SlideShare a Scribd company logo

Principles of building effective REST API

Georgy Podsvetov
Georgy Podsvetov

Brief introduction into designing REST API. Set of recipes how to solve typical architectural problems. List of topics that you should learn, before start designing API.

Software
1 of 56
Download to read offline
Principles of building effective REST API Georgiy Podsvetov
Georgiy Podsvetov What is REST? Representational State Transfer is an architecture style for designing networked applications
Roy Fielding (1965 — ) Architectural Styles and the Design of Network-based Software Architectures (2000, University of California, Irvine) Georgiy Podsvetov
• Resources • URI • Representations • Safe and Idempotent operations • Visibility • Linking • Caching Georgiy Podsvetov5
GET get a representation of a resource PUT update a resource DELETE delete a resource POST perform a variety of potentially nonidempotent and unsafe operations Add appropriate HTTP headers to describe requests and responses Georgiy Podsvetov6
Method Safe? Idempotent? GET YES YES HEAD YES YES OPTIONS YES YES PUT NO YES DELETE NO YES POST NO NO Georgiy Podsvetov7
Use GET for safe and idempotent information retrieval Georgiy Podsvetov8
• To create a new resource, using the resource as a factory • To modify one or more resources via a controller resource • To run queries with large inputs • To perform any unsafe or nonidempotent operation when no other HTTP method seems appropriate POST Georgiy Podsvetov9 Slug header (RFC 5023)
Use PUT to create new resources only when clients can decide URIs of resources. Otherwise, use POST. Georgiy Podsvetov10
Asynchronous creation • Create «State Resource» • Return status code 202 (Accepted) • Let a client track the status of the asynchronous task using this resource Still processing 200 (OK) and description of current status On success 303 (See Other) and Location header with resource URI On error 200 (OK) with error description Georgiy Podsvetov11
Avoid using nonstandard custom HTTP methods New methods — you cannot rely on off-the-shelf software that only knows about the standard HTTP methods Instead, design a controller resource that can abstract such operations, and use HTTP method POST Georgiy Podsvetov Custom methods 12
• Use custom headers for informational purposes only • Omitting custom headers shouldn’t fail processing request or response • Avoid using custom HTTP headers to change the behavior of HTTP methods Georgiy Podsvetov Custom headers 13
X-HTTP-Method-Override use POST and distinct resource instead Georgiy Podsvetov14
Tunneling occurs whenever the client is using the same method on a single URI for different actions. # Request to add a discount offer
 POST /book/1234 HTTP/1.1
 Host: www.example.org
 Content-Type: application/x-www-urlencoded ! op=updateDiscount&discount=15 # Request to add the book for 30-day offers POST /book/1234 HTTP/1.1 Host: www.example.org Content-Type: application/x-www-urlencoded ! op=30dayOffer&ebook_from=2009-10-10&ebook_to=2000-11-10 Georgiy Podsvetov Tunneling 15
! The visible parts of requests such as the request URI, the HTTP method used, headers, and media types do not unambiguously describe the operation. Tunneling reduces protocol-level visibility Georgiy Podsvetov Tunneling 16
4xx status code for client inputs errors ! 5xx status code for server implementation errors include a Date header with a value indicating the date- time at which the error occurred. Georgiy Podsvetov Error status codes 17
• A brief message describing the error condition • A longer description with information on how to fix the error condition, if applicable • An identifier for the error • A link to learn more about the error condition, with tips on how to resolve it Error description Georgiy Podsvetov18
• Use domains and subdomains to logically group or partition resources for localization, distribution, or to enforce various monitoring or security policies. • Use the forward-slash separator (/) in the path portion of the URI to indicate a hierarchical relationship between resources. • Use the comma (,) and semicolon (;) to indicate nonhierarchical elements in the path portion of the URI. • Use the hyphen (-) and underscore (_) characters to improve the readability of names in long path segments. • Use the ampersand (&) to separate parameters in the query portion of the URI. • Avoid including file extensions (such as .php, .aspx, and .jsp) in URIs.  http://www.example.org/co-ordinates;w=39.001409,z=-84.578201  http://www.example.org/axis;x=0,y=9 Georgiy Podsvetov Constructing URI 19
Capital letters RFC 3986 defines URIs as case sensitive except for the scheme and host parts. ! The same: • http://www.exam ple.org/my-folder/doc.txt • HTTP://WWW.EXAMPLE.ORG/my-folder/doc.txt ! Different • http://www.example.org/My-Folder/doc.txt Georgiy Podsvetov20
Link header RFC 5988 Link: <{URI}>;rel="{relation}";type="{media type"};title="{title}"... • self — link to the preferred URI of the resource • alternate — alternative version of the same resource • edit — link to to edit the resource • related — link to a related resource • previous and next — pagination in collection • first and last — first and last resources in collection • help — refers to a resource offering help • hub — refers to a hub that enables registration for notification of updates to the context • payment — indicates a resource where payment is accepted Georgiy Podsvetov21
Always use URIs as the values of extended link relation types. Provide HTML documentation at the URI • Purpose of the link relation • The types of resources that use the link relation, and the types of resources at the target of the link • Valid HTTP methods for the target URI • Expected media types on request and response for the target URI  Georgiy Podsvetov Relation types 22
