Pages

Introducing the Architecture REST - Creating APIs - Part 02

Monday, May 16, 2011



In this post, we continue talking about the REST architecture and our progress to create our first API.  This is the second part of the series, if you want to see the Introduction, please check this link

The SOA Principles

The REST is also considered a Service-Oriented Architecture (SOA) , so it the SOA principles must be considered. The REST architecture follows the interoperability by providing support for several types of response. It is a good practice to make your resource accept HTML, JSON or XML in the same method, turning it more portable.  Depending of the target of your application, the number of clients of your services can be bigger in this way. However, providing all those types of response consumes time, and you have to analyze if you are available for working on this interoperability.

It is also important that your RESTful services don't take overloaded operations. This includes heavy processing tasks such as data transformations (XML to JSON, XML to Text/Plain, etc.) as also the validation of the data before each transformation.  This results in the other principle of SOA the weak coupling, that is, make your system less dependent of other modules in order to reduce the modification effects and failure tailoring.  Generally the simple RESTful services systems are divided in the following packages:

  • resources -  The resources of your system which implement the HTTP methods POST, GET, PUT, DELETE. For each request received, it uses the modules of the utils package and the communication provided with dao, if necessary. The resources also have the task of interpret the result , possible failures and response to the client.
  • utils - The utility classes as also related to data transformation.
  • dao -  The classes with the pattern DAO (Data Access Object), responsible for the database transactions
It is also common to see the developers abuse of the methods POST and GET.  Using REST, the developer must know well the four main methods: POST, GET, PUT and DELETE.  We will explain in the next paragraphs about those and comment a little about the HEAD and OPTIONS. For illustrate the explanation, we will use a resource user implemented at http://www.example.com/resources/user/.



POST

Submit the data to be processed at a target resource, which can result in the creation of a new or an update of the existing resources. The data are included in the body of the request. For instance, making a request POST to http://www.example.com/resources/user/  and including the body represented by the JSON in the Figure 01, we will requesting to the server to add this new user. If the user was created successfully, the response will be with a status code 201, pointing that our resource was created.

Figure 1 - JSON as body

GET

Used to request a new representation of the resource specified. In practice, making a request GET in http://www.example.com/resources/user/10 will return as response the user whose the id is 10.  In the other hand if our request was to the url http://www.example.com/resources/user/ , we would have as response the list of all users.

PUT

]It updates the representation of the resource. The data must be sent in the body of the request. Besides, if the URI of the request doesn't not point out to a existing resource, it is allowed to create a new resource with this URI. In our example, if we wanted to update the password of the user with the login "marcelcaraciolo", we just need to make a PUT request to http://www.example.com/resources/user/10 putting the JSON body represented in the next figure, containing the refreshed data.

Figure 2 - JSON as body

DELETE

It deletes a specified resource. It doesn't have the body. If we request the DELETE method to URI http://www.example.com/resources/user/10 it would mean to the serve that we want it to delete the user with the id is equal to 10.

HEAD

Similar to the method GET, but without the body of the response. This method can be used to obtain the metadata of a entity target of the request, without transfer all the data (the body itself of the entity) to the client.

OPTIONS

Return the HTTP methods that the server supports for a specified URI. It can be used to check the features available of a web service. Making a request OPTIONS to http://www.example.com/resources/user/ , we would receive the attribute 'Allow' in the headers with the fields OPTIONS and POST. However making the request OPTIONS to the URI http://www.example.com/resources/user/* ,  we would receive the response OPTIONS, GET, PUT, DELETE and HEAD.  But wait, you may be asking yourself , where is the POST ? Is it missing ?  When you put the wildcat  (*) it is expected some response, but our method POST, using the good practices, is not mapped to accept requests with the URI finishing in 'user/*'.  In other words,  it doesn't make sense to request a POST to 'user/10' , since the id of the resource must be created by the serve. Besides that, in a OPTIONS request, in the body it will come the WADL file, which we will discuss later.

It is important to API developers to know that the client of the service represents the user. So, it is a convention to not use the methods GET and HEAD to do actions,  except the action of information recovering, therefore they are considered safe methods.

Although, knowing that the methods GET and HEAD are secure, the user are conscious about the fact that an action possibly insecure will be requested if it uses the other HTTP methods. To sum up, don't use GET and HEAD to make requests that generate collateral effects. So use the GET method to modify an entity is an anti-pattern and not a good practice in developing REST APIs.

Another important property is the idempotence. PUT, DELETE and OPTIONS are idempotent methods, that is, multiple operations must always return the same result and have the same effect in the application as  one. For instance, making several GET requests to the same URI, it will always return the same response, in case of the requested data didn't change in the interval between the requests.  Finally, the safe methods are indempotent, since it doest not present collateral effects.



HTTP Status Codes

The HTTP Status Codes were created to allow the developers to describe precisely for the clients what happened at the server or even have control of the services. For that, the more specified the response, better. 

