REST based Website - rest

I have to create 2 different websites that would use REST api to interact with a single MySQL database.
I know how to create website with forms..etc using PHP.
How would I use REST api for my websites.I searched and found out that there are libraries for android to use REST api but how to do so in case of a website ?

REST is a architectural pattern, it is not (by itself) an API. APIs can implement REST.
Just like any other API out there, you have to get the documentation for the API and then call it from your source.
Depending on what your requirements are, you may be calling it from javascript or from your PHP backend.
REST is an architecture pattern (you can read more about it at wikipedia) which aims to use HTTP verbs like PUT, POST and DELETE to execute commands against endpoints which represent a resource.
To use REST, your backend server will send normal HTTP requests to the API service; so in PHP this means using the various curl libraries to send requests.
Responses are generally in json; but they could be in any other format (or even in binary) - check with the API documentation that you have to consume.

If all you want is interacting with a REST API, then you need a HTTP client, probably cURL (PHP has a cURL lib). After that you have to check whether your API violates the HATEOAS constraint. If not, then it is called hypermedia API. In that case you have to follow hyperlinks provided by the API in the responses. If it violates the constraint, then it is called web API, and you have to build the method, URL, etc... on the client side again, so your client will break easily by any structural changes of the API. Everything else depends on the message format and the semantic annotations the API uses.
If you want to build a REST API, I strongly suggest you to learn more about the topic. First read the Fielding diessertation and check some existing solutions like HAL or Hydra+JSON-LD. Forget the tutorials. Most information available on the web about how to implement a REST API is flawed.

Related

how do I call salesforce APEX From rest api

I find tons of articles explaining how to call rest apis from APEX - but I'm accessing salesforce from an integration system using the Salesforce REST API, and want to it the other way around.
ie -
I've found functionality (record merging) - that is not available from the rest API, but IS available from apex. Is there any way to run an apex statement or script from the rest API?
NOTE: I'm aware that the functionality also available from the SOAP api, but we really don't want to go near that for various reasons.
you want to REST API endpoints in APEX, so that you can call this endpoint from anywhere, Right? if so then you need to check this article.
After reading above article, you are able to create GET, POST, DELETE endpoint in your Salesforce Org and you can use this endpoints.

RESTful way to specify commands on a resource

I could not find a universally agreeable way to specify commands in RESTful manner. Consider that I have a resource on which I want to provide 3 commands:
enable
disable
re-trigger
Which is the most RESTful way?
POST /resource/disable
POST /resource?command=disable
Any other way ?
Which is the most RESTful way?
How would you do it with a web site? REST is the architectural style of the world wide web; if you can figure out how you would do it with a web site, that will give you the right idea for how to provide a RESTful API.
On the web, the usual answer would be that we would have forms to collect information from the client, who would then submit a POST request (because we are intending to change the resource) to some endpoint.
Because the form.action property tells the client what URI to use, the server has control over what the URI is -- we can change it later if we want to.
We could, as you suggest, have a different URI for each command. There's nothing wrong with that, but it does miss an opportunity. You see, one of the important ideas in REST is caching; and HTTP defines cache invalidation semantics; the practical aspect of which is that if you use the /resource identifier as the form action, then successful POST requests will automatically invalidate the client's local copies of the resource.
This does imply, of course, that the POST handler in your implementation will have to determine which command was intended -- probably by looking at information included in the body of the post request; a "commandName" parameter or something similar.

When is JSON-RPC over http with POST more suitable than RESTful API?