Design each representation such that it contains links that help clients transition to all the next possible steps Georgiy Podsvetov23
Include a Vary header whenever multiple representations are available for a resource. comma-separated list of request headers the server uses when choosing a representation Vary: * If the server uses information other than the headers in the request Vary: Accept,Accept-Language Georgiy Podsvetov Multiple representations 24
Querying for information • Filtering — selecting a subset of entities based on some filter criteria • Sorting — influences how the server arranges the results in the response • Projection — selecting certain fields in each entity to be included in the results Georgiy Podsvetov25
Queries with long data How to make queries with long data? — Use POST 1. Create a new resource whose state contains the query criteria 2. Return response code 201 (Created) with a Location header referring to a resource created 3. Implement a GET request for the new resource such that it returns query results Server can support the pagination of such query results via GET Georgiy Podsvetov26
Caching Cache-Control • public (default) — marks responses as cacheable. • private — allows caches that are specific to one user to store the response; shared caches ay not • no-cache and no-store — prevent any cache from storing or serving a cached response • max-age — freshness lifetime in seconds as the value of this directive • s-maxage — this directive is similar to max-age but is meant only for shared caches • must-revalidate — require caches to check the origin server before serving stale representations • proxy-revalidate — similar to the must-revalidate directive except that it applies only to shared caches ‘Expires’ header to support HTTP 1.0 include a Date header with a date-time of the time at which the server returned the response ‘Pragma: no-cache’ for HTTP 1.0 Georgiy Podsvetov27
Caching # First request
 GET /person/joe HTTP/1.1 Host: www.example.org # First response HTTP/1.1 200 OK Date: Sun, 09 Aug 2009 00:44:14 GMT  Last-Modified: Sun, 09 Aug 2009 00:40:14 GMT   Cache-Control: max-age=3600,must-revalidate # Second request after 10 minutes  GET /person/joe HTTP/1.1 Host: www.example.org # Second response - returned by cache  HTTP/1.1 200 OK Date: Sun, 09 Aug 2009 00:54:14 GMT  Last-Modified: Sun, 09 Aug 2009 00:40:14 GMT   Cache-Control: max-age=3600,must-revalidate  Age: 600 ‘Age’ header indicates how long ago the cache retrieved the representation from the origin server Georgiy Podsvetov28
Set expiration caching headers for responses of GET and HEAD requests for all successful response codes.  300 (Multiple Choices) 301 (Moved Permanently)  400 (Bad Request) 403 (Forbidden)  404 (Not Found)  405 (Method Not Allowed) 410 (Gone) Georgiy Podsvetov Caching headers 29
Concurrency control Pessimistic Optimistic Client gets a lock -> obtains the current state of the resource -> makes modifications -> releases the lock Client gets a token -> attempts a write operation with the token -> succeeds if the token is still valid and fails otherwise Georgiy Podsvetov30
HTTP, being a stateless application control, is designed for optimistic concurrency control 1. Server gives token to the client with each representation of the resource 2. Tokens change with every change to the resource 3. Client send token with each request to modify or delete a resource — conditional request 4. Server validate token, if it is not actual — concurrency failure — server aborts request  Georgiy Podsvetov Concurrency control 31
Conditional requests Last-Modified and ETag Validating cached representations Concurrency control If-Modified-Since If-Unmodified-Since If-None-Match If-Match Georgiy Podsvetov32
Conditional PUT requests Georgiy Podsvetov33
Conditional DELETE request Georgiy Podsvetov34
POST creation. Prevent duplicates. 1. Generate one-time token on server 2. Client submits POST request with this token 3. If token already used -> 403 (Forbidden) # Request
 GET /entity/creation-token HTTP/1.1 Host: www.example.org # Response
 HTTP/1.1 204 OK
 Cache-Control: no-cache
 Link: <example.com/entity?t=az345ed>;rel=«http://example.com/rel/create-entity» Georgiy Podsvetov35
Create several resources 1. Use POST 2. Pass collection of the resources 3. Redirect to newly created collection -> 303 (See other) 4. Representation of this resource includes links to all the newly created resources Georgiy Podsvetov36
UPDATE or DELETE several resources 1. Generate URI that contains representation of all this resources 2. Submit PUT or DELETE request to this URI Georgiy Podsvetov37
Representation annotation Content-Type describe the type of the representation Content-Length specify the size in bytes of the body Content-Language specify the localization Content-MD5 checksums of the body Content-Encoding when you encode the body of the representation using gzip, compress, or deflate encoding Last-Modified last time the server modified the representation For POST and PUT requests, even if you are using ‘Transfer-Encoding: chunked’, include the Content-Length header in requests from client applications. Some proxies reject POST and PUT requests that contain neither of these headers. Georgiy Podsvetov38
! Internet Assigned Numbers Authority media type registry (IANA, http://www.iana.org/assignments/media-types/)  Preferable to use standard media types Media types If you are designing a new media type, register the format and media type with IANA by following the procedure outlined in RFC 4288. Georgiy Podsvetov39
