SlideShare a Scribd company logo

Rest api standards and best practices

Download as PPSX, PDF
Ankita Mahajan
Ankita Mahajan

REST web service development guidelines and best practices. An introduction to guidelines and best practices for developing REST API or web services.

Technology
1 of 19
REST WEB SERVICE DEVELOPMENT GUIDELINES AND BEST PRACTICES PRESENTED BY: ANKITA MAHAJAN
OBJECTIVE This presentation gives an overview of best practices and guidelines for creating a rest service or for developing a rest service framework, over HTTP. These conventions are also helpful for rest services consumers.
NAMING AND URI CONVENTIONS API VERSIONING AND CATALOG COLLECTION RESOURCE ERROR RESPONSE ENTITY REFERENCES INTRODUCTION A G E N D A RESPONSE STATUS CODES SINGULAR RESOURCE
INTRODUCTION REST Constraints Client-Server Stateless Cacheable Uniform Interface Layered System Code on Demand (optional) • REST: Representational State Transfer • REST CONSTRAINTS • BASIC TERMINOLOGY: • Resource • Collection • Instance/Singular • REST API or service • Resource Identifier • Root resource • Sub-resource
BEHAVIOR • Behavior: HTTP methods • GET • POST • PUT • DELETE • HEAD • PATCH • Behavior should be implemented based on CRUD, unless there’s a specific requirement otherwise. • Coarse-grained approach for data • Media type or Data format of response: Client should be able to parse response • application/json • application/xml
NAMING CONVENTIONS • SEMANTICALLY PRECISE • LOWER CAMEL CASE • SHOULD NOT CONTAIN:  UNDERSCORES  HYPHENS  NUMBERS • Date/Time: UTC should be used, following ISO:8601 date/time standard • Collection resource names should be PLURAL NOUNS (not verbs) • Ex) /service/api/v1/departments/12/shelves/34/products
RESOURCE URI • Collection resource: /[context/]version/resourceName • Ex: /store/api/1.2/employees • Singular resource: /[context/]version/resourceName/resourceId • Ex: /store/api/1.2/employees/2 • Child resource: rootResourceUri/childResourceName • Ex: /store/api/1.2/employees/2/feedbacks • Query Parameters: /resourceName?queryParam1=val1&queryParam2=val • Ex: /store/api/1.2/employees?department=20&experience=5
API VERSIONING • Clients should know desired version no. • Multiple API versions can exist simultaneously. • It should be possible to find out current/latest version GET /store/api HTTP/1.1 Host: grocers.com:7001 HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { [ "v1": { "canonicalLink": "/store/api/v1" }, "v2": { "canonicalLink": "/store/api/v2" } ], "canonicalLink": "/school/api" }
RESOURCE INDEX/CATALOG • A list of all resources available in the API. • Must include all root resources. • Separate catalog for each version. Response: HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { “employees": { "canonicalLink": "/store/api/v1/employees" }, “customers": { "canonicalLink": "/store/api/v1/customers" }, "capabilities": { “cashAccepted": true, “cardAccepted": true }, "canonicalLink": "/store/api/v1" } Request: GET /store/api/v1 HTTP/1.1 Host: grocers.com:7001
GET SINGULAR RESOURCE • Use GET HTTP method to fetch response, based on accept header. • Accept header: application/JSON or application/XML GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/json HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “100", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" } GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/xml HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> <resource> <id>12</id> <name>Nutella 300g</name> <price>100</price> <category>spreads</category> <canonicalLink>/store/api/v1/products/12</can onicalLink> </resource>
CREATE SINGULAR RESOURCE • Use POST HTTP method targeting a collection resource URL. • Response MUST contain new resource’s URI in Location response header. • Response MAY contain the following in response body : • The newly created resource • A generic acknowledgement with entity id and/or URL of the new resource Response: HTTP/1.1 201 Created Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json Location: https://grocers.com:7001/store/api/v1/products/12 { “msg”: “Product created successfully”, "id": "12", "canonicalLink": "/store/api/v1/products/12" } Request: POST /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "name": “Nutella 300g", "price": “100", “category“: “spreads“ }
FULL UPDATE SINGULAR RESOURCE • Use PUT method targeting the singular resource, for “full” update • As per HTTP specification, the full resource representation should be provided in the PUT request body • Read-only fields like “id” and “canonicalLink” in request body should be ignored by API Response HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } Request PUT /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “200", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" }
PARTIAL UPDATE SINGULAR RESOURCE • Use PATCH method along with a “patch document” • Service SHOULD allow client to update only required attributes of a resource • Patch-document specification: • XML Patch [RFC5261] • JSON Patch (draft-ietf-appsawg-json-patch) HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product price and category updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } PATCH /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 { "price": "300", "category": "" } OR To avoid HTTP proxy issues with PATCH, use: POST /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 X-HTTP-Method-Override: PATCH
GET COLLECTION RESOURCE • API MUST return all default attributes of child resources along with their canonical links. • Based on performance or scalability requirements, paging and/or filtering MAY be supported to return a subset of child resources. HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": "12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" },{ "id": 35", "name": “Fruit Loops", "canonicalLink": “/store/api/v1/products/35" }], "canonicalLink": "/store/api/v1/products“ } GET /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Accept: application/json
COLLECTION RESOURCE PAGING • Paging is used to retrieve a subset of collection items based on two request query parameters: offset and limit • To get the next/previous page, query the next/previous link • hasMore specifies if there are subsequent elements to be retrieved HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": “11", "name": “Taj Mahal tea", "canonicalLink": “/store/api/v1/products/11" },{ "id": 12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" } ], "hasMore": true, "canonicalLink": "/store/api/v1/products", "selfLink": "/store/api/v1/products?offset=10&limit=2", "previousLink": "/store/api/v1/products?offset=8&limit=2", "nextLink": "/store/api/v1/products?offset=12&limit=2" } GET /store/api/v1/products?offset=10& limit=2 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
RESPONSE STATUS CODES • Each HTTP response contains a status code which signifies the result of the HTTP request. The following should be supported: • 200: OK. Response for successful GET, PATCH, PUT, DELETE • 201: Created. Response for successful POST • 204: No Content. Request successfully executed & response doesn't have content • 400: Bad Request. Invalid parameters, parameter values or data format • 404: Resource not found. Invalid URL/resource • 500: Internal server error • The entire list of HTTP status codes can be found on httpStatuses.com
RESPONSE ERROR ENTITY • In case of a any error or validation failure a special response should be used. • An error entity should only have descriptive error details relevant for client. • Response should never have stack trace, internal code or file paths. HTTP/1.1 400 Bad Request Date: Mon, 10 Jun 2016 11:32:12 GMT Content-Type: application/json { "httpStatusCode": 400, "httpMessage": "Bad Request ", “errorTitle":”Invalid instance id” "errorCode": "errorcode:invalid:id", "errorDetail": “The requested product does not exist“, “moreInfo “: “http://www.grocers.com/errors/400/product" } GET /store/api/v1/products/6000 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
REFERENCES • Architectural styles and the design of network-based software architectures, PhD Dissertation, Thomas Fielding, http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation .pdf
THANK YOU

