Articles/etc | Protocols - REST
This is a follow-up post to my post here. You probably want to read that first. UPDATE: Please note that 'REST is over'. 'Hypermedia API' is the proper term now. A few words on standards versus pragmatism Some People Understand REST and HTTP
Since I've posted this, I've refined a few of my positions on things. Everyone learns and grows, and while I still stand by most of what I said, I specifically don't agree that versioning the media type is how to properly version APIs. Hypermedia APIs should not actually use explicit versioning, but I'd rather see a version in the URI with HATEOAS than no HATEOAS and versioned media types. Nobody Understands REST or HTTP
A Brief Introduction to REST You may or may not be aware that there is debate going on about the “right” way to implement heterogeneous application-to-application communication: While the current mainstream clearly focuses on web services based on SOAP, WSDL and the WS-* specification universe, a small, but very vocal minority claims there’s a better way: REST, short for REpresentational State Transfer. In this article, I will try to provide a pragmatic introduction to REST and RESTful HTTP application integration without digressing into this debate. I will go into more detail while explaining those aspects that, in my experience, cause the most discussion when someone is exposed to this approach for the first time. Key REST principles Most introductions to REST start with the formal definition and background.
Invariably, learning about REST means that you’ll end up wondering just how applicable the concept really is for your specific scenario. And given that you’re probably used to entirely different architectural approaches, it’s only natural that you start doubting whether REST, or rather RESTful HTTP, really works in practice, or simply breaks down once you go beyond introductory, “Hello, World”-level stuff. In this article, I will try to address 10 of the most common doubts people have about REST when they start exploring it, especially if they have a strong background in the architectural approach behind SOAP/WSDL-based Web services. 1. REST may be usable for CRUD, but not for “real” business logic This is the most common reaction I see among people who are skeptical about REST benefits. Addressing Doubts about REST
Interview and Book Excerpt: RESTful Web Services Today, InfoQ publishes a sample chapter from RESTful Web Services, a book authored by Leonard Richardson and Sam Ruby. The book covers the principles of the REST style, and explains how to build RESTful applications using Ruby on Rails, Restlet (for Java) and Django (for Python). On this occasion, InfoQ's Stefan Tilkov had a chance to talk to the authors about their motivations for writing this book and their views on REST and Web services. InfoQ: Leonard, how did you end up writing a book on REST? Leonard Richardson (LR): I’ve been using the web as a programming environment since 1998. That is, I was screen-scraping.
REST Anti-Patterns When people start trying out REST, they usually start looking around for examples – and not only find a lot of examples that claim to be “RESTful”, or are labeled as a “REST API”, but also dig up a lot of discussions about why a specific service that claims to do REST actually fails to do so. Why does this happen?
Buzzwords can be a funny thing. I’ve been writing (what I thought were) ‘RESTful’ web apps and APIs for five years now, and it wasn’t until a couple of weeks ago that I really began to understand what that meant. I’d like to share my ‘AHA’ moment, and give a concrete example of why following the REST style correctly can save you headaches in the long run. TL;DR: A RESTful API should provide hypertext links to drive traversal through itself, instead of forcing the client to craft their own URIs. A little backstory At Twin Engine Labs, we develop iOS apps that are generally backed by Rails REST APIs. How I learned to stop worrying and love REST - Mike Mayo
Peter Williams - Versioning REST Web Services Managing changes to APIs is hard. That is no surprise to anyone who has ever maintained an API of any sort.
Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure. You are a smart guy, so you start to think… Problem You realize that literally passing the credentials over HTTP leaves that data open to being sniffed in plain-text; After the Gawker incident, you realize that plain-text or weakly-hashed anything is usually a bad idea. You realize that hashing the password and sending the hash over the wire in lieu of the plain-text password still gives people sniffing at least the username for the account and a hash of the password that could (in a disturbing number of cases) be looked up in a Rainbow Table.
Yesterday there has been a popular post on Hacker News about Designing Secure REST API without OAuth. I don’t agree that OAuth is unsuitable and I’ll introduce my way shortly. This post is intented to be a reply on this topic. In our new startup (ollaa.com), we (3 undergrad co-founders) are basically developing a mobile social network that has iOS/Android clients communicating the server via a REST API. Designing a Secure REST API with OAuth2 You Can Be Proud Of | ahmet alp balkan : blog
Haters gonna HATEOAS — Timeless Every time someone mentions RESTful web services, there’s always that one person that has to chime in: “That’s not really RESTful, it’s just kinda RESTful.” I’d always filed that information away, under ‘things to learn later,’ and let it simmer in the back of my brain. I’ve finally looked into it, and they’re absolutely right: 99.99% of the RESTful APIs out there aren’t fully compliant with Roy Fielding’s conception of REST. Is that bad?