multipart/form-data! To encode name-value pairs of data mixed with parts containing data of arbitrary media types. multipart/mixed! To bundle several parts of arbitrary media types. multipart/alternative! Use this when sending alternative representations of the same resource using different media types. multipart/related! Use this when the parts are interrelated and you need to process the parts together. The first part is the root part and can refer to various other parts via a Content-ID header.  Avoid encoding binary data within textual formats using Base64 encoding Georgiy Podsvetov Media types 40
• Self link to the collection resource • Link to the next page • Link to the previous page • Indicator of the size of the collection Include the following in collection representation Georgiy Podsvetov Representation data 41
Georgiy Podsvetov Data formats • Use decimal, float, and double datatypes defined in the W3C XML Schema for formatting numbers including currency. • Use ISO 3166 codes for countries and dependent territories. • Use ISO 4217 alphabetic or numeric codes for denoting currency. • Use RFC 3339 for dates, times, and date-time values used in representations. • Use BCP 47 language tags for representing the language of text. • Use time zone identifiers from the Olson Time Zone Database to convey time zones.  42
The JSON media type application/json does not specify a charset parameter but uses UTF-8 as the default encoding. RFC 4627 specifies ways to determine the character encoding of JSON-formatted data. Also avoid using the text/xml media type for XML-formatted representations. The default charset for text/xml is us-ascii, whereas application/xml uses UTF-8. Georgiy Podsvetov Media types 43
For resources that are expected to be consumed by end users, provide HTML representations. ! Avoid designing HTML representations for machine clients. ! To enable web crawlers and such software, use microformats or RDFa to annotate data within the markup. ! http://microformats.org/wiki/hcard Georgiy Podsvetov Representation format 44
Accept headers • Accept-Charset • Accept-Encoding • Accept-Language Accept — Content-Types that are acceptable for the response Accept: application/atom+xml;q=1.0, application/xml;q=0.6, */*;q=0.0 Accept-Language: fr;q=1.0, en;q=0.5 Accept-Encoding: gzip q = 0.0 … 1.0 default: 1.0 If the request has no Accept-Encoding header, do not compress representations. Georgiy Podsvetov45
When the server cannot serve a representation that meets the client’s preferences and if the client explicitly included a */*;q=0.0, ! return status code 406 (Not Acceptable) with the body of the representation containing the list of representations. # Request GET /user/001/followers HTTP/1.1 Accept: application/json,*/*;q=0.0 ! # Response
 406 Not Acceptable
 Content-Type: application/json
 Link: <http://www.example.org/errors/mediatypes.html>;rel="help" {
 "message" : "This server does not support JSON. See help for alternatives." } Georgiy Podsvetov46
Changes in API •Servers goal — keep clients from breaking •Client goal — not fail when new unknown data or links appear in representations Georgiy Podsvetov47
Preserve the hierarchical structure <user>      <first-name>John</first-name>       <last-name>Doe</last-name>       <street>1 Some Street</street>       <city>Some City</city> <user> <user>       <first-name>John</first-name>      <last-name>Doe</last-name>       <street>1 Some Street</street>       <city>Some City</city>       <state>WA</state> <user>  <user>       <first-name>John</first-name>       <last-name>Doe</last-name>       <address>           <street>1 Some Street</street>           <city>Some City</city>  <state>WA</state>      </address> <user>  Origin Good Bad Changes in API Georgiy Podsvetov48
•When parsing bodies of representations, look for known data •In the case of XML, look for known elements and attributes by name and not by position •Implement the client to not fail when it finds unrecognized data •If the client is capable of storing the complete representation locally, store everything Changes in API Georgiy Podsvetov49 •Treat new parameters as optional
Add new resources with new URIs when there is a change in the behavior of resources or a change in the information contained in representations Avoid treating each version as a new representation with a new media type of the same resource Georgiy Podsvetov50
What is the most flexible to design API? — resource identification Georgiy Podsvetov51
• Analyze your use cases to find domain nouns that can be operated using «create», «read», «update» or «delete» operations. • Designate each noun as a resource. • Check resource granularity. Resource identification - network efficiency! - size of representations! - client convenience - cacheablility! - frequency of change! - mutability Georgiy Podsvetov52
Composite resources • client usage patterns! • performance! • latency requirements Georgiy Podsvetov53
Documentation • All resources and methods supported for each resource • Media types and representation formats for resources in requests and responses • Each link relation used, its business significance, HTTP method to be used, and resource that the link identifies • All fixed URIs that are not supplied via links • Query parameters used for all fixed URIs • URI templates and token substitution rules • Authentication and security credentials for accessing resources  Georgiy Podsvetov54
Documentation Always provide consistent examples ! Be ready — users will copy examples and will try to run ! They will come to you and will lament that nothing works Georgiy Podsvetov55
Questions? Georgiy Podsvetov Georgiy Podsvetov podsvetov@gmail.com https://www.linkedin.com/pub/georgiy-podsvetov/45/989/868 https://www.facebook.com/GeorgiyPodsvetov 56 #Request GET / HTTP/1.0 Host: 134.219.188.123 ! #Response HTTP/1.0 418 I am a Teapot Connection: close Content-Type: text/html RFC 7168

