rest api representational state transfer
TRANSCRIPT
REST APIRepresentational State TransferUmme Habiba
KTH-Applied
Information Security
Lab SEECS
February 14, 2013
Web Basics: Operations, via the HTTP API
0 HTTP provides a simple set of operations. Amazingly, all Web exchanges are done using this simple HTTP API:0 GET
0 Properties: Safe, Idempotent0 Usage: Retrieving a resource
0 POST0 Properties: UNSAFE0 Creating a resource within a collection (resource URI unknown)
0 PUT0 Properties: Idempotent0 Usage: Creating or updating a resource at a known URI
0 DELETE0 Properties: Idempotent0 Usage: Deleting a resource
2 Umme Habiba: KTH-Applied Information Security Lab SEECS
Resource Oriented Architecture?
0ROA is the term for REST on HTTP/URI0A Service consists of all the resources available within a
certain domain of control0Since REST is a type of SOA, ROA is an implementation of
SOA as well.
Umme Habiba: KTH-Applied Information Security Lab SEECS
AmazonWeb Server
POST / HTTP/1.1Host: ttp://www.amazon.com
Book: DaVince CodeCredit Card: VisaNumber: 123-45-6789Expiry: 12-04-06
Book: Da Vince CodeCredit Card: VisaNumber: 123-45-6789Expiry: 12-04-06
Desired action
Target Machine
Data being Posted
HTTP Header
HTTP Payload
Web Basics: Simple Set of Operations, via the HTTP API
4 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST
Roy Fielding described REST as an architecture style which attempts “to minimize latency and network communication, while at the same time maximizing the independence and scalability of component implementations"
5 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST - Not a Standard
0REST is not a standard 0REST is just a design pattern 0REST does prescribe the use of standards:
0 HTTP0 URL0 XML/HTML/GIF/JPEG/etc. (Resource Representations)0 text/xml, text/html, image/gif, image/jpeg, etc. (Resource
Types, MIME Types)
6 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why is it called "Representational State Transfer? "
7
ResourceClienthttp://www.boeing.com/aircraft/747
Boeing747.html
The Client references a Web resource using a URL. A representation of the resource is returned (in this case as an HTML document).The representation (e.g., Boeing747.html) places the client in a new state. When the client selects a hyperlink in Boeing747.html, it accesses another resource. The new representation places the client application into yet another state. Thus, the client application transfers state with each resource representation.
Fuel requirementsMaintenance schedule...
Umme Habiba: KTH-Applied Information Security Lab SEECS
REST Constraints0 Important ‘things’ (Noun) are Resources
0 Addressed through a URI
0Uniform interface (Verb)0 In HTTP: GET, PUT, POST, DELETE
0Verb-Noun separation makes integration easier0 GET /customer/45
Instead of getCustomer(45) OR viewCustomer(45) OR showCustomer(45)
8 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST0Create a resource for every service.0Separation of resource from representation0The data that a Web service returns should link to other data.0Resources are identified by URIs0Resources are manipulated through their representations0Self-descriptive messages
9 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why not plain HTML?
0Web pages are designed to be understood by people,0 layout and styling do matter, not just raw data
0Every URI could have a human-readable and a machine-process-able representation:0 Web Services clients ask for the machine-readable one0 Browsers ask for the human-readable.
0A web page is a representation of a resource0URIs tell a client that there's a concept somewhere0Clients can then request a specific representation of the
concept from the representations the server makes available
10 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why hypertext?
0Because the links mirror the structure of how a user makes progress through an application
0The user is in control, thanks to the Back button and other non-local actions
0 In a Web service, the client should be in control in the same sense
11
<order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' />
</order> Umme Habiba: KTH-Applied Information Security Lab SEECS
What is REST??
0Uniform Interface0Stateless0Cacheable0Client-Server0Layered System0Code on Demand (Optional)
12 Umme Habiba: KTH-Applied Information Security Lab SEECS
Uniform Interface
0 Simplifies & decouples Architecture for better visibility & evovlability.
0 Resource based representation0 Manipulation of resources through representations0 Self-descriptive messages0 Principle of Generality on Interface0 Con: Degrades efficiency 0 Optimized: Large grain hypermedia transfer
13 Umme Habiba: KTH-Applied Information Security Lab SEECS
Client Server
0 Separation of Concerns0 Improve Portability of UI0 Scalability per simple server components0 Independent evolution
14 Umme Habiba: KTH-Applied Information Security Lab SEECS
Cache
0Eliminates Client server Interactions, partially or completely 0 Improves Scalability and performance0Reduced latency in average0Con: Decrease on reliability, cached data may not be the
recently updated
15 Umme Habiba: KTH-Applied Information Security Lab SEECS
Layered System
0 Restrict knowledge of system to 1 layer0 Bounds systems complexity + Encapsulation0 Intermediaries and load balancing0 Con: Add overhead and latency0 Optimized: Pipes & Filters behavior with intermediaries
processing partially the message
16 Umme Habiba: KTH-Applied Information Security Lab SEECS
Stateless
0Statelessness is the key.0Necessary state is contained in the request itself.0Prevents partial failures0No context in server, session in client 0Visibility, reliability, and scalability0Con: Decrease network performance
17 Umme Habiba: KTH-Applied Information Security Lab SEECS
Code On Demand (Optional)0 Temporary extend or customize client functionality
(extensibility- java scripts and java applets)0 Client simplification0 Con: Reduces visibility0 This is the only optional constrain
18 Umme Habiba: KTH-Applied Information Security Lab SEECS
Who is using REST?
0Google0GData, OpenSocial
0Standards0Atom, WebDAV
0Amazon0S3, SimpleDB
0Microsoft (!)0Project Astoria, Web3S
Umme Habiba: KTH-Applied Information Security Lab SEECS19
Advantages of REST
0 Its architectural constraints when applied as a whole, generate:0 Scalable component interactions0 General interfaces0 Independently deployed connectors0 Reduced interaction latency0 Strengthened security0 Safe encapsulation of legacy systems
0 Separates server implementation from the client's perception of resources
0 Scales well to large numbers of clients0 Enables transfer of data in streams of unlimited size and type
20 Umme Habiba: KTH-Applied Information Security Lab SEECS
Thank You
21