Recommended

REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best Practices
Tricode (part of Dept)
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande
 
Introduction to REST - API
Introduction to REST - APIIntroduction to REST - API
Introduction to REST - API
Chetan Gadodia
 

Recommended

REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best Practices
Tricode (part of Dept)
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande
 
Introduction to REST - API
Introduction to REST - APIIntroduction to REST - API
Introduction to REST - API
Chetan Gadodia
 
REST API
REST APIREST API
REST API
Tofazzal Ahmed
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
Rest API
Rest APIRest API
Rest API
Rohana K Amarakoon
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
Restlet
 
Web api
Web apiWeb api
Web api
Sudhakar Sharma
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
Brad Genereaux
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
habib_786
 
Spring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. RESTSpring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. REST
Sam Brannen
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQL
Amazon Web Services
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Swagger
SwaggerSwagger
Swagger
NexThoughts Technologies
 
Introduction to APIs (Application Programming Interface)
Introduction to APIs (Application Programming Interface) Introduction to APIs (Application Programming Interface)
Introduction to APIs (Application Programming Interface)
Vibhawa Nirmal
 
Api presentation
Api presentationApi presentation
Api presentation
Tiago Cardoso
 
Api types
Api typesApi types
Api types
Sarah Maddox
 
Restful api
Restful apiRestful api
Restful api
Anurag Srivastava
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
REST full API Design
REST full API DesignREST full API Design
REST full API Design
Christian Guenther
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDB
MongoDB
 

More Related Content

What's hot

ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
habib_786
 
Spring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. RESTSpring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. REST
Sam Brannen
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQL
Amazon Web Services
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 

What's hot (20)

REST API
REST APIREST API
REST API
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
 
Rest API
Rest APIRest API
Rest API
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
Web api
Web apiWeb api
Web api
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
 
Spring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. RESTSpring Web Services: SOAP vs. REST
Spring Web Services: SOAP vs. REST
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQL
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
Swagger
SwaggerSwagger
Swagger
 