Recommended

Android App Development 06 : Network &amp; Web Services
Android App Development 06 : Network &amp; Web ServicesAndroid App Development 06 : Network &amp; Web Services
Android App Development 06 : Network &amp; Web ServicesAnuchit Chalothorn
 
RESTful for opentravel.org by HP
RESTful for opentravel.org by HPRESTful for opentravel.org by HP
RESTful for opentravel.org by HPRoni Schuetz
 
OpenTravel Advisory Forum 2012 REST XML Resources
OpenTravel Advisory Forum 2012 REST XML ResourcesOpenTravel Advisory Forum 2012 REST XML Resources
OpenTravel Advisory Forum 2012 REST XML ResourcesOpenTravel Alliance
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27Eoin Keary
 
An Overview on PROV-AQ: Provenance Access and Query
An Overview on PROV-AQ: Provenance Access and QueryAn Overview on PROV-AQ: Provenance Access and Query
An Overview on PROV-AQ: Provenance Access and QueryOlaf Hartig
 
CrossRef Technical Basics 2010 CrossRef Workshops
CrossRef Technical Basics 2010 CrossRef WorkshopsCrossRef Technical Basics 2010 CrossRef Workshops
CrossRef Technical Basics 2010 CrossRef WorkshopsCrossref
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)securityn|u - The Open Security Community
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016Restlet
 

Recommended

Android App Development 06 : Network &amp; Web Services
Android App Development 06 : Network &amp; Web ServicesAndroid App Development 06 : Network &amp; Web Services
Android App Development 06 : Network &amp; Web ServicesAnuchit Chalothorn
 
RESTful for opentravel.org by HP
RESTful for opentravel.org by HPRESTful for opentravel.org by HP
RESTful for opentravel.org by HPRoni Schuetz
 
OpenTravel Advisory Forum 2012 REST XML Resources
OpenTravel Advisory Forum 2012 REST XML ResourcesOpenTravel Advisory Forum 2012 REST XML Resources
OpenTravel Advisory Forum 2012 REST XML ResourcesOpenTravel Alliance
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27Eoin Keary
 
An Overview on PROV-AQ: Provenance Access and Query
An Overview on PROV-AQ: Provenance Access and QueryAn Overview on PROV-AQ: Provenance Access and Query
An Overview on PROV-AQ: Provenance Access and QueryOlaf Hartig
 
CrossRef Technical Basics 2010 CrossRef Workshops
CrossRef Technical Basics 2010 CrossRef WorkshopsCrossRef Technical Basics 2010 CrossRef Workshops
CrossRef Technical Basics 2010 CrossRef WorkshopsCrossref
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)securityn|u - The Open Security Community
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016Restlet
 
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...GeeksLab Odessa
 
REST Api Tips and Tricks
REST Api Tips and TricksREST Api Tips and Tricks
REST Api Tips and TricksMaksym Bruner
 
Doing REST Right
Doing REST RightDoing REST Right
Doing REST RightKerry Buckley
 
Boost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BSBoost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BSInformation Development World
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
Rest web services
Rest web servicesRest web services
Rest web servicesPaulo Gandra de Sousa
 
JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011Shreedhar Ganapathy
 
ReST
ReSTReST
ReSTNader Albert
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIsamesar0
 
Troubleshooting.pptx
Troubleshooting.pptxTroubleshooting.pptx
Troubleshooting.pptxsebastian ordoñez rubiano
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application TechnologiesSam Bowne
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web ServicesChristopher Bartling
 
So you think you know REST - DPC11
So you think you know REST - DPC11So you think you know REST - DPC11
So you think you know REST - DPC11Evert Pot
 
BITM3730Week9(1).pptx
BITM3730Week9(1).pptxBITM3730Week9(1).pptx
BITM3730Week9(1).pptxMattMarino13
 
BITM3730 11-1.pptx
BITM3730 11-1.pptxBITM3730 11-1.pptx
BITM3730 11-1.pptxMattMarino13
 
