Hypermedia APIs (hypermediaapis) on Twitter
REST & Hypermedia APIs.md REST & Hypermedia APIs.md Figure out a good standard for how to use the HTTP response codes in a 'truly RESTful' (Now called 'Hypermedia API' apparently) way. HTTP Methods (Verbs) Spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.htmlOPTIONS: Display which HTTP methods can be called on a resource.GET: Just get a resource.PUT: Update a resourcePATCH: Partial update of a resource (not universally supported)DELETE: Delete a resourcePOST: Create a resourceHTTP Status (Response) codes Twitter: https://dev.twitter.com/docs/error-codes-responses (This is the most acceptable and comprehensive list I have found) Potentially adding: 10.2.2 201 Created: The request has been fulfilled and resulted in a new resource being created10.2.3 202 Accepted: The request has been accepted for processing, but the processing has not been completed.
Designing Hypermedia APIs Frequently Asked Questions Who are you? I'm Steve Klabnik, and I've been a Rubyist for years now. I'm a Rails committer, instructor with Jumpstart Lab, and a prolific Open Source contributor. Designing Hypermedia APIs
Building Hypermedia APIs with HTML5 and Node: Mike Amundsen: 9781449306571: Amazon.com
RESTful Web Services: Leonard Richardson, Sam Ruby, David Heinemeier Hansson: 9780596529260: Amazon.com
REST, Hypermedia & HATEOAS - Django REST framework REST, Hypermedia & HATEOAS - Django REST framework You keep using that word "REST". I do not think it means what you think it means.— Mike Amundsen, REST fest 2012 keynote. First off, the disclaimer.
REST is OVER! REST is OVER! Yep. Sorry to have to inform you. REST is totally over. The cool kids are moving on.
This is a follow-up post to my post here. You probably want to read that first. UPDATE: Please note that 'REST is over'. 'Hypermedia API' is the proper term now. A few words on standards versus pragmatism Some People Understand REST and HTTP Some People Understand REST and HTTP
Nobody Understands REST or HTTP Since I've posted this, I've refined a few of my positions on things. Everyone learns and grows, and while I still stand by most of what I said, I specifically don't agree that versioning the media type is how to properly version APIs. Hypermedia APIs should not actually use explicit versioning, but I'd rather see a version in the URI with HATEOAS than no HATEOAS and versioned media types. Nobody Understands REST or HTTP
A Brief Introduction to REST You may or may not be aware that there is debate going on about the “right” way to implement heterogeneous application-to-application communication: While the current mainstream clearly focuses on web services based on SOAP, WSDL and the WS-* specification universe, a small, but very vocal minority claims there’s a better way: REST, short for REpresentational State Transfer. In this article, I will try to provide a pragmatic introduction to REST and RESTful HTTP application integration without digressing into this debate. I will go into more detail while explaining those aspects that, in my experience, cause the most discussion when someone is exposed to this approach for the first time. Key REST principles Most introductions to REST start with the formal definition and background. A Brief Introduction to REST
Addressing Doubts about REST Invariably, learning about REST means that you’ll end up wondering just how applicable the concept really is for your specific scenario. And given that you’re probably used to entirely different architectural approaches, it’s only natural that you start doubting whether REST, or rather RESTful HTTP, really works in practice, or simply breaks down once you go beyond introductory, “Hello, World”-level stuff. In this article, I will try to address 10 of the most common doubts people have about REST when they start exploring it, especially if they have a strong background in the architectural approach behind SOAP/WSDL-based Web services. 1. REST may be usable for CRUD, but not for “real” business logic This is the most common reaction I see among people who are skeptical about REST benefits. Addressing Doubts about REST
Interview and Book Excerpt: RESTful Web Services Interview and Book Excerpt: RESTful Web Services Today, InfoQ publishes a sample chapter from RESTful Web Services, a book authored by Leonard Richardson and Sam Ruby. The book covers the principles of the REST style, and explains how to build RESTful applications using Ruby on Rails, Restlet (for Java) and Django (for Python). On this occasion, InfoQ's Stefan Tilkov had a chance to talk to the authors about their motivations for writing this book and their views on REST and Web services. InfoQ: Leonard, how did you end up writing a book on REST? Leonard Richardson (LR): I’ve been using the web as a programming environment since 1998. That is, I was screen-scraping.
REST Anti-Patterns REST Anti-Patterns When people start trying out REST, they usually start looking around for examples – and not only find a lot of examples that claim to be “RESTful”, or are labeled as a “REST API”, but also dig up a lot of discussions about why a specific service that claims to do REST actually fails to do so. Why does this happen? HTTP is nothing new, but it has been applied in a wide variety of ways. Some of them were in line with the ideas the Web’s designers had in mind, but many were not. Applying REST principles to your HTTP applications, whether you build them for human consumption, for use by another program, or both, means that you do the exact opposite: You try to use the Web “correctly”, or if you object to the idea that one is “right” and one is “wrong”: in a RESTful way. For many, this is indeed a very new approach.
Buzzwords can be a funny thing. I’ve been writing (what I thought were) ‘RESTful’ web apps and APIs for five years now, and it wasn’t until a couple of weeks ago that I really began to understand what that meant. I’d like to share my ‘AHA’ moment, and give a concrete example of why following the REST style correctly can save you headaches in the long run. TL;DR: A RESTful API should provide hypertext links to drive traversal through itself, instead of forcing the client to craft their own URIs. A little backstory At Twin Engine Labs, we develop iOS apps that are generally backed by Rails REST APIs. How I learned to stop worrying and love REST - Mike Mayo
Peter Williams - Versioning REST Web Services Managing changes to APIs is hard. That is no surprise to anyone who has ever maintained an API of any sort. Web services, being a special case of API, are susceptible to many of the difficulties around versioning as other types of APIs. For HTTP based REST style web services the combination of resources and content negotiation can be used to mitigate most of the issues surrounding API versioning. Let’s assume you have a REST/HTTP web service that has some account resources. Say you can make a request like this:

Designing a Secure REST (Web) API without OAuth

Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure. You are a smart guy, so you start to think… Problem You realize that literally passing the credentials over HTTP leaves that data open to being sniffed in plain-text; After the Gawker incident, you realize that plain-text or weakly-hashed anything is usually a bad idea. You realize that hashing the password and sending the hash over the wire in lieu of the plain-text password still gives people sniffing at least the username for the account and a hash of the password that could (in a disturbing number of cases) be looked up in a Rainbow Table.
Yesterday there has been a popular post on Hacker News about Designing Secure REST API without OAuth. I don’t agree that OAuth is unsuitable and I’ll introduce my way shortly. This post is intented to be a reply on this topic. In our new startup (ollaa.com), we (3 undergrad co-founders) are basically developing a mobile social network that has iOS/Android clients communicating the server via a REST API. Designing a Secure REST API with OAuth2 You Can Be Proud Of | ahmet alp balkan : blog
Haters gonna HATEOAS — Timeless Every time someone mentions RESTful web services, there’s always that one person that has to chime in: “That’s not really RESTful, it’s just kinda RESTful.” I’d always filed that information away, under ‘things to learn later,’ and let it simmer in the back of my brain. I’ve finally looked into it, and they’re absolutely right: 99.99% of the RESTful APIs out there aren’t fully compliant with Roy Fielding’s conception of REST. Is that bad?