From HaFrWiki
Jump to: navigation, search

Representational State Transfer (REST) [1] is a style of software architecture for distributed systems such as the World Wide Web.

What is REST?

REST has emerged as a predominant web API design model. REST is an architectural style which is based on web-standards and the HTTP protocol. REST was first described by Roy Fielding in 2000.

In a REST based architecture everything is a resource. A resource is accessed via a common interface based on the HTTP standard methods.

In a REST based architecture you typically have a REST server which provides access to the resources and a REST client which accesses and modifies the REST resources.

Every resource should support the HTTP common operations. Resources are identified by global IDs (which are typically URIs).

REST allows that resources have different representations, e.g., HTML, text, XML, JSON etc. The REST client can ask for a specific representation via the HTTP protocol (content negotiation).

Key goals of REST include:

  • Scalability of component interactions
  • Generality of interfaces
  • Independent deployment of components
  • Intermediary components to reduce latency, enforce security and encapsulate legacy systems


REST relies on a stateless, client-server, cacheable communications protocol -- and in virtually all cases, the HTTP protocol is used.
REST is an architecture style for designing networked applications. The idea is that, rather than using complex mechanisms such as CORBA, RPC or SOAP to connect between machines, simple HTTP is used to make calls between machines.
In many ways, the World Wide Web itself, based on HTTP, can be viewed as a REST-based architecture.
RESTful applications use HTTP requests to post data (create and/or update), read data (e.g., make queries), and delete data. Thus, REST uses HTTP for all four CRUD (Create/Read/Update/Delete) operations.
REST is a lightweight alternative to mechanisms like RPC (Remote Procedure Calls) and Web Services (SOAP, WSDL, et al.).
Despite being simple, REST is fully-featured; there's basically nothing you can do in Web Services that can't be done with a RESTful architecture.
REST is not a "standard". There will never be a W3C recommendation for REST, for example. And while there are REST programming frameworks, working with REST is so simple that you can often "roll your own" with standard library features in languages like Perl, Java, or C#.

Who uses REST

All of Yahoo's web services use REST, including Flickr, API uses it, pubsub, bloglines, technorati, and both eBay, and Amazon have web services for both REST and SOAP.


The following table shows how the HTTP methods are typically used to implement a web API.

RESTful web API HTTP methods
Collection URI, such as List the URIs and perhaps other details of the collection's members. Replace the entire collection with another collection. Create a new entry in the collection. The new entry's URI is assigned automatically and is usually returned by the operation. Delete the entire collection.
Element URI, such as Retrieve a representation of the addressed member of the collection, expressed in an appropriate Internet media type. Replace the addressed member of the collection, or if it doesn't exist, create it. Not generally used. Treat the addressed member as a collection in its own right and create a new entry in it. Delete the addressed member of the collection.

Database applications

The acronym CRUD refers to all of the major functions that are implemented in relational database applications. Each letter in the acronym can map to a standard SQL statement and HTTP method:

Operation SQL HTTP
Read (Retrieve) SELECT GET
Update (Modify) UPDATE PUT / PATCH
Delete (Destroy) DELETE DELETE

Making full use of HTTP methods, along with other constraints, is considered "RESTful".

Example Degree Days

Resource Post Get Put Delete
/degreedays Creates new dd Retrieves all dds Bulk updates dds Removes all dds
/degreedays/1 Error Retrieves details dd 1 Updates detail dd 1 if exists Remove dd 1

Apache .htaccess

The real trick in REST Web Service Server implementation is created using Apache .htaccess.
In the .htaccess the RewriteRule enables redirect rules using regular expressions.
Assuming the url https://mydomain/REST and the consuming is located in the https://mydomain/MyApp.
Using the following .htaccess in https://mydomain/REST :

# Turn rewrite engine on
Options +FollowSymlinks
RewriteEngine on

RewriteRule ^REST/degreedays/$  ../MyApp/REST-CRUD-be.php?view=dd&date=all [nc,qsa]

This REST request shows how the simple request for degreedays will be mapped to the http get request with parameters

  • view = dd
  • data = all

Using the following .htaccess in https://mydomain/REST :

RewriteRule ^REST/gascons/([0-9]+)/([0-9/-]+)/$  ./MyApp/REST-CRUD-be.php?view=gc&home=$1&&from=$2 [nc,qsa]

This REST request shows how 2 groups of the regular expression are transformed into

  • home = $1
  • from = $2

Example call: https://MyApp/REST/gascons/5/2022-02-01
leads to:

  • home = 5
  • from = 2022-02-01

Secure Web Service

Develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure [2].

The solution could use 'Amazon Web Services', but maybe 'HMAC' (Hashed-Based Message Authentication) is much easier.


The challenge is to build a REST Webservice using PHP without symfony or Yii.

  • phppot, PHP Restful Webservice.

See also


  • M. Elkstein, Learn REST: A Tutorial. A fast-training course for REST - Representational State Transfer, a new approach to systems architecture and a lightweight alternative to web services
  • Net Tuts+, A beginners introduction to http and rest.
  • Vogella, Lars Vogel [3] c.s. REST.
  • Docs Microsoft, Best practices Api Design





  1. REST, Description on Wikipedia.
  2. Riyad Kalla, In programming: Designing a Secure REST (Web) API without OAuth
  3. Vogella, Lass Vogel Company provides premium Eclipse, Android and Git training.