The Status Codes has those meanings:

  • 1.xx -  Information
  • 2.xx - Success
  • 3.xx -  Redirect
  • 4.xx -  Client Error
  • 5.xx - Server Error
It is important to developers to know how to response properly with your services. Typically, the responses used by the REST services are 200, 404 or 500, but it is important to understand better the responses of other RESTful services that your application are consuming.  We will see some statuses  codes as follows.

200 - OK
The status code 200 represents that the request was successful. The response returned depends on the method used in the request. If the GET method is used, it will returned the entity corresponding to the requested resource.  In case of POST method, the headers will correspond to the requested resources. Finally if the method was HEAD, it will be returned the headers fields that correspond to the requested resources either.

201 - Created
The request was accomplished and the location of the resource created is returned by the field 'Location' in the response headers. The server must create the resource before return the status code 201. If the resource can't be created immediately, the server must response with 202 (Approved) instead.

202 - Accepted

The request was approved, but it doesn't mean that was finalized. Your purpose is to allow the server to accept asynchronous requests.  Depending on the scenario, it is interesting to include to the body of the response the current status of the request and a path to a state monitor or a time estimative to the request be accomplished.


204 - No Content
The server accomplished the request  successfully but it does not need to response any entity in the body.  Optionally, it may include new or updated meta-information about the the entities in the headers. The response 204 must not have the body. Generally it is the status code response to a DELETE request.

304 - No Modified
If the client has requested with a conditional GET method, but  the documents or the requested data weren't modified, the server must response with this status code. The response 304 must not have a body.

400 -  Invalid Request
Invalid Syntax in the request.

401 -  Not Authorized
The request requires authentication or the user has been refused by the credentials provided.

404 -  Not Found
The server didn't find the resources that correspond to the URI of the request. Generally this response comes as result of a GET request.

409 -  Conflict
There was a conflict in the request with the current state of the resource. This code is only allowed in situations where it expects that the user is able to solve the the conflict and re-send again the request.  For that, the body of the response must include an error message. Generally this scenario occurs in responses to PUT requests.

500 - Internal Server Error
The server came into a unexpected condition that stopped it of finishing the request. For instance, if a problem occurred with the database connection, the response must have the status code 500.


The table below provided gives you a resume of the most used http statuses codes when you are developing your RESTful services.  Please read carefully and know how to use it correctly in order to help the developers that will build applications that will consume your services and know how to handle properly the responses of your API.

HTTP protocol version 1.1 Server Response Codes

In the next post about the REST Services I will present a new service that I am developing using the concepts explained in this series of posts.  It will be related to Location + Question and Answers + Mobile + Python with real code of course! 

I hope you enjoyed,

Marcel Caraciolo

References

[2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

49 comments:

  1. Really interesting content which is unique which provided me the required information.
    Dot Net Training in Chennai | .Net training in Chennai | FITA Training | FITA Velachery .

    ReplyDelete
  2. I really enjoyed while reading your article about creating rest architecture, the information you have delivered in this post was damn good. Keep sharing your post with efficient news.
    Regards,
    FITA Chennai complaints|Python Training in Chennai|SAS Training in Chennai

    ReplyDelete
  3. Thanks Admin for sharing such a useful post, I hope it’s useful to many individuals for whose looking this precious information to developing their skill.
    Regards,

    Salesforce Training in Chennai|Salesforce Training|Salesforce Training institutes in Chennai

    ReplyDelete
  4. This is excellent information. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android training in chennai
    Ios training in chennai

    ReplyDelete
  5. Good-Looking article! I found some beneficial information in your blog, it was excellent to read, thanks for receiving this great satisfied to my vision, keep sharing.I’ll learn much new stuff right here! Good luck for the next post buddy.
    Dot Net Training in Chennai

    ReplyDelete
  6. Summer training on PLC, SCADA, Automation, Instrumentation in Delhi NCR starting from every Monday and Thursday in this month. Come and Join us to learn Practical tools & techniques with job opportunities...! For Registration Contact +91-9310096831

    ReplyDelete
  7. The Spring Framework is a lightweight framework for developing Java enterprise applications. It provides high performing, easily testable and reusable code. Spring handles the infrastructure as the underlying framework so that you can focus on your application.Spring is modular in design, thereby making creation, handling and linking of individual components so much easier. Spring implements Model View Container(MVC) design pattern.
    spring mvc validation example

    ReplyDelete
  8. This comment has been removed by the author.

    ReplyDelete
  9. Dot Net framework provides benefits for different kinds of issues include security, exceptional handling, memory management etc., as you said Dot Net helps developer in various ways to deliver an application effectively.
    Regards:
    DOT NET Course Chennai | DOT NET Training Institute in Chennai

    ReplyDelete
  10. Excellent content on Google algorithm updates. Gain more information than expected. I can say your blog is the best I have never seen before about the Google algorithm updates. Thank you admin.
    Regards:
    Digital Marketing Training in Chennai
    Digital Marketing Chennai

    ReplyDelete
  11. SCADA training provides a thorough technical overview of SCADA software used for supervision and data management involved in the industrial automation systems. Call us 9310096831.