Introduction to APIs (Application Programming Interface)
Introduction to APIs (Application Programming Interface) Introduction to APIs (Application Programming Interface)
Introduction to APIs (Application Programming Interface)
 
Api presentation
Api presentationApi presentation
Api presentation
 
Api types
Api typesApi types
Api types
 
Restful api
Restful apiRestful api
Restful api
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
REST full API Design
REST full API DesignREST full API Design
REST full API Design
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
 

Similar to Rest api standards and best practices

API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
OPEN KNOWLEDGE GmbH
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
 
REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptx
Jason452803
 

Similar to Rest api standards and best practices (20)

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDB
 
Integrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST APIIntegrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST API
 
API gateway setup
API gateway setupAPI gateway setup
API gateway setup
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
Build an API the right way
Build an API the right wayBuild an API the right way
Build an API the right way
 
Building an Api the Right Way
Building an Api the Right WayBuilding an Api the Right Way
Building an Api the Right Way
 
Doing REST Right
Doing REST RightDoing REST Right
Doing REST Right
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
Lies you have been told about REST
Lies you have been told about RESTLies you have been told about REST
Lies you have been told about REST
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Nordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationNordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API Documentation
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
 
REST APIs
REST APIsREST APIs
REST APIs
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
 
Rest
RestRest
Rest
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
 
REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptx
 
Apache Ambari BOF - APIs - Hadoop Summit 2013
Apache Ambari BOF - APIs - Hadoop Summit 2013Apache Ambari BOF - APIs - Hadoop Summit 2013
Apache Ambari BOF - APIs - Hadoop Summit 2013
 

More from Ankita Mahajan

More from Ankita Mahajan (8)

Eye training
Eye trainingEye training
Eye training
 
Understanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), IndiaUnderstanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), India
 
Introduction to Data Center Network Architecture
Introduction to Data Center Network ArchitectureIntroduction to Data Center Network Architecture
Introduction to Data Center Network Architecture
 
Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.
 
FATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network ArchitectureFATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network Architecture
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
VL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center NetworkVL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center Network
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Rest api standards and best practices

