REST
Representational State Transfer (REST) [1] is a style of software architecture for distributed systems such as the World Wide Web.
What is REST?
REST has emerged as a predominant web API design model. REST is an architectural style which is based on web-standards and the HTTP protocol. REST was first described by Roy Fielding in 2000.
In a REST based architecture everything is a resource. A resource is accessed via a common interface based on the HTTP standard methods.
In a REST based architecture you typically have a REST server which provides access to the resources and a REST client which accesses and modifies the REST resources.
Every resource should support the HTTP common operations. Resources are identified by global IDs (which are typically URIs).
REST allows that resources have different representations, e.g., HTML, text, XML, JSON etc. The REST client can ask for a specific representation via the HTTP protocol (content negotiation).
Key goals of REST include:
- Scalability of component interactions
- Generality of interfaces
- Independent deployment of components
- Intermediary components to reduce latency, enforce security and encapsulate legacy systems
Introduction
REST relies on a stateless, client-server, cacheable communications protocol -- and in virtually all cases, the HTTP protocol is used.
REST is an architecture style for designing networked applications. The idea is that, rather than using complex mechanisms such as CORBA, RPC or SOAP to connect between machines, simple HTTP is used to make calls between machines.
In many ways, the World Wide Web itself, based on HTTP, can be viewed as a REST-based architecture.
RESTful applications use HTTP requests to post data (create and/or update), read data (e.g., make queries), and delete data. Thus, REST uses HTTP for all four CRUD (Create/Read/Update/Delete) operations.
REST is a lightweight alternative to mechanisms like RPC (Remote Procedure Calls) and Web Services (SOAP, WSDL, et al.).
Despite being simple, REST is fully-featured; there's basically nothing you can do in Web Services that can't be done with a RESTful architecture.
REST is not a "standard". There will never be a W3C recommendation for REST, for example. And while there are REST programming frameworks, working with REST is so simple that you can often "roll your own" with standard library features in languages like Perl, Java, or C#.
Who uses REST
All of Yahoo's web services use REST, including Flickr, del.icio.us API uses it, pubsub, bloglines, technorati, and both eBay, and Amazon have web services for both REST and SOAP.
Web API
The following table shows how the HTTP methods are typically used to implement a web API.
| Resource | GET | PUT | POST | DELETE |
|---|---|---|---|---|
Collection URI, such as http://example.com/resources
|
List the URIs and perhaps other details of the collection's members. | Replace the entire collection with another collection. | Create a new entry in the collection. The new entry's URI is assigned automatically and is usually returned by the operation. | Delete the entire collection. |
Element URI, such as http://example.com/resources/item17
|
Retrieve a representation of the addressed member of the collection, expressed in an appropriate Internet media type. | Replace the addressed member of the collection, or if it doesn't exist, create it. | Not generally used. Treat the addressed member as a collection in its own right and create a new entry in it. | Delete the addressed member of the collection. |
Database applications
The acronym CRUD refers to all of the major functions that are implemented in relational database applications. Each letter in the acronym can map to a standard SQL statement and HTTP method:
| Operation | SQL | HTTP |
|---|---|---|
| Create | INSERT | POST |
| Read (Retrieve) | SELECT | GET |
| Update (Modify) | UPDATE | PUT / PATCH |
| Delete (Destroy) | DELETE | DELETE |
Making full use of HTTP methods, along with other constraints, is considered "RESTful".
Secure Web Service
Develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure [2].
The solution could use 'Amazon Web Services', but maybe 'HMAC' (Hashed-Based Message Authentication) is much easier.
See also
- M. Elkstein, Learn REST: A Tutorial. A fast-training course for REST - Representational State Transfer, a new approach to systems architecture and a lightweight alternative to web services
- Net Tuts+, A beginners introduction to http and rest.
- Vogella, Lars Vogel [3] c.s. REST.
HaFrWiki-REST-Links
- Authentication, What to use for securing your web services?
- Heroku, REST implemenation using maven and Heroku.
- Java Jersey, REST implementations using Maven and Tomcat.
- PHP Symfony, REST implementation framework.
- Webservices, More information on Web Services
Tutorials
- Yahoo.com, Howto request REST.