I'm currently developing a web application with a senior developer. We've agreed to use REST API for client-server communication and he sent me the parameters and the expected responses.
But the design does not seem to be RESTful. Rather it looks like JSON-RPC over http utilizing only the POST method.
For example, to register a user you send a POST request to the server the following parameters.
{
id: 1,
method: "RegisterUser",
params: {
firstName: "John",
lastName: 'Smith',
country: 'USA',
phone: "~",
email: "~",
password: "~"
}
}
And the expected response is
{
id: 1
result: "jwt-token",
error : null
}
Multiple requests are sent to the same URL and the server sends back the response based on the 'method' in the parameters. For example, to get a user info, you send a { method: "GetUserInfo", params: { id: ~ }} to the same URL. All responses have the status code 200, and the errors are handled by the error in the response body. So even if the status code is 200, if error is not null it means something is wrong.
The way I'm used to doing is sending a POST request to 'users/' with a request body when registering a new user, sending a GET request to 'users/1' to retrieve a user information, etc.
When I asked why he'd decided to do it this way, he said in his previous job, trying to add more and more APIs was a pain when following RESTful API design. Also, he said he didn't understand why RESTful API uses different HTTP verbs when all of them could be done with POST.
I tried to come up with the pros of REST API over JSON-RPC over http with POST.
GET requests are cached by the browser, but some browsers may not support POST request caching.
If we are going to open the API to outside developers, this might cause discomfort for them since this is not a typical REST API.
In what circumstance would the JSON-RPC over http style be better the REST RESTful APIs? Or does it just not matter and just a matter of preferance?
it looks like JSON-RPC over http utilizing only the POST method.
Yes, it does.
The way I'm used to doing is sending a POST request to 'users/' with a request body when registering a new user, sending a GET request to 'users/1' to retrieve a user information, etc.
That's not quite it either.
Riddle. How did you submit this question to stack overflow? Well, you probably followed a book mark you had saved, or followed a link from google. Maybe you submitted a search or two, eventually you clicked the "Ask Question", which took you to a form. After filling in the details of the form, you hit the submit button. That took you to a view of your question, that include (among other things) a link to edit the question. You weren't interested in that, so you were done -- except for refreshing the page from time to time hoping for an answer.
That's a REST api. You, the agent, follow links from one state to another, negotiating stack overflows "submit a question" protocol.
Among other things to notice: the browser didn't need to know in advance what URLs to send things to, or which http method to use, because the HTML had encoded those instructions into it. The browser just need to understand the HTML standard, so that it could understand how to find the links/forms within the representation.
Now, REST is just a set of architectural constraints, that boil down to "do it the way a web server does". You don't need to use HTML as your media type; you don't need to design for web browsers as your clients. But, to do REST, you do need hypermedia; and clients that understand that hypermedia type -- so it is going to be a lot easier for you to choose one of the standardized media types.
Are there more reasons why I should prefer RESTful API over JSON-RPC over http with POST? Or does it just not matter?
Roy Fielding, in 2008, offered this simple and correct observation
REST is intended for long-lived network-based applications that span multiple organizations. If you don’t see a need for the constraints, then don’t use them.
For instance, the folks working on GraphQL decided that the properties that the REST constraints induce weren't valuable for their use case; not nearly as valuable as being able to delivery to the client a representation tuned to a clients specific needs.
Horses for courses.
Use RESTful APIs when you are performing standard create, read, update and delete actions on resources. The CRUD actions should behave the same way for each resource, unless you have some before and after hooks. Any new developer coming to the project will easily understand your API if it follows the standards.
Use JSON-RPC when you are performing actions that don't necessarily map cleanly to any CRUD. For instance, maybe you want to retrieve counts or summary data of a specific resource collection. You could do this with REST, but it might require you to think of it as some sort of "summary" resource that you read from. It's easier to do with JSON-RPC, since you can just implement a procedure that runs the appropriate query in your database and returns an appropriate result object.
Or what if you want to make an API call that lets a user delete or update all of instances of a resource(s) that meet some condition, without knowing ahead of time what those instances are?
You can also use JSON-RPC in cases where you need to have a lot of side effects for standard CRUD actions and it's inconvenient to make hooks that run before or after each action.
You don't have to go all in with one of the other, you can use both. Have standard RESTful endpoints where appropriate and another RPC endpoint for handling JSON-RPC calls.
Use REST when you write public web services. REST is standardized and predictable, it will help consumers to write client apps. Also, GET HTTP method is widely used to retrieve resources from public web services.
Use JSON RPC when you write back-end for an application (i.e. not public web services). JSON RPC style is more flexible and more suitable for register, login, and getProductsByFilters methods. There is no reason to use GET with JSON RPC, only POST should be used.

Difference between Apex REST and REST API

Can anyone tell me the difference between the REST API and APEX REST.I am new to REST concept.I am very much confused about them.
The REST API (Force.com REST API) is the generic API provided by Salesforce. On the other hand, the Apex REST API is an API written by yourself in apex to provide custom methods.
The Force.com REST API is great for things such as CRUD operations. You should write a custom Apex REST API when you want to perform more complicated actions.
REST -> architectural style for distributed hypermedia systems.
APREX REST -> Apex REST enables you to implement custom Web services in Apex and expose them through the REST architecture.
Second is used to build RESTful web services
Use the REST API most of the time. You can access your records and update them like you'd expect. But if you need to do something special, like update two records, and only have the changes saved if both updates were successful, then look at Apex REST, where you can customize what your API call does as much as you like.
More details in this interview: https://developer.salesforce.com/blogs/tech-pubs/2011/10/salesforce-apis-what-they-are-when-to-use-them.html

rest api from javascript to handle session and security

I'm developing a public rest api and want to use it for my company's web client as well (jquery). That would work since it would be on the same server.
Howerver, my question is whether rest is even supposed to be consumed by JavaScript? What about authentication and authorization and session information. Since rest is not supposed to maintain any session state.
Can I store all the state, create the response with the token etc within JavaScript?
or should I create another plain servlet layer ontop of my own rest api as a rest client which could be richer (break rest principles)
Create an extra version for the rest api that allows some less rest-like behavior (session data) and maybe even keep that private.
as a side question I'm also wondering if there's any performance difference between using say Jersey vs regular servlets processing calls? In other words, can I use Jersey as a servlet replacement (to take advantage of the format conversions).