    ReplyDelete
  12. We provide PLC, SCADA, AC Drives, HMI, Training in Delhi NCR with 100% placements assistance for all candidates who perform well in the course. Well recognized certificate will be issued for course completed candidates. The training program is specially designed for the students and professionals to gain practical working experience. Call @9310096831.

    ReplyDelete
  13. Thank you a lot for providing individuals with a very spectacular possibility to read critical reviews from this site.
    Best Hadoop Training Institute In chennai

    ReplyDelete
  14. I have found many useful information and news about this topic. Well, Good Job and keep it up.
    Best Android Training in Chennai
    android courses in chennai

    ReplyDelete
  15. Industrial Automation Training - Looking for PLC SCADA Training in Delhi NCR? We have Lab facility fully practically and also giving project training , advanced training with 100% placement support. Call-9310096831.

    ReplyDelete
  16. I have read your blog and i got a very useful and knowledgeable information from your post.Keep sharing your post with efficient news.

    PLC SCADA Training
    plc courses



    ReplyDelete
  17. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.

    Hadoop Training in Bangalore

    ReplyDelete

  18. Really very informative and creative contents. This concept is a good way to enhance the knowledge.
    thanks for sharing. please keep it up.
    Struts Training in Gurgaon

    ReplyDelete
  19. I feel really happy to have seen your webpage and look forward to so many more entertaining times reading here. Thanks once more for all the details.
    datascience training in chennai

    ReplyDelete
  20. Thanks for sharing this good blog.
    Final year project centre is the best source for all engineering students. mini projects in chennai is the best choice for diploma students and mca mini projects in chennai provide the basic project training for the low level projects.

    ReplyDelete
  21. It is amazing and wonderful to visit your site.Thanks for sharing this information!!
    Wedding planners in Coimbatore

    ReplyDelete
  22. This information is impressive,I am inspired with your post writing style & how continuously you describe this topic.I feel happy about it and I love learning more about this topic.

    Azure Training
    Azure Training in Chennai

    ReplyDelete
  23. Nice tips. Very innovative... Your post shows all your effort and great experience towards your work Your Information is Great if mastered very well.
    angularjs Training in chennai
    angularjs Training in chennai

    angularjs-Training in tambaram

    angularjs-Training in sholinganallur

    angularjs-Training in velachery

    ReplyDelete
  24. I really like your blog. You make it interesting to read and entertaining at the same time. I cant wait to read more from you.
    Python training in pune
    AWS Training in chennai
    Python course in chennai

    ReplyDelete
  25. Appreciating the persistence, you put into your blog and detailed information you provide.
    nebosh course in chennai

    ReplyDelete
  26. This comment has been removed by the author.

    ReplyDelete
  27. We focus on practical exposure with placement support in PLC SCADA Automation training in Noida at DIAC Automation at affordable cost with wide range of PLC station like Allen Bradley, Siemens, Delta, Omron, Mitsubishi PLC stations. Call @9953489987.

    ReplyDelete
  28. Great post and informative blog.it was awesome to read, thanks for sharing this great content to my vision.
    Good discussion.
    RPA Training in Chennai
    Robotics Process Automation Training in Chennai
    RPA course
    Robotic Process Automation Certification
    RPA Training

    ReplyDelete
  29. nice course. thanks for sharing this post this post harried me a lot.
    Industrial Automation Training in Noida

    ReplyDelete
  30. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
    Dot Net training in Electronic City

    ReplyDelete
  31. I have to voice my passion for your kindness giving support to those people that should have guidance on this important matter.

    Javascript Training in Chennai
    Oracle DBA Training in Chennai
    RPA Training in Chennai
    UIpath Training in Chennai

    ReplyDelete
  32. Keep sharing such good ideas so that I can benefit from it. Eagerly waiting for your next article. Keep writing!
    Software Testing Training in Chennai | Software Testing Training Institute in Chennai

    ReplyDelete
  33. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change
    -funds recovery

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete
  34. Ogen Infosystem is one of the best Website Designing and PPC Company in Delhi, India. Here you will well experience web designers and developers to provide a great website for your business. Our PPC Experts generate leads to your business products at an affordable price.
    Website Designing Company in Delhi

    ReplyDelete
  35. Best PLC training Institute help aspirants to learn Industrial automation, PLC, SCADA, HMI by DIAC and we help to find your dream job in core industry. Free Demo Class Call now 9953489987.

    ReplyDelete
  36. Very Nice Blog…Thanks for sharing this information with us. Here am sharing some information about training institute.
    devops training in hyderabad

    ReplyDelete
  37. Studyprovider has experts team are giving the homework help, assignment help, report, thesis, research writing services and human resource management assignment help available 24/7 seven days a week contact now.

    ReplyDelete