A Look at OData
A Look at ODataA Look at OData
A Look at ODataWoodruff Solutions LLC
 
BITM3730 Networking.pdf
BITM3730 Networking.pdfBITM3730 Networking.pdf
BITM3730 Networking.pdfMattMarino13
 
Great webapis
Great webapisGreat webapis
Great webapisRafał Hryniewski
 
REST & RESTful Web Service
REST & RESTful Web ServiceREST & RESTful Web Service
REST & RESTful Web ServiceHoan Vu Tran
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsHTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsRoan Brasil Monteiro
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 

More Related Content

Similar to Principles of building effective REST API

WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...GeeksLab Odessa
 
REST Api Tips and Tricks
REST Api Tips and TricksREST Api Tips and Tricks
REST Api Tips and TricksMaksym Bruner
 
Boost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BSBoost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BSInformation Development World
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011Shreedhar Ganapathy
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIsamesar0
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application TechnologiesSam Bowne
 
So you think you know REST - DPC11
So you think you know REST - DPC11So you think you know REST - DPC11
So you think you know REST - DPC11Evert Pot
 
BITM3730Week9(1).pptx
BITM3730Week9(1).pptxBITM3730Week9(1).pptx
BITM3730Week9(1).pptxMattMarino13
 
BITM3730 11-1.pptx
BITM3730 11-1.pptxBITM3730 11-1.pptx
BITM3730 11-1.pptxMattMarino13
 
BITM3730 Networking.pdf
BITM3730 Networking.pdfBITM3730 Networking.pdf
BITM3730 Networking.pdfMattMarino13
 
REST & RESTful Web Service
REST & RESTful Web ServiceREST & RESTful Web Service
REST & RESTful Web ServiceHoan Vu Tran
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsHTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsRoan Brasil Monteiro
 

Similar to Principles of building effective REST API (20)

WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
 
REST Api Tips and Tricks
REST Api Tips and TricksREST Api Tips and Tricks
REST Api Tips and Tricks
 
Doing REST Right
Doing REST RightDoing REST Right
Doing REST Right
 
Boost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BSBoost Your Content Strategy for REST APIs with Gururaj BS
Boost Your Content Strategy for REST APIs with Gururaj BS
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
Rest web services
Rest web servicesRest web services
Rest web services
 
JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011JAX-RS JavaOne Hyderabad, India 2011
JAX-RS JavaOne Hyderabad, India 2011
 
ReST
ReSTReST
ReST
 
Pragmatic REST APIs
Pragmatic REST APIsPragmatic REST APIs
Pragmatic REST APIs
 
Troubleshooting.pptx
Troubleshooting.pptxTroubleshooting.pptx
Troubleshooting.pptx
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
 
So you think you know REST - DPC11
So you think you know REST - DPC11So you think you know REST - DPC11
So you think you know REST - DPC11
 
BITM3730Week9(1).pptx
BITM3730Week9(1).pptxBITM3730Week9(1).pptx
BITM3730Week9(1).pptx
 
BITM3730 11-1.pptx
BITM3730 11-1.pptxBITM3730 11-1.pptx
BITM3730 11-1.pptx
 
A Look at OData
A Look at ODataA Look at OData
A Look at OData
 
BITM3730 Networking.pdf
BITM3730 Networking.pdfBITM3730 Networking.pdf
BITM3730 Networking.pdf
 
Great webapis
Great webapisGreat webapis
Great webapis
 
REST & RESTful Web Service
REST & RESTful Web ServiceREST & RESTful Web Service
REST & RESTful Web Service
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsHTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
 

Recently uploaded

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Recently uploaded (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

