|
|
@@ -0,0 +1,163 @@
|
|
|
+REST principles
|
|
|
+===============
|
|
|
+
|
|
|
+This chapter will attempt to define the concepts behind REST
|
|
|
+and explain what makes a service RESTful.
|
|
|
+
|
|
|
+REST is often confused with performing a distinct operation
|
|
|
+depending on the HTTP method, while using more than the GET
|
|
|
+and POST methods. That's highly misguided at best.
|
|
|
+
|
|
|
+We will first attempt to define REST and will look at what
|
|
|
+it means in the context of HTTP and the Web.
|
|
|
+For a more in-depth explanation of REST, you can read
|
|
|
+[Roy T. Fielding's dissertation](http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm)
|
|
|
+as it does a great job explaining where it comes from and
|
|
|
+what it achieves.
|
|
|
+
|
|
|
+REST architecture
|
|
|
+-----------------
|
|
|
+
|
|
|
+REST is a *client-server* architecture. The client and the server
|
|
|
+both have a different set of concerns. The client cares about how
|
|
|
+it will display information to the user. The server cares about
|
|
|
+how to store that information and how to make it available to
|
|
|
+users efficiently. This separation of concerns allows both the
|
|
|
+client and the server to evolve independently as it only requires
|
|
|
+that the interface stays the same.
|
|
|
+
|
|
|
+REST is *stateless*. That means the communication between the
|
|
|
+client and the server always contains all the information needed
|
|
|
+to perform the request. There is no session state in the server,
|
|
|
+it is kept entirely on the client's side. If access to a resource
|
|
|
+requires authentication, then the client needs to authenticate
|
|
|
+itself with every request.
|
|
|
+
|
|
|
+REST is *cacheable*. The client, the server and any intermediary
|
|
|
+components can all cache resources in order to improve performance.
|
|
|
+
|
|
|
+REST provides a *uniform interface* between components. This
|
|
|
+simplifies the architecture, as all components follow the same
|
|
|
+rules to speak to one another. It also makes it easier to understand
|
|
|
+the interactions between the different components of the system.
|
|
|
+A number of constraints are required to achieve this. They are
|
|
|
+covered in the rest of the chapter.
|
|
|
+
|
|
|
+REST is a *layered system*. Individual components cannot see
|
|
|
+beyond the immediate layer with which they are interacting. This
|
|
|
+means that a client connecting to an intermediate component, like
|
|
|
+a proxy, has no knowledge of what lies beyond. This allows
|
|
|
+components to be independent and thus easily replaceable or
|
|
|
+extendable.
|
|
|
+
|
|
|
+REST optionally provides *code on demand*. Code may be downloaded
|
|
|
+to extend client functionality. This is optional however because
|
|
|
+the client may not be able to download or run this code, and so
|
|
|
+a REST component cannot rely on it being executed.
|
|
|
+
|
|
|
+Resources and resource identifiers
|
|
|
+----------------------------------
|
|
|
+
|
|
|
+A resource is an abstract concept. In a REST system, any information
|
|
|
+that can be named can be a resource. This includes documents, images,
|
|
|
+a collection of resources and any other information. Any information
|
|
|
+that can be the target of an hypertext link can be a resource.
|
|
|
+
|
|
|
+A resource is a conceptual mapping to a set of entities. The set of
|
|
|
+entities evolves over time; a resource doesn't. For example a resource
|
|
|
+can map to "users who have logged in this past month" and another
|
|
|
+to "all users". At some point in time they may map to the same set of
|
|
|
+entities, because all users logged in this past month. But they are
|
|
|
+still different resources. Similarly, if nobody logged in recently,
|
|
|
+then the first resource may map to the empty set. This resource exists
|
|
|
+regardless of the information it maps to.
|
|
|
+
|
|
|
+Resources are identified by uniform resource identifiers, also known
|
|
|
+as URIs. Sometimes internationalized resource identifiers, or IRIs,
|
|
|
+may also be used, but these can be directly translated into a URI.
|
|
|
+
|
|
|
+In practice we will identify two kinds of resources. Individual
|
|
|
+resources map to a set of one element, for example "user Joe".
