Page protected with pending changes

Representational state transfer

From Wikipedia, the free encyclopedia
  (Redirected from REST API)
Jump to navigation Jump to search

Representational state transfer (REST) is a software architectural style which uses a subset of HTTP.[1] It is commonly used to create interactive applications that use Web services. A Web service that follows these guidelines is called RESTful. Such a Web service must provide its Web resources in a textual representation and allow them to be read and modified with a stateless protocol and a predefined set of operations. This approach allows interoperability between the computer systems on the Internet that provide these services. REST is an alternative to, for example, SOAP as way to access a Web service.[2]

"Web resources" were first defined on the World Wide Web as documents or files identified by their URLs. Today, the definition is much more generic and abstract, and includes every thing, entity, or action that can be identified, named, addressed, handled, or performed in any way on the Web. In a RESTful Web service, requests made to a resource's URI elicit a response with a payload formatted in HTML, XML, JSON, or some other format. For example, the response can confirm that the resource state has been changed. The response can also include hypertext links to related resources. The most common protocol for these requests and responses is HTTP. It provides operations (HTTP methods) such as GET, POST, PUT, and DELETE.[3] By using a stateless protocol and standard operations, RESTful systems aim for fast performance, reliability, and the ability to grow by reusing components that can be managed and updated without affecting the system as a whole, even while it is running.

The goal of REST is to increase performance, scalability, simplicity, modifiability, visibility, portability, and reliability. This is achieved through following REST principles such as a client–server architecture, statelessness, cacheability, use of a layered system, support for code on demand, and using a uniform interface. These principles must be followed for the system to be classified as REST.

The term representational state transfer was introduced and defined in 2000 by Roy Fielding in his doctoral dissertation.[1][4] Fielding's dissertation explained the REST principles that were known as the "HTTP object model" beginning in 1994, and were used in designing the HTTP 1.1 and Uniform Resource Identifiers (URI) standards.[5][6] The term is intended to evoke an image of how a well-designed Web application behaves: it is a network of Web resources (a virtual state-machine) where the user progresses through the application by selecting resource identifiers such as https://example.org/articles/123 and resource operations such as GET or POST (application state transitions), resulting in the next resource's representation (the next application state) being transferred to the end user for their use.

Several models have been developed to help classify REST APIs according to their adherence to various principles of REST design, such as the Richardson Maturity Model.[7]

History[edit]

Roy Fielding speaking at OSCON 2008

Roy Fielding defined REST in his 2000 PhD dissertation "Architectural Styles and the Design of Network-based Software Architectures" at UC Irvine.[1] He developed the REST architectural style in parallel with HTTP 1.1 of 1996–1999, based on the existing design of HTTP 1.0[8] of 1996.

In a retrospective look at the development of REST, Fielding said:

Throughout the HTTP standardization process, I was called on to defend the design choices of the Web. That is an extremely difficult thing to do within a process that accepts proposals from anyone on a topic that was rapidly becoming the center of an entire industry. I had comments from well over 500 developers, many of whom were distinguished engineers with decades of experience, and I had to explain everything from the most abstract notions of Web interaction to the finest details of HTTP syntax. That process honed my model down to a core set of principles, properties, and constraints that are now called REST.[8]

Architectural properties[edit]

The constraints of the REST architectural style affect the following architectural properties:[1][9]

  • performance in component interactions, which can be the dominant factor in user-perceived performance and network efficiency;[10]
  • scalability allowing the support of large numbers of components and interactions among components. Roy Fielding describes REST's effect on scalability as follows:

    REST's client–server separation of concerns simplifies component implementation, reduces the complexity of connector semantics, improves the effectiveness of performance tuning, and increases the scalability of pure server components. Layered system constraints allow intermediaries—proxies, gateways, and firewalls—to be introduced at various points in the communication without changing the interfaces between components, thus allowing them to assist in communication translation or improve performance via large-scale, shared caching. REST enables intermediate processing by constraining messages to be self-descriptive: interaction is stateless between requests, standard methods and media types are used to indicate semantics and exchange information, and responses explicitly indicate cacheability.[1]

  • simplicity of a uniform interface;
  • modifiability of components to meet changing needs (even while the application is running);
  • visibility of communication between components by service agents;
  • portability of components by moving program code with the data;
  • reliability in the resistance to failure at the system level in the presence of failures within components, connectors, or data.[10]

Architectural constraints[edit]

Six guiding constraints define a RESTful system.[9][11] These constraints restrict the ways that the server can process and respond to client requests so that, by operating within these constraints, the system gains desirable non-functional properties, such as performance, scalability, simplicity, modifiability, visibility, portability, and reliability.[1] If a system violates any of the required constraints, it cannot be considered RESTful.