Principles of building effective REST API

  • 1.
  • 2. Principles of building effective REST API Georgiy Podsvetov
  • 3. Georgiy Podsvetov What is REST? Representational State Transfer is an architecture style for designing networked applications
  • 4. Roy Fielding (1965 — ) Architectural Styles and the Design of Network-based Software Architectures (2000, University of California, Irvine) Georgiy Podsvetov
  • 5. • Resources • URI • Representations • Safe and Idempotent operations • Visibility • Linking • Caching Georgiy Podsvetov5
  • 6. GET get a representation of a resource PUT update a resource DELETE delete a resource POST perform a variety of potentially nonidempotent and unsafe operations Add appropriate HTTP headers to describe requests and responses Georgiy Podsvetov6
  • 7. Method Safe? Idempotent? GET YES YES HEAD YES YES OPTIONS YES YES PUT NO YES DELETE NO YES POST NO NO Georgiy Podsvetov7
  • 8. Use GET for safe and idempotent information retrieval Georgiy Podsvetov8
  • 9. • To create a new resource, using the resource as a factory • To modify one or more resources via a controller resource • To run queries with large inputs • To perform any unsafe or nonidempotent operation when no other HTTP method seems appropriate POST Georgiy Podsvetov9 Slug header (RFC 5023)
  • 10. Use PUT to create new resources only when clients can decide URIs of resources. Otherwise, use POST. Georgiy Podsvetov10
  • 11. Asynchronous creation • Create «State Resource» • Return status code 202 (Accepted) • Let a client track the status of the asynchronous task using this resource Still processing 200 (OK) and description of current status On success 303 (See Other) and Location header with resource URI On error 200 (OK) with error description Georgiy Podsvetov11
  • 12. Avoid using nonstandard custom HTTP methods New methods — you cannot rely on off-the-shelf software that only knows about the standard HTTP methods Instead, design a controller resource that can abstract such operations, and use HTTP method POST Georgiy Podsvetov Custom methods 12
  • 13. • Use custom headers for informational purposes only • Omitting custom headers shouldn’t fail processing request or response • Avoid using custom HTTP headers to change the behavior of HTTP methods Georgiy Podsvetov Custom headers 13
  • 14. X-HTTP-Method-Override use POST and distinct resource instead Georgiy Podsvetov14
  • 15. Tunneling occurs whenever the client is using the same method on a single URI for different actions. # Request to add a discount offer
 POST /book/1234 HTTP/1.1
 Host: www.example.org
 Content-Type: application/x-www-urlencoded ! op=updateDiscount&discount=15 # Request to add the book for 30-day offers POST /book/1234 HTTP/1.1 Host: www.example.org Content-Type: application/x-www-urlencoded ! op=30dayOffer&ebook_from=2009-10-10&ebook_to=2000-11-10 Georgiy Podsvetov Tunneling 15
  • 16. ! The visible parts of requests such as the request URI, the HTTP method used, headers, and media types do not unambiguously describe the operation. Tunneling reduces protocol-level visibility Georgiy Podsvetov Tunneling 16
  • 17. 4xx status code for client inputs errors ! 5xx status code for server implementation errors include a Date header with a value indicating the date- time at which the error occurred. Georgiy Podsvetov Error status codes 17
  • 18. • A brief message describing the error condition • A longer description with information on how to fix the error condition, if applicable • An identifier for the error • A link to learn more about the error condition, with tips on how to resolve it Error description Georgiy Podsvetov18
  • 19. • Use domains and subdomains to logically group or partition resources for localization, distribution, or to enforce various monitoring or security policies. • Use the forward-slash separator (/) in the path portion of the URI to indicate a hierarchical relationship between resources. • Use the comma (,) and semicolon (;) to indicate nonhierarchical elements in the path portion of the URI. • Use the hyphen (-) and underscore (_) characters to improve the readability of names in long path segments. • Use the ampersand (&) to separate parameters in the query portion of the URI. • Avoid including file extensions (such as .php, .aspx, and .jsp) in URIs.  http://www.example.org/co-ordinates;w=39.001409,z=-84.578201  http://www.example.org/axis;x=0,y=9 Georgiy Podsvetov Constructing URI 19
  • 20. Capital letters RFC 3986 defines URIs as case sensitive except for the scheme and host parts. ! The same: • http://www.exam ple.org/my-folder/doc.txt • HTTP://WWW.EXAMPLE.ORG/my-folder/doc.txt ! Different • http://www.example.org/My-Folder/doc.txt Georgiy Podsvetov20
  • 21. Link header RFC 5988 Link: <{URI}>;rel="{relation}";type="{media type"};title="{title}"... • self — link to the preferred URI of the resource • alternate — alternative version of the same resource • edit — link to to edit the resource • related — link to a related resource • previous and next — pagination in collection • first and last — first and last resources in collection • help — refers to a resource offering help • hub — refers to a hub that enables registration for notification of updates to the context • payment — indicates a resource where payment is accepted Georgiy Podsvetov21
  • 22. Always use URIs as the values of extended link relation types. Provide HTML documentation at the URI • Purpose of the link relation • The types of resources that use the link relation, and the types of resources at the target of the link • Valid HTTP methods for the target URI • Expected media types on request and response for the target URI  Georgiy Podsvetov Relation types 22
  • 23. Design each representation such that it contains links that help clients transition to all the next possible steps Georgiy Podsvetov23
