1. GET

2. Introduction, overview Best practices

4. Roy T Fielding, PhD dissertation, 2000 Main characteristics Client-server Stateless Caching Layered architecture Code on demand URIs

5. Image courtesy of Martin Fowler Richardsons Maturity Model

6. Plain Old XML (over HTTP) One URI, one method

7. POST /appointmentService HTTP/1.1 <openSlotRequest date="2010-01-04" doctor="mjones"/>

8. HTTP/1.1 200 OK Level 0: POX response

9. POST /appointmentService HTTP/1.1

10. HTTP/1.1 200 OK <slot doctor="mjones" start="1400" end="1450"/> Level 0: POX response

11. Many URIs, one method

12. POST /doctors/mjones HTTP/1.1

13. HTTP/1.1 200 OK Level 1: Resources response

14. POST /slots/1234 HTTP/1.1

15. HTTP/1.1 200 OK Level 1: Resources response

16. Many URIs, many (HTTP) methods This is what most call REST Best practices follow

17. GET /doctors/mjones/slots?date=20100104&s tatus=open HTTP/1.1

18. HTTP/1.1 200 OK Level 2: Verbs response

19. POST /slots/1234 HTTP/1.1

20. HTTP/1.1 200 OK Level 2: Verbs response

21. HATEOAS & self-descriptive messages Problems: peoples awareness, tools

22. HTTP/1.1 200 OK <slot id="1234" doctor="mjones start="1400" end="1450"> <link rel="/linkrels/slot/book" uri="/slots/1234"/> … Level 3: Hypermedia response

23. HTTP/1.1 201 Created Location: http://.../slots/1234/appointmenthttp://.../slots/1234/appointment <link rel="/linkrels/appointment/cancel" uri="/appointment/0001"/> <link rel="self" uri="/appointment/0001"/> Level 3: Hypermedia response

25. Resources vs actions getTickets vs /tickets getMusemTickets vs /tickets?type=museum

26. ResourceGETPOSTPUTDELETE /tickets List ticketsCreate a new ticket Bulk updateDelete all tickets /tickets/123 Get the details of one ticket ErrorUpdate a given ticket Delete a given ticket Plural + ID CRUD-style operations Concrete not abstract names

27. http://api.company.com/cafe/v1 Major rev only Numbers, not nicknames, dates, etc.

28. HTTP status codes Short description Pointer to more information 201 200 400 204 401 403 404 503 405 500 200400 500

29. HTTP Status Code: 401 { "status" : "401", "message":"Authentication failed", "code": 12345, "more info": http://developers.company.com/docs/er rors/12345http://developers.company.com/docs/er rors/12345 }

30. Ways to differentiate: /tickets/123.json /tickets/123?format=json Accept: application/json Bonus: application/company.v1+json

31. Pagination: /tickets?offset=50&limit=25 Partial response: /tickets?fields=date,location Use defaults (documentation!)

32. Session management – REST is stateless Caching – its very much encouraged! What if nouns are not appropriate – use verbs

33. Security – preferred is OAuth, lot of Basic/Digest over HTTPS in practice Subdomains: api developers for SDK

34. Roy Fieldings dissertation REST in Practice from OReilly Apigee blog & video tutorials Articles, forums

35. Levels of REST REST CRUD Consistent view of best practices

37. gabor.i.torok@gmail.com https://www.linkedin.com/in/gabortorok