Short Notes on RESTful APIs
WIP - check for updates later.
This section is about RESTful Web-based API's.
Take this section with a pinch of salt. Also, see Disclaimer.
What is RESTful?
There is no standard for what REST API is (it's an architectural style, not a protocol), but there is a precedent on most of the functional specs. This list presents my preferences regarding the "gray" areas of the spec.
Representational state transfer (REST) is a way to create, read, update or delete information on a server using simple HTTP calls.
REST has strict separation of clients and servers, by a uniform interface.
REST is stateless - each request from any client contains all the information necessary to service the request, and session state is held in the client. Important exception to this rule is authentication session that is stored on servers.
REST is cacheable. Responses must therefore, implicitly or explicitly, define themselves as cacheable, or not, to prevent clients reusing state or inappropriate data in response to further requests. Well-managed caching partially or completely eliminates some client–server interactions, further improving scalability and performance.
REST has a uniform interface:
- Resources/entities are uniquely identified by URI's.
The resources themselves are conceptually separate from the representations that are returned to the client (JSON, XML, ...).
- Client which holds such representation of a resource (including any metadata attached), it has enough information to modify or delete this resource.
- Each message includes enough information to describe how to process the message.
Web-based REST APIs typically comply to:
- having base URI, such as http://example.com/resources/ ,
- using Internet media type for the data; this is often JSON but can be any other valid Internet media type (e.g. XML, Atom, microformats, images, etc.),
- using standard HTTP methods (e.g., GET, HEAD, POST, or DELETE),
- using hypertext links to reference state,
- using hypertext links to reference related resources.
- Use POST for both entity creation and update.
Typically, REST API's are expected to use POST for element creation, and PUT for element update. I'm not a big supporter of this, as analogous to majority of programming (scripting) languages where you use the same assignment operator for both variable creation and updating, you should use the same HTTP method.
Also, you'll avoid discussions about what is entity creation and update, esp. in scenarios where you want to allow creation and updates of sub-entities, where either of those can be viewed as update of the entity itself.
Also, note that often REST is not supposed to allow access to sub-entities, but it makes life so much easier, and costs you less traffic.
- versioning - depends on expected lifetime of the API
- access to sub-entities
- pagination and other non-entity specific parameters as GET parameters
- HEAD on entities; GET on collections is a list; POST on collection creates entity, POST on entity updates; use OPTION for mature stages, on '*' ID
This list is by no means supposed to represent any "standard view" of REST API's.
It does not represent opinions of any of the companies I work(ed) with.
It is my personal checklist when designing interfaces. Many points depend only on your taste.
Some of the opinions are even "not really REST" but make life easier for either you as backend dev, or for your consumers, or both.