  • 24. Include a Vary header whenever multiple representations are available for a resource. comma-separated list of request headers the server uses when choosing a representation Vary: * If the server uses information other than the headers in the request Vary: Accept,Accept-Language Georgiy Podsvetov Multiple representations 24
  • 25. Querying for information • Filtering — selecting a subset of entities based on some filter criteria • Sorting — influences how the server arranges the results in the response • Projection — selecting certain fields in each entity to be included in the results Georgiy Podsvetov25
  • 26. Queries with long data How to make queries with long data? — Use POST 1. Create a new resource whose state contains the query criteria 2. Return response code 201 (Created) with a Location header referring to a resource created 3. Implement a GET request for the new resource such that it returns query results Server can support the pagination of such query results via GET Georgiy Podsvetov26
  • 27. Caching Cache-Control • public (default) — marks responses as cacheable. • private — allows caches that are specific to one user to store the response; shared caches ay not • no-cache and no-store — prevent any cache from storing or serving a cached response • max-age — freshness lifetime in seconds as the value of this directive • s-maxage — this directive is similar to max-age but is meant only for shared caches • must-revalidate — require caches to check the origin server before serving stale representations • proxy-revalidate — similar to the must-revalidate directive except that it applies only to shared caches ‘Expires’ header to support HTTP 1.0 include a Date header with a date-time of the time at which the server returned the response ‘Pragma: no-cache’ for HTTP 1.0 Georgiy Podsvetov27
  • 28. Caching # First request
 GET /person/joe HTTP/1.1 Host: www.example.org # First response HTTP/1.1 200 OK Date: Sun, 09 Aug 2009 00:44:14 GMT  Last-Modified: Sun, 09 Aug 2009 00:40:14 GMT   Cache-Control: max-age=3600,must-revalidate # Second request after 10 minutes  GET /person/joe HTTP/1.1 Host: www.example.org # Second response - returned by cache  HTTP/1.1 200 OK Date: Sun, 09 Aug 2009 00:54:14 GMT  Last-Modified: Sun, 09 Aug 2009 00:40:14 GMT   Cache-Control: max-age=3600,must-revalidate  Age: 600 ‘Age’ header indicates how long ago the cache retrieved the representation from the origin server Georgiy Podsvetov28
  • 29. Set expiration caching headers for responses of GET and HEAD requests for all successful response codes.  300 (Multiple Choices) 301 (Moved Permanently)  400 (Bad Request) 403 (Forbidden)  404 (Not Found)  405 (Method Not Allowed) 410 (Gone) Georgiy Podsvetov Caching headers 29
  • 30. Concurrency control Pessimistic Optimistic Client gets a lock -> obtains the current state of the resource -> makes modifications -> releases the lock Client gets a token -> attempts a write operation with the token -> succeeds if the token is still valid and fails otherwise Georgiy Podsvetov30
  • 31. HTTP, being a stateless application control, is designed for optimistic concurrency control 1. Server gives token to the client with each representation of the resource 2. Tokens change with every change to the resource 3. Client send token with each request to modify or delete a resource — conditional request 4. Server validate token, if it is not actual — concurrency failure — server aborts request  Georgiy Podsvetov Concurrency control 31
  • 32. Conditional requests Last-Modified and ETag Validating cached representations Concurrency control If-Modified-Since If-Unmodified-Since If-None-Match If-Match Georgiy Podsvetov32
  • 35. POST creation. Prevent duplicates. 1. Generate one-time token on server 2. Client submits POST request with this token 3. If token already used -> 403 (Forbidden) # Request
 GET /entity/creation-token HTTP/1.1 Host: www.example.org # Response
 HTTP/1.1 204 OK
 Cache-Control: no-cache
 Link: <example.com/entity?t=az345ed>;rel=«http://example.com/rel/create-entity» Georgiy Podsvetov35
  • 36. Create several resources 1. Use POST 2. Pass collection of the resources 3. Redirect to newly created collection -> 303 (See other) 4. Representation of this resource includes links to all the newly created resources Georgiy Podsvetov36
  • 37. UPDATE or DELETE several resources 1. Generate URI that contains representation of all this resources 2. Submit PUT or DELETE request to this URI Georgiy Podsvetov37
  • 38. Representation annotation Content-Type describe the type of the representation Content-Length specify the size in bytes of the body Content-Language specify the localization Content-MD5 checksums of the body Content-Encoding when you encode the body of the representation using gzip, compress, or deflate encoding Last-Modified last time the server modified the representation For POST and PUT requests, even if you are using ‘Transfer-Encoding: chunked’, include the Content-Length header in requests from client applications. Some proxies reject POST and PUT requests that contain neither of these headers. Georgiy Podsvetov38
  • 39. ! Internet Assigned Numbers Authority media type registry (IANA, http://www.iana.org/assignments/media-types/)  Preferable to use standard media types Media types If you are designing a new media type, register the format and media type with IANA by following the procedure outlined in RFC 4288. Georgiy Podsvetov39