  • 1. REST WEB SERVICE DEVELOPMENT GUIDELINES AND BEST PRACTICES PRESENTED BY: ANKITA MAHAJAN
  • 2. OBJECTIVE This presentation gives an overview of best practices and guidelines for creating a rest service or for developing a rest service framework, over HTTP. These conventions are also helpful for rest services consumers.
  • 3. NAMING AND URI CONVENTIONS API VERSIONING AND CATALOG COLLECTION RESOURCE ERROR RESPONSE ENTITY REFERENCES INTRODUCTION A G E N D A RESPONSE STATUS CODES SINGULAR RESOURCE
  • 4. INTRODUCTION REST Constraints Client-Server Stateless Cacheable Uniform Interface Layered System Code on Demand (optional) • REST: Representational State Transfer • REST CONSTRAINTS • BASIC TERMINOLOGY: • Resource • Collection • Instance/Singular • REST API or service • Resource Identifier • Root resource • Sub-resource
  • 5. BEHAVIOR • Behavior: HTTP methods • GET • POST • PUT • DELETE • HEAD • PATCH • Behavior should be implemented based on CRUD, unless there’s a specific requirement otherwise. • Coarse-grained approach for data • Media type or Data format of response: Client should be able to parse response • application/json • application/xml
  • 6. NAMING CONVENTIONS • SEMANTICALLY PRECISE • LOWER CAMEL CASE • SHOULD NOT CONTAIN:  UNDERSCORES  HYPHENS  NUMBERS • Date/Time: UTC should be used, following ISO:8601 date/time standard • Collection resource names should be PLURAL NOUNS (not verbs) • Ex) /service/api/v1/departments/12/shelves/34/products
  • 7. RESOURCE URI • Collection resource: /[context/]version/resourceName • Ex: /store/api/1.2/employees • Singular resource: /[context/]version/resourceName/resourceId • Ex: /store/api/1.2/employees/2 • Child resource: rootResourceUri/childResourceName • Ex: /store/api/1.2/employees/2/feedbacks • Query Parameters: /resourceName?queryParam1=val1&queryParam2=val • Ex: /store/api/1.2/employees?department=20&experience=5
  • 8. API VERSIONING • Clients should know desired version no. • Multiple API versions can exist simultaneously. • It should be possible to find out current/latest version GET /store/api HTTP/1.1 Host: grocers.com:7001 HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { [ "v1": { "canonicalLink": "/store/api/v1" }, "v2": { "canonicalLink": "/store/api/v2" } ], "canonicalLink": "/school/api" }
  • 9. RESOURCE INDEX/CATALOG • A list of all resources available in the API. • Must include all root resources. • Separate catalog for each version. Response: HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { “employees": { "canonicalLink": "/store/api/v1/employees" }, “customers": { "canonicalLink": "/store/api/v1/customers" }, "capabilities": { “cashAccepted": true, “cardAccepted": true }, "canonicalLink": "/store/api/v1" } Request: GET /store/api/v1 HTTP/1.1 Host: grocers.com:7001
  • 10. GET SINGULAR RESOURCE • Use GET HTTP method to fetch response, based on accept header. • Accept header: application/JSON or application/XML GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/json HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “100", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" } GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/xml HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> <resource> <id>12</id> <name>Nutella 300g</name> <price>100</price> <category>spreads</category> <canonicalLink>/store/api/v1/products/12</can onicalLink> </resource>
  • 11. CREATE SINGULAR RESOURCE • Use POST HTTP method targeting a collection resource URL. • Response MUST contain new resource’s URI in Location response header. • Response MAY contain the following in response body : • The newly created resource • A generic acknowledgement with entity id and/or URL of the new resource Response: HTTP/1.1 201 Created Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json Location: https://grocers.com:7001/store/api/v1/products/12 { “msg”: “Product created successfully”, "id": "12", "canonicalLink": "/store/api/v1/products/12" } Request: POST /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "name": “Nutella 300g", "price": “100", “category“: “spreads“ }
  • 12. FULL UPDATE SINGULAR RESOURCE • Use PUT method targeting the singular resource, for “full” update • As per HTTP specification, the full resource representation should be provided in the PUT request body • Read-only fields like “id” and “canonicalLink” in request body should be ignored by API Response HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } Request PUT /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “200", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" }
  • 13. PARTIAL UPDATE SINGULAR RESOURCE • Use PATCH method along with a “patch document” • Service SHOULD allow client to update only required attributes of a resource • Patch-document specification: • XML Patch [RFC5261] • JSON Patch (draft-ietf-appsawg-json-patch) HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product price and category updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } PATCH /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 { "price": "300", "category": "" } OR To avoid HTTP proxy issues with PATCH, use: POST /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 X-HTTP-Method-Override: PATCH
  • 14. GET COLLECTION RESOURCE • API MUST return all default attributes of child resources along with their canonical links. • Based on performance or scalability requirements, paging and/or filtering MAY be supported to return a subset of child resources. HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": "12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" },{ "id": 35", "name": “Fruit Loops", "canonicalLink": “/store/api/v1/products/35" }], "canonicalLink": "/store/api/v1/products“ } GET /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 15. COLLECTION RESOURCE PAGING • Paging is used to retrieve a subset of collection items based on two request query parameters: offset and limit • To get the next/previous page, query the next/previous link • hasMore specifies if there are subsequent elements to be retrieved HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": “11", "name": “Taj Mahal tea", "canonicalLink": “/store/api/v1/products/11" },{ "id": 12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" } ], "hasMore": true, "canonicalLink": "/store/api/v1/products", "selfLink": "/store/api/v1/products?offset=10&limit=2", "previousLink": "/store/api/v1/products?offset=8&limit=2", "nextLink": "/store/api/v1/products?offset=12&limit=2" } GET /store/api/v1/products?offset=10& limit=2 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 16. RESPONSE STATUS CODES • Each HTTP response contains a status code which signifies the result of the HTTP request. The following should be supported: • 200: OK. Response for successful GET, PATCH, PUT, DELETE • 201: Created. Response for successful POST • 204: No Content. Request successfully executed & response doesn't have content • 400: Bad Request. Invalid parameters, parameter values or data format • 404: Resource not found. Invalid URL/resource • 500: Internal server error • The entire list of HTTP status codes can be found on httpStatuses.com
  • 17. RESPONSE ERROR ENTITY • In case of a any error or validation failure a special response should be used. • An error entity should only have descriptive error details relevant for client. • Response should never have stack trace, internal code or file paths. HTTP/1.1 400 Bad Request Date: Mon, 10 Jun 2016 11:32:12 GMT Content-Type: application/json { "httpStatusCode": 400, "httpMessage": "Bad Request ", “errorTitle":”Invalid instance id” "errorCode": "errorcode:invalid:id", "errorDetail": “The requested product does not exist“, “moreInfo “: “http://www.grocers.com/errors/400/product" } GET /store/api/v1/products/6000 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 18. REFERENCES • Architectural styles and the design of network-based software architectures, PhD Dissertation, Thomas Fielding, http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation .pdf

Editor's Notes

  1. Context is the application/api name Version is the api version, not resource version
  2. Service MAY return a response body