REST

REpresentational State Transfer

REST is an acronym for REpresentational State Transfer and an architectural style for distributed hypermedia systems. Roy Fielding first presented it in 2000 in his famous dissertation.

Fielding Dissertation: CHAPTER 5: Representational State Transfer (REST)

A REST API (also known as RESTful API) is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.

A Web API (or Web Service) conforming to the REST architectural style is a REST API.

A RESTful API makes it possible for remote execution of an application's capabilities by supporting standard HTTP methods, error handling, and other RESTful mechanisms.

REST is a set of architectural constraints, not a protocol or a standard.

REST design principles

• Client-Server A client-server architecture made up of clients, servers, and resources, with requests managed through HTTP.

• Stateless Stateless client-server communication, meaning no client information is stored between get requests and each request is separate and unconnected.

• Cacheable The cacheable constraint requires that a response should implicitly or explicitly label itself as cacheable or non-cacheable. If the response is cacheable, the client application gets the right to reuse the response data later for equivalent requests and a specified period.

• User-Interface A uniform interface between components so that information is transferred in a standard form. This requires that:

  • resources requested are identifiable and separate from the representations sent to the client.

  • resources can be manipulated by the client via the representation they receive because the representation contains enough information to do so.

  • self-descriptive messages returned to the client have enough information to describe how the client should process it.

  • hypertext/hypermedia is available, meaning that after accessing a resource the client should be able to use hyperlinks to find all other currently available actions they can take.

• Layered System A layered system that organizes each type of server (those responsible for security, load-balancing, etc.) involved the retrieval of requested information into hierarchies, invisible to the client.

• Code on Demand (optional) The ability to send executable code from the server to the client when requested, extending client functionality.

REST is a set of architectural principles attuned to the needs of lightweight web services and mobile applications. Because it's a set of guidelines, it leaves the implementation of these recommendations to developers.

When a request for data is sent to a REST API, it’s usually done through hypertext transfer protocol (commonly referred to as HTTP). Once a request is received, APIs designed for REST (called RESTful APIs or RESTful web services) can return messages in a variety of formats: HTML, XML, plain text, and JSON. JSON (JavaScript object notation) is favored as a message format because it can be read by any programming language (despite the name), is human- and machine-readable, and is lightweight. In this way, RESTful APIs are more flexible and can be easier to set up.

An application is said to be RESTful if it follows 6 architectural guidelines. A RESTful application must have:

1. A client-server architecture composed of clients, servers, and resources.

2. Stateless client-server communication, meaning no client content is stored on the server between requests. Information about the session’s state is instead held with the client.

3. Cacheable data to eliminate the need for some client-server interactions.

4. A uniform interface between components so that information is transferred in a standardized form instead of specific to an application’s needs. This is described by Roy Fielding, the originator of REST, as “the central feature that distinguishes the REST architectural style from other network-based styles.”

5. A layered system constraint, where client-server interactions can be mediated by hierarchical layers.

6. Code on demand, allowing servers to extend the functionality of a client by transferring executable code (though also reducing visibility, making this an optional guideline).

REST design principles

At the most basic level, an API is a mechanism that enables an application or service to access a resource within another application or service. The application or service doing the accessing is called the client, and the application or service containing the resource is called the server.

Some APIs, such as SOAP or XML-RPC, impose a strict framework on developers. But REST APIs can be developed using virtually any programming language and support a variety of data formats. The only requirement is that they align to the following six REST design principles - also known as architectural constraints:

1. Uniform interface. All API requests for the same resource should look the same, no matter where the request comes from. The REST API should ensure that the same piece of data, such as the name or email address of a user, belongs to only one uniform resource identifier (URI). Resources shouldn’t be too large but should contain every piece of information that the client might need.

2. Client-server decoupling. In REST API design, client and server applications must be completely independent of each other. The only information the client application should know is the URI of the requested resource; it can't interact with the server application in any other ways. Similarly, a server application shouldn't modify the client application other than passing it to the requested data via HTTP.

3. Statelessness. REST APIs are stateless, meaning that each request needs to include all the information necessary for processing it. In other words, REST APIs do not require any server-side sessions. Server applications aren’t allowed to store any data related to a client request.

4. Cacheability. When possible, resources should be cacheable on the client or server side. Server responses also need to contain information about whether caching is allowed for the delivered resource. The goal is to improve performance on the client side, while increasing scalability on the server side.

5. Layered system architecture. In REST APIs, the calls and responses go through different layers. As a rule of thumb, don’t assume that the client and server applications connect directly to each other. There may be a number of different intermediaries in the communication loop. REST APIs need to be designed so that neither the client nor the server can tell whether it communicates with the end application or an intermediary.

6. Code on demand (optional). REST APIs usually send static resources, but in certain cases, responses can also contain executable code (such as Java applets). In these cases, the code should only run on-demand.

How REST APIs work

REST APIs communicate via HTTP requests to perform standard database functions like creating, reading, updating, and deleting records (also known as CRUD) within a resource. For example, a REST API would use a GET request to retrieve a record, a POST request to create one, a PUT request to update a record, and a DELETE request to delete one. All HTTP methods can be used in API calls. A well-designed REST API is similar to a website running in a web browser with built-in HTTP functionality.

The state of a resource at any particular instant, or timestamp, is known as the resource representation. This information can be delivered to a client in virtually any format including JavaScript Object Notation (JSON), HTML, XLT, Python, PHP, or plain text. JSON is popular because it’s readable by both humans and machines—and it is programming language-agnostic.

Request headers and parameters are also important in REST API calls because they include important identifier information such as metadata, authorizations, uniform resource identifiers (URIs), caching, cookies and more. Request headers and response headers, along with conventional HTTP status codes, are used within well-designed REST APIs.

APIs are RESTful as long as they comply with the 6 guiding constraints of a RESTful system:

• Client-server architecture: REST architecture is composed of clients, servers, and resources, and it handles requests through HTTP.

• Statelessness: No client content is stored on the server between requests. Information about the session state is, instead, held with the client.

• Cacheability: Caching can eliminate the need for some client-server interactions.

• Layered system: Client-server interactions can be mediated by additional layers. These layers could offer additional features like load balancing, shared caches, or security.

• Code on demand (optional): Servers can extend the functionality of a client by transferring executable code.

• Uniform interface: This constraint is core to the design of RESTful APIs and includes 4 facets:

  • Resource identification in requests: Resources are identified in requests and are separate from the representations returned to the client.

  • Resource manipulation through representations: Clients receive files that represent resources. These representations must have enough information to allow modification or deletion.

  • Self-descriptive messages: Each message returned to a client contains enough information to describe how the client should process the information.

  • Hypermedia as the engine of application state: After accessing a resource, the REST client should be able to discover through hyperlinks all other actions that are currently available.

The resources themselves are conceptually separate from the representations that are returned to the client.