To be really RESTFul, a service should comply to REST rules such as using the correct http operation (GET, POST, PUT etc..) for each scenario, e.g use POST to create a new resource or GET to get a resource without modifying the global state.
However, cross-domain calls that use the JSONP approach works only with GET operation by nature.
How do you do to both respect REST rules (meaning we can have some methods that will be accessible only by POST ing a data to them) and make your service accepting cross domain calls ? Is there some best practices to achieve that ?
Thanks !
Riana
Related
I could not find a universally agreeable way to specify commands in RESTful manner. Consider that I have a resource on which I want to provide 3 commands:
enable
disable
re-trigger
Which is the most RESTful way?
POST /resource/disable
POST /resource?command=disable
Any other way ?
Which is the most RESTful way?
How would you do it with a web site? REST is the architectural style of the world wide web; if you can figure out how you would do it with a web site, that will give you the right idea for how to provide a RESTful API.
On the web, the usual answer would be that we would have forms to collect information from the client, who would then submit a POST request (because we are intending to change the resource) to some endpoint.
