This post is dedicated to REST, an architectural style of shaping webservices and the most misunderstood concept in the history of IT. This post is addressed to you who is designing webservice apis not being fully aware what REST actually means. I’m trying to give you the idea. This post is also addressed to you who think to know what REST means, when in reality you have no clue, just yet. Yes i have met such people in the past – plenty of them. It’s not going into the details of the Richardson Maturity Model, and it’s not gonna make you a REST expert. There are plenty of guides on the web for that: slides, youtube videos, blogposts, books and more. Rather than going into the details, i’m going to link some good resources at the end of this post.
So lets start with
The meaning of REST
Representational State Transfer. This sentence is not only what REST stands for, it is also the tiniest possible description of what REST actually means. Didn’t get it? Read it again: Representational State Transfer. It is not a standard, rather a stlye describing the act of transfering a state of something by its representation.
Lets consider this:
Marcus is a farmer. He has a ranch with 4 pigs, 12 chickens and 3 cows. He is now simulating a REST api while i am the client. If i want to request the current state of his farm using REST i just ask him: “State?”
Marcus answers: “4 pigs, 12 chickens, 3 cows”.
This is the most simple example of Representational State Transfer. Marcus transfered the state of his farm to me using a representation. The representation of the farm is the plain sentence: “4 pigs, 12 chickens, 3 cows”.
So lets get to the next level. How would i tell Marcus to add 2 cows to his farm the REST way?
Maybe tell him: “Marcus, please add 2 cows to your farm”.
Do you think this was REST? Are we transfering state by its representation here? NO! This was calling a remote procedure. The procedure of adding 2 cows to the farm.
Marcus sadly answers: “400, Bad Request. What do you mean?”
So lets try this again. How would we do this the REST way? What was the representation again? It was “4 pigs, 12 chickens, 3 cows”. Ok. so lets try this again transfering the representation…
me: “Marcus, … 4 pigs, 12 chickens,
5 cows … please!”.
Marcus: “Alright !”.
me: “Marcus, … what is your state now?”.
Marcus: “4 pigs, 12 chickens, 5 cows”.
me: “Ahh, great!”
See? It was really not that hard and it was REST.
Why RPC is a pain in the A**
So why would you favor REST over the remote procedure call (=RPC) from a logical perspective? Because it dramatically reduces the complexity of our communication by making the representation our only contract. We do not have to discuss what kinds of procedures we need (Add a cow?, Add an animal of a type? Double the chickens amount? Remove all pigs?). All we have to discuss is the representation, and use this representation to achieve anything we want. Easy, isn’t it? The needless complexity of RPC is not helpful at all. It is rather increasing the risk of misunderstandings, which we don’t want. We don’t want our communication to fail because Marcus and I understood a procedure differently.
But this is just one of many problems RPC is creating. If you want to use RPC you need to design some kind of structure to embed your procedure into. This structure requires a place to store parameters, error codes, return values and so on. I have seen lots of developers and companies who really did this. They designed their own RPC-Structure arising huge problems in the implementation of clients and client-server interaction. Why would you do this? Why would you invent your own RPC-Structure? Do you think this is helpful? What if i wanted to make an application that uses many WebServices of multiple proprietary RPC-Formats? I would have to develop something like this:
If you really need RPC, at least choose a standard like SOAP. Don’t make up your own stuff!
But SOAP is still bad
Still, even the standards of RPC are really painful. Well, i have to admit that with ACID Transactions, and a complete standardized Service Description Language, SOAP is not all that bad under some circumstances. Nevertheless, the overhead SOAP produces is massive and a huge performance killer. HTTP is a lightweight protocol. Its headers include anything you need. The only thing you want to put in the body is a representation – or not even that.
Sessions are Evil
You don’t need sessions! One might say: “But i want to save the customers shopping cart, so i need that session!” – No. Plain Wrong! You can do anything you want without sessions. You could just encapsulate the information of that cart in the URI, or even create another resource for that cart like “/carts/5235″.
Between two requests, you want to be able to turn off the server, uninstall its platform and operating system, dismantle the servers hardware, reassemble the server, reinstall its os, platform and application and restore the backup, without the client even noticing.
Don’t force a client other than a browser (e.g. a smartphone) to store cookies. It is needless complexity and i assure you, it will cause problems. You should even consider to remove statefulness from your webapplication.
Dont reinvent Hypermedia
Since hypermedia is getting quite popular now, i beg you: Don’t invent your own style.
We do already have plenty. There is
- Hypermedia by the Atom Link specification like in spring-hateoas and spring-data-rest.
In this post, i have only scratched the surface of the advantages of REST.
Here are some good resources to get you a deeper understanding.
- Fowlers Article on the Richardson Maturity Model
- A great slide on Hypermedia
- A talk by David Zuelke on RESTful Webservices
- Intro to REST (short video of GoogleDevelopers)
- A talk of Lez Hazlewood (Stormpath)
- A Cookbook for RESTful WebServices
- Great German Book about REST
Java Platform, Enterprise Edition is a widely used platform for enterprise server programming in the Java programming language.
This book covers exciting recipes on securing, tuning and extending enterprise applications using a Java EE 6 implementation.The book starts with the essential changes in Java EE 6. Then they will dive into the implementation of some of the new features of the JPA 2.0 specification, and look at implementing auditing for relational data stores.They will then look into how they can enable security for their software system using Java EE built-in features as well as using the well-known Spring Security framework. They will then look at recipes on testing various Java EE technologies including JPA, EJB, JSF, and Web services.Next they will explore various ways to extend a Java EE environment with the use of additional dynamic languages as well as frameworks.At the end of the book, they will cover managing enterprise application deployment and configuration, and recipes that will help you debug problems and enhance the performance of your applications.