|
|
|
+Collection of resources map to a set of 0 to N elements,
|
|
|
+for example "all users".
|
|
|
+
|
|
|
+Resource representations
|
|
|
+------------------------
|
|
|
+
|
|
|
+The representation of a resource is a sequence of bytes associated
|
|
|
+with metadata.
|
|
|
+
|
|
|
+The metadata comes as a list of key-value pairs, where the name is
|
|
|
+corresponds to a standard that defines the value's structure and
|
|
|
+semantics. In HTTP the metadata comes in the form of HTTP headers
|
|
|
+which are well defined by the HTTP standard. Metadata includes
|
|
|
+representation metadata, resource metadata and control data.
|
|
|
+
|
|
|
+The representation metadata gives additional information about
|
|
|
+the representation, such as its media type, the last date of
|
|
|
+modification, or even an Etag.
|
|
|
+
|
|
|
+Resource metadata could be link to related resources or
|
|
|
+information about additional representations of the resource.
|
|
|
+
|
|
|
+Control data allows parameterizing the request or response.
|
|
|
+For example, we may only want the representation returned if
|
|
|
+it is more recent than the one we have in cache. Similarly,
|
|
|
+we may want to instruct the client about how it should cache
|
|
|
+the representation. This isn't restricted to caching. We may
|
|
|
+for example want to store a new representation of a resource
|
|
|
+only if it wasn't modified since we first retrieved it.
|
|
|
+
|
|
|
+The data format of a representation is also known as the media
|
|
|
+type. Some media types are intended for direct rendering to the
|
|
|
+user, while others are intended for automated processing. The
|
|
|
+media type is a key component of the REST architecture.
|
|
|
+
|
|
|
+Self-descriptive messages
|
|
|
+-------------------------
|
|
|
+
|
|
|
+Messages must be self-descriptive. That means that the data
|
|
|
+format of a representation must always come with its media
|
|
|
+type (and similarly requesting a resource involves choosing
|
|
|
+the media type of the representation returned). If you are
|
|
|
+sending HTML, then you must say it is HTML by sending the
|
|
|
+media type with the representation. In HTTP this is done
|
|
|
+using the content-type header.
|
|
|
+
|
|
|
+The media type is often an IANA registered media type, like
|
|
|
+`text/html` or `image/png`, but does not need to be. Exactly
|
|
|
+two things are important for respecting this constraint: that
|
|
|
+the media type is well specified, and that the sender and
|
|
|
+recipient agree about what the media type refers to.
|
|
|
+
|
|
|
+This means that you can create your own media types, like
|
|
|
+`application/x-mine`, and that as long as you write the
|
|
|
+specifications for it and that both endpoints agree about
|
|
|
+it then the constraint is respected.
|
|
|
+
|
|
|
+Hypermedia as the engine of application state
|
|
|
+---------------------------------------------
|
|
|
+
|
|
|
+The last constraint is generally where services that claim
|
|
|
+to be RESTful fail. Interactions with a server must be
|
|
|
+entirely driven by hypermedia. The client does not need
|
|
|
+any prior knowledge of the service in order to use it,
|
|
|
+other than an entry point and of course basic understanding
|
|
|
+of the media type of the representations, at the very least
|
|
|
+enough to find and identify hyperlinks and link relations.
|
|
|
+
|
|
|
+To give a simple example, if your service only works with
|
|
|
+the `application/json` media type then this constraint
|
|
|
+cannot be respected (as there are no concept of links in
|
|
|
+JSON) and thus your service isn't RESTful. This is the case
|
|
|
+for the majority of self-proclaimed REST services.
|
|
|
+
|
|
|
+On the other hand if you create a JSON based media type
|
|
|
+that has a concept of links and link relations, then
|
|
|
+your service might be RESTful.
|
|
|
+
|
|
|
+Respecting this constraint means that the entirety of the
|
|
|
+service becomes self-discoverable, not only the resources
|
|
|
+in it, but also the operations you can perform on it. This
|
|
|
+makes clients very thin as there is no need to implement
|
|
|
+anything specific to the service to operate on it.
|
Loïc Hoguin