  • 40. multipart/form-data! To encode name-value pairs of data mixed with parts containing data of arbitrary media types. multipart/mixed! To bundle several parts of arbitrary media types. multipart/alternative! Use this when sending alternative representations of the same resource using different media types. multipart/related! Use this when the parts are interrelated and you need to process the parts together. The first part is the root part and can refer to various other parts via a Content-ID header.  Avoid encoding binary data within textual formats using Base64 encoding Georgiy Podsvetov Media types 40
  • 41. • Self link to the collection resource • Link to the next page • Link to the previous page • Indicator of the size of the collection Include the following in collection representation Georgiy Podsvetov Representation data 41
  • 42. Georgiy Podsvetov Data formats • Use decimal, float, and double datatypes defined in the W3C XML Schema for formatting numbers including currency. • Use ISO 3166 codes for countries and dependent territories. • Use ISO 4217 alphabetic or numeric codes for denoting currency. • Use RFC 3339 for dates, times, and date-time values used in representations. • Use BCP 47 language tags for representing the language of text. • Use time zone identifiers from the Olson Time Zone Database to convey time zones.  42
  • 43. The JSON media type application/json does not specify a charset parameter but uses UTF-8 as the default encoding. RFC 4627 specifies ways to determine the character encoding of JSON-formatted data. Also avoid using the text/xml media type for XML-formatted representations. The default charset for text/xml is us-ascii, whereas application/xml uses UTF-8. Georgiy Podsvetov Media types 43
  • 44. For resources that are expected to be consumed by end users, provide HTML representations. ! Avoid designing HTML representations for machine clients. ! To enable web crawlers and such software, use microformats or RDFa to annotate data within the markup. ! http://microformats.org/wiki/hcard Georgiy Podsvetov Representation format 44
  • 45. Accept headers • Accept-Charset • Accept-Encoding • Accept-Language Accept — Content-Types that are acceptable for the response Accept: application/atom+xml;q=1.0, application/xml;q=0.6, */*;q=0.0 Accept-Language: fr;q=1.0, en;q=0.5 Accept-Encoding: gzip q = 0.0 … 1.0 default: 1.0 If the request has no Accept-Encoding header, do not compress representations. Georgiy Podsvetov45
  • 46. When the server cannot serve a representation that meets the client’s preferences and if the client explicitly included a */*;q=0.0, ! return status code 406 (Not Acceptable) with the body of the representation containing the list of representations. # Request GET /user/001/followers HTTP/1.1 Accept: application/json,*/*;q=0.0 ! # Response
 406 Not Acceptable
 Content-Type: application/json
 Link: <http://www.example.org/errors/mediatypes.html>;rel="help" {
 "message" : "This server does not support JSON. See help for alternatives." } Georgiy Podsvetov46
  • 47. Changes in API •Servers goal — keep clients from breaking •Client goal — not fail when new unknown data or links appear in representations Georgiy Podsvetov47
  • 48. Preserve the hierarchical structure <user>      <first-name>John</first-name>       <last-name>Doe</last-name>       <street>1 Some Street</street>       <city>Some City</city> <user> <user>       <first-name>John</first-name>      <last-name>Doe</last-name>       <street>1 Some Street</street>       <city>Some City</city>       <state>WA</state> <user>  <user>       <first-name>John</first-name>       <last-name>Doe</last-name>       <address>           <street>1 Some Street</street>           <city>Some City</city>  <state>WA</state>      </address> <user>  Origin Good Bad Changes in API Georgiy Podsvetov48
  • 49. •When parsing bodies of representations, look for known data •In the case of XML, look for known elements and attributes by name and not by position •Implement the client to not fail when it finds unrecognized data •If the client is capable of storing the complete representation locally, store everything Changes in API Georgiy Podsvetov49 •Treat new parameters as optional
  • 50. Add new resources with new URIs when there is a change in the behavior of resources or a change in the information contained in representations Avoid treating each version as a new representation with a new media type of the same resource Georgiy Podsvetov50
  • 51. What is the most flexible to design API? — resource identification Georgiy Podsvetov51
  • 52. • Analyze your use cases to find domain nouns that can be operated using «create», «read», «update» or «delete» operations. • Designate each noun as a resource. • Check resource granularity. Resource identification - network efficiency! - size of representations! - client convenience - cacheablility! - frequency of change! - mutability Georgiy Podsvetov52
  • 53. Composite resources • client usage patterns! • performance! • latency requirements Georgiy Podsvetov53
  • 54. Documentation • All resources and methods supported for each resource • Media types and representation formats for resources in requests and responses • Each link relation used, its business significance, HTTP method to be used, and resource that the link identifies • All fixed URIs that are not supplied via links • Query parameters used for all fixed URIs • URI templates and token substitution rules • Authentication and security credentials for accessing resources  Georgiy Podsvetov54
  • 55. Documentation Always provide consistent examples ! Be ready — users will copy examples and will try to run ! They will come to you and will lament that nothing works Georgiy Podsvetov55
  • 56. Questions? Georgiy Podsvetov Georgiy Podsvetov podsvetov@gmail.com https://www.linkedin.com/pub/georgiy-podsvetov/45/989/868 https://www.facebook.com/GeorgiyPodsvetov 56 #Request GET / HTTP/1.0 Host: 134.219.188.123 ! #Response HTTP/1.0 418 I am a Teapot Connection: close Content-Type: text/html RFC 7168