Skip to main content

Give it a REST

I'm wrapping up a REST layer to the service backend I've been developing for my still-unnamed-employer (find out when we launch, real soon now!). I had never developed a service under the "REST" acronym before, so my boss gave me a crash course, I read some things, I thought I got it. REST, a buzzword in its own right, is like stapling smoke to water when you try to define it. That isn't because its vague, its because most of the people who talk about it don't know what they're talking about.

Maybe I'm one of them and I shouldn't be posting this.

REST is Not:
  • HTTP
  • XML
  • RPC
  • A protocol, format, or even much of a specification
Rest is:
  • An idea(l)
  • Agnostic on just about every specification associated with it
Requests on a REST Service are:
  • Atomic. No request relies on any other made before or after it.
  • Self Authenticating. Every request must include any credentials. See point 1.
  • Self Describing. This is most commonly XML, and sometimes people think it must be, but it can be anything. We use JSON.
Some of the most interesting things I've learned working with a REST service are the things that do not fit the model well. No model fits every need perfectly, and REST doesn't escape that fact, I'm afraid.

In particular, you are not always transfering a state. There is a distinct difference between state transfer and a request to perform some operation upon a state. Unfortunately, any ways around some of the problems posed are directly rejected by the rules of REST.

For example, say you want to provide as a service a simple counter. You expose PUT on /counter/foobar to register a new counter, and then GET on /counter/foobar will provide the current level of the counter. Following the rules of REST, how do you provide an interface to safely increment such a counter? We can not perform a GET and a PUT, because it violates that each request be self contained, and it will break when any other client of the service is incrementing at the same time. We need a single operation to alter the state, without performing a state transfer.

The best thing you can do is use POST on a resource, and transfer a request to increment. It seems to violate the tenents of REST that the resource you POST will not actually reside at some permenant location, as they are throw-away requests. You either have to live with a not-exactly-REST interface (but, isn't that it works the important thing?) or actually keep requests around for some time. Maybe put them at some location, where they can be checked for review of their status.

I don't know if this is helpful to anyone else writing REST services, but the information around isn't always accurate, so why should I worry if I am?

Comments

Andrew Dalke said…
""""It seems to violate the tenents of REST that the resource you POST will not actually reside at some permenant location, as they are throw-away requests. """

That's not a tenent of REST. Think of submitting a blog entry. You POST to a resource which creates another URI (for the entry itself) and updates the main page.

For a counter you would not PUT at all, except perhaps to (re)set a counter. You could POST to a counter and have it increment by one, or GET from the counter to see its current state. Or use two URLs, one for each.

POST is a catch-all verb which has no explicit limitations on what it can do. GET should be side-effect free, PUT should only modify the resource PUT'ed to, and DELETE should only delete the resource PUT'ed do.

They can have side effect, eg, deleting an object likely means a resource listing all items in a collection gets updated. But the side effect should fit with the action.

POST, though, is free to do anything. Hence proxies and caches can't make any assumptions about its effect.
Jamie said…
Agreed... PUT is when you are placing (uploading) a resource to a pre-known location. Thus, /foobar/counter/1 would reset the counter to one. POSTing to a counter would increment it by one. If you were looking for a truly atomic "increment only if the current counter is less than 5" then you would use POST again.

Here's the basic difference: with RPC (i.e., XML-RPC, SOAP, etc), you call /getperson?name=jamie while with REST you'd call /person/jamie with a GET command.

In other words, with REST you call or create a resource -- a database record, an object in the OOP sense, the model -- with one of three basic VERBS, GET, PUT, or DELETE. (POST can be for RPC-like behavior when you don't actually know what the resource might be called.)

I.e., instead of calling a FUNCTION or METHOD and pass what object you want to call as a parameter, you instead call the remote object and pass the function (GET,PUT, DELETE) you want as the parameter.

It's actually not too hard, just requires an adjustment in thinking, but I agree -- most people that think they know what REST is, don't!

Popular posts from this blog

Respect and Code Reviews

Code Reviews in a development team only function best, or possible at all, when everyone approaches them with respect. That’s something I’ve usually taken for granted because I’ve had the opportunity to work with amazing developers who shine not just in their technical skills but in their interpersonal skills on a team. That isn’t always the case, so I’m going to put into words something that often exists just in assumptions.
You have to respect your code. This is first only because the nature and intent of code reviews are to safeguard the quality of your code, so even having code reviews demonstrates a baseline of respect for that code. But, maybe not everyone on the team has the same level of respect or entered a team with existing review traditions that they aren’t acquainted with.
There can be culture shock when you enter a team that’s really heavy on code reviews, but also if you enter a team or interact with a colleague who doesn’t share that level of respect for the process or…

CARDIAC: The Cardboard Computer

I am just so excited about this.


CARDIAC. The Cardboard Computer. How cool is that? This piece of history is amazing and better than that: it is extremely accessible. This fantastic design was built in 1969 by David Hagelbarger at Bell Labs to explain what computers were to those who would otherwise have no exposure to them. Miraculously, the CARDIAC (CARDboard Interactive Aid to Computation) was able to actually function as a slow and rudimentary computer. 
One of the most fascinating aspects of this gem is that at the time of its publication the scope it was able to demonstrate was actually useful in explaining what a computer was. Could you imagine trying to explain computers today with anything close to the CARDIAC?

It had 100 memory locations and only ten instructions. The memory held signed 3-digit numbers (-999 through 999) and instructions could be encoded such that the first digit was the instruction and the second two digits were the address of memory to operate on. The only re…

How To Care If BSD, MIT, or GPL Licenses Are Used

The two recent posts about some individuals' choice of GPL versus others' preference for BSD and MIT style licensing has caused a lot of debate and response. I've seen everything as an interesting combination of very important topics being taken far too seriously and far too personally. All involved need to take a few steps back.

For the uninitiated and as a clarifier for the initiated, we're dealing with (basically) three categories of licensing when someone releases software (and/or its code):
Closed Source. Easiest to explain, because you just get nothing.GPL. If you get the software, you get the source code, you get to change it, and anything you combine it with must be under the same terms.MIT and BSD. If you get the software, you might get the source code, you get to change it, and you have no obligations about anything else you combine it with.The situation gets stickier when we look at those combinations and the transitions between them.

Use GPL code with Closed S…