Django (for Python). On this occasion, InfoQ's Stefan Tilkov had a chance to talk to the authors about their motivations for writing this book and their views on REST and Web services. InfoQ: Leonard, how did you end up writing a book on REST? Leonard Richardson (LR): I’ve been using the web as a programming environment since 1998. That is, I was screen-scraping. REST Anti-Patterns. When people start trying out REST, they usually start looking around for examples – and not only find a lot of examples that claim to be “RESTful”, or are labeled as a “REST API”, but also dig up a lot of discussions about why a specific service that claims to do REST actually fails to do so.

REST Anti-Patterns

Why does this happen? HTTP is nothing new, but it has been applied in a wide variety of ways. Some of them were in line with the ideas the Web’s designers had in mind, but many were not. Applying REST principles to your HTTP applications, whether you build them for human consumption, for use by another program, or both, means that you do the exact opposite: You try to use the Web “correctly”, or if you object to the idea that one is “right” and one is “wrong”: in a RESTful way. For many, this is indeed a very new approach.

As with any new approach, it helps to be aware of some common patterns. How I learned to stop worrying and love REST - Mike Mayo. Buzzwords can be a funny thing.

How I learned to stop worrying and love REST - Mike Mayo

I’ve been writing (what I thought were) ‘RESTful’ web apps and APIs for five years now, and it wasn’t until a couple of weeks ago that I really began to understand what that meant. I’d like to share my ‘AHA’ moment, and give a concrete example of why following the REST style correctly can save you headaches in the long run. TL;DR: A RESTful API should provide hypertext links to drive traversal through itself, instead of forcing the client to craft their own URIs. A little backstory At Twin Engine Labs, we develop iOS apps that are generally backed by Rails REST APIs. At this point, the iOS app was complete and had been submitted to the app store. It’s a fairly simple index action that returns a list of JSON objects, but the rub comes in that it’s paginated. This would be trivial to implement on the Rails side, but since my iOS application was crafting these paginated URIs it would mean a change to the iOS code and a resubmission to the app store.

Peter Williams - Versioning REST Web Services. Managing changes to APIs is hard. That is no surprise to anyone who has ever maintained an API of any sort. Web services, being a special case of API, are susceptible to many of the difficulties around versioning as other types of APIs. For HTTP based REST style web services the combination of resources and content negotiation can be used to mitigate most of the issues surrounding API versioning. Designing a Secure REST (Web) API without OAuth. Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure.

You are a smart guy, so you start to think… Problem You realize that literally passing the credentials over HTTP leaves that data open to being sniffed in plain-text; After the Gawker incident, you realize that plain-text or weakly-hashed anything is usually a bad idea. You realize that hashing the password and sending the hash over the wire in lieu of the plain-text password still gives people sniffing at least the username for the account and a hash of the password that could (in a disturbing number of cases) be looked up in a Rainbow Table. Designing a Secure REST API with OAuth2 You Can Be Proud Of. Yesterday there has been a popular post on Hacker News about Designing Secure REST API without OAuth. I don’t agree that OAuth is unsuitable and I’ll introduce my way shortly. This post is intented to be a reply on this topic. In our new startup (, we (3 undergrad co-founders) are basically developing a mobile social network that has iOS/Android clients communicating the server via a REST API.

We also looked at how we can provide a secure authentication to our API. Earlier in our development days, we developed our own proprietary authentication method. Haters gonna HATEOAS — Timeless. Every time someone mentions RESTful web services, there’s always that one person that has to chime in: “That’s not really RESTful, it’s just kinda RESTful.” I’d always filed that information away, under ‘things to learn later,’ and let it simmer in the back of my brain.

I’ve finally looked into it, and they’re absolutely right: 99.99% of the RESTful APIs out there aren’t fully compliant with Roy Fielding’s conception of REST.