The formal REST constraints are as follows:

Client–server architecture[edit]

The principle behind the client–server constraints is the separation of concerns. Separating the user interface concerns from the data storage concerns improves the portability of the user interfaces across multiple platforms. It also improves scalability by simplifying the server components. Perhaps most significant to the Web is that the separation allows the components to evolve independently, thus supporting the Internet-scale requirement of multiple organizational domains.[1]

Statelessness[edit]

The communication must be stateless in nature, such that each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client.

This constraint induces the properties of visibility, reliability, and scalability. Visibility is improved because a monitoring system does not have to look beyond a single request datum in order to determine the full nature of the request. Reliability is improved because it eases the task of recovering from partial failures. Scalability is improved because not having to store state between requests allows the server component to quickly free resources, and further simplifies implementation because the server doesn't have to manage resource usage across requests.

Like most architectural choices, the stateless constraint reflects a design trade-off. The disadvantage is that it may decrease network performance by increasing the repetitive data (per-interaction overhead) sent in a series of requests, since that data cannot be left on the server in a shared context. In addition, placing the application state on the client-side reduces the server's control over consistent application behavior, since the application becomes dependent on the correct implementation of semantics across multiple client versions.

Cacheability[edit]

Clients and intermediaries can cache responses. Responses must, implicitly or explicitly, define themselves as either cacheable or non-cacheable to prevent clients from providing stale or inappropriate data in response to further requests. Well-managed caching partially or completely eliminates some client–server interactions, further improving scalability and performance.

Layered system[edit]

A client cannot ordinarily tell whether it is connected directly to the end server or to an intermediary along the way. If a proxy or load balancer is placed between the client and server, it won't affect their communications, and there won't be a need to update the client or server code. Intermediary servers can improve system scalability by enabling load balancing and by providing shared caches. Also, security can be added as a layer on top of the Web services, separating business logic from security logic.[12] Adding security as a separate layer enforces security policies. Finally, intermediary servers can call multiple other servers to generate a response to the client.

Code on demand (optional)[edit]

Servers can temporarily extend or customize the functionality of a client by transferring executable code: for example, compiled components such as Java applets, or client-side scripts such as JavaScript.

Uniform interface[edit]

The uniform interface constraint is fundamental to the design of any RESTful system.[1] It simplifies and decouples the architecture, which enables each part to evolve independently. The four constraints for this uniform interface are:

Resource identification in requests
Individual resources are identified in requests, for example using URIs. The resources themselves are conceptually separate from the representations that are returned to the client. For example, the server could send data from its database as HTML, XML or as JSON—none of which are the server's internal representation.
Resource manipulation through representations
When a client holds a representation of a resource, including any metadata attached, it has enough information to modify or delete the resource's state.
Self-descriptive messages
Each message includes enough information to describe how to process the message. For example, which parser to invoke can be specified by a media type.[1]
Hypermedia as the engine of application state (HATEOAS)
Once a client accesses the initial URI of a REST application, like the home page of a Website, all application state transitions must be driven by client selection of server-provided hyperlinks to other resources that are present in the received resource representations. There is no need for the client to be hard-coded with information regarding the structure or dynamics of the application.[13][14]

Common misconceptions[edit]

Fielding stated the rules related to the HATEOAS constraint that are most often violated within so-called REST APIs:[13]

API designers, please note the following rules before calling your creation a REST API:

  • A REST API should not be dependent on any single communication protocol, though its successful mapping to a given protocol may be dependent on the availability of metadata, choice of methods, etc. In general, any protocol element that uses a URI for identification must allow any URI scheme to be used for the sake of that identification. [Failure here implies that identification is not separated from interaction.]
  • A REST API should not contain any changes to the communication protocols aside from filling-out or fixing the details of underspecified bits of standard protocols, such as HTTP’s PATCH method or Link header field. Workarounds for broken implementations (such as those browsers stupid enough to believe that HTML defines HTTP’s method set) should be defined separately, or at least in appendices, with an expectation that the workaround will eventually be obsolete. [Failure here implies that the resource interfaces are object-specific, not generic.]
  • A REST API should spend almost all of its descriptive effort in defining the media type(s) used for representing resources and driving application state, or in defining extended relation names and/or hypertext-enabled mark-up for existing standard media types. Any effort spent describing what methods to use on what URIs of interest should be entirely defined within the scope of the processing rules for a media type (and, in most cases, already defined by existing media types). [Failure here implies that out-of-band information is driving interaction instead of hypertext.]
  • A REST API must not define fixed resource names or hierarchies (an obvious coupling of client and server). Servers must have the freedom to control their own namespace. Instead, allow servers to instruct clients on how to construct appropriate URIs, such as is done in HTML forms and URI templates, by defining those instructions within media types and link relations. [Failure here implies that clients are assuming a resource structure due to out-of band information, such as a domain-specific standard, which is the data-oriented equivalent to RPC’s functional coupling].
  • A REST API should never have “typed” resources that are significant to the client. Specification authors may use resource types for describing server implementation behind the interface, but those types must be irrelevant and invisible to the client. The only types that are significant to a client are the current representation’s media type and standardized relation names. [ditto]
  • A REST API should be entered with no prior knowledge beyond the initial URI (bookmark) and set of standardized media types that are appropriate for the intended audience (i.e., expected to be understood by any client that might use the API). From that point on, all application state transitions must be driven by client selection of server-provided choices that are present in the received representations or implied by the user’s manipulation of those representations. The transitions may be determined (or limited by) the client’s knowledge of media types and resource communication mechanisms, both of which may be improved on-the-fly (e.g., code-on-demand). [Failure here implies that out-of-band information is driving interaction instead of hypertext.]

Relationship to the Web[edit]

Web implementations are not equivalent to Web architecture and Web architecture is not equivalent to the REST architectural style:[15]

  • Web implementation consists of the current universe of information identified by URIs and all of the specific versions of software currently operating within that information space (like Safari, Firefox, Apache httpd, WordPress, …).
  • Web architecture consists of the protocols and data formats that define the syntax and semantics of interactions between Web components: the standards for URI, HTTP, HTML, XML, and many others. All of these standards are designed to optimize RESTful interaction, with varying degrees of success, but not to require such interaction because RESTful interaction is not the only way they are used.
  • REST is an architectural style that, when followed, allows components to carry out their functions in a way that maximizes the most important architectural properties of a multi-organizational, network-based information system. In particular, it maximizes the growth of identified information within that system, which increases the utility of the system as a whole.

Semantics of HTTP methods[edit]

The following table shows how HTTP methods are intended to be used in HTTP APIs, including RESTful ones.

Semantics of HTTP methods
HTTP method CRUD equivalent Description
GET[3]:§4.3.1 Read Get a representation of the target resource’s state.
POST[3]:§4.3.3 Let the target resource process the representation enclosed in the request.
PUT[3]:§4.3.4 Create and update Set the target resource’s state to the state defined by the representation enclosed in the request.
DELETE[3]:§4.3.5 Delete Delete the target resource’s state.

The GET method is safe, meaning that applying it to a resource does not result in a state change of the resource (read-only semantics).[3]:§4.2.1 The GET, PUT, and DELETE methods are idempotent, meaning that applying them multiple times to a resource results in the same state change of the resource as applying them once, though the response might differ.[3]:§4.2.2 The GET and POST methods are cacheable, meaning that responses to them are allowed to be stored for future reuse.[3]:§4.2.3

The GET (read), PUT (create and update), and DELETE (delete) methods are CRUD operations as they have storage management semantics, meaning that they let user agents directly manipulate the states of target resources. The POST method is not a CRUD operation but a process operation that has target-resource-specific semantics excluding CRUD operations.[16]

See also[edit]

References[edit]

  1. ^ a b c d e f g h i Fielding, Roy Thomas (2000). "Chapter 5: Representational State Transfer (REST)". Architectural Styles and the Design of Network-based Software Architectures (Ph.D.). University of California, Irvine. This chapter introduced the Representational State Transfer (REST) architectural style for distributed hypermedia systems. REST provides a set of architectural constraints that, when applied as a whole, emphasizes scalability of component interactions, the generality of interfaces, independent deployment of components, and intermediary components to reduce interaction latency, enforce security, and encapsulate legacy systems.
  2. ^ "Web Services Architecture". World Wide Web Consortium. 11 February 2004. 3.1.3 Relationship to the World Wide Web and REST Architectures. Retrieved 29 September 2016.
  3. ^ a b c d e f g h Fielding, Roy (June 2014). "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content, Section 4". IETF. Internet Engineering Task Force (IETF). RFC 7231. Retrieved 2018-02-14.
  4. ^ "Fielding discussing the definition of the REST term". groups.yahoo.com. Retrieved 2017-08-08.
  5. ^ Fielding, Roy; Gettys, Jim; Mogul, Jeffrey; Frystyk, Henrik; Masinter, Larry; Leach, Paul; Berners-Lee, Tim (June 1999). "Hypertext Transfer Protocol -- HTTP/1.1". IETF. Internet Engineering Task Force (IETF). RFC 2616. Retrieved 2018-02-14.
  6. ^ Fielding, Roy Thomas (2000). "Chapter 6: Experience and Evaluation". Architectural Styles and the Design of Network-based Software Architectures (Ph.D.). University of California, Irvine. Since 1994, the REST architectural style has been used to guide the design and development of the architecture for the modern Web. This chapter describes the experience and lessons learned from applying REST while authoring the Internet standards for the Hypertext Transfer Protocol (HTTP) and Uniform Resource Identifiers (URI), the two specifications that define the generic interface used by all component interactions on the Web, as well as from the deployment of these technologies in the form of the libwww-perl client library, the Apache HTTP Server Project, and other implementations of the protocol standards.
  7. ^ Ivan Salvadori, Frank Siqueira (June 2015). "A Maturity Model for Semantic RESTful Web APIs". Conference: Web Services (ICWS), 2015 IEEE International Conference onAt: New York - USA – via Researchgate.
  8. ^ a b "Fielding discusses the development of the REST style". Tech.groups.yahoo.com. Archived from the original on November 11, 2009. Retrieved 2014-09-14.
  9. ^ a b Erl, Thomas; Carlyle, Benjamin; Pautasso, Cesare; Balasubramanian, Raj (2012). "5.1". SOA with REST: Principles, Patterns & Constraints for Building Enterprise Solutions with REST. Upper Saddle River, New Jersey: Prentice Hall. ISBN 978-0-13-701251-0.
  10. ^ a b Fielding, Roy Thomas (2000). "Chapter 2: Network-based Application Architectures". Architectural Styles and the Design of Network-based Software Architectures (Ph.D.). University of California, Irvine.
  11. ^ Richardson, Leonard; Ruby, Sam (2007). RESTful Web Services. Sebastopol, California: O'Reilly Media. ISBN 978-0-596-52926-0.
  12. ^ Lange, Kenneth (2016). The Little Book on REST Services. Copenhagen. p. 19. Retrieved 18 August 2019.
  13. ^ a b Roy T. Fielding (2008-10-20). "REST APIs must be hypertext driven". roy.gbiv.com. Retrieved 2021-05-16.
  14. ^ "REST HATEOAS". RESTfulAPI.net.
  15. ^ Roy T. Fielding (2008-03-22). "REST APIs must be hypertext driven". roy.gbiv.com. Retrieved 2021-05-16.
  16. ^ Roy T. Fielding (2009-03-20). "It is okay to use POST". roy.gbiv.com. Retrieved 2020-04-14. POST only becomes an issue when it is used in a situation for which some other method is ideally suited: e.g., retrieval of information that should be a representation of some resource (GET), complete replacement of a representation (PUT), or any of the other standardized methods that tell intermediaries something more valuable than “this may change something.” The other methods are more valuable to intermediaries because they say something about how failures can be automatically handled and how intermediate caches can optimize their behavior. POST does not have those characteristics, but that doesn’t mean we can live without it. POST serves many useful purposes in HTTP, including the general purpose of “this action isn’t worth standardizing.”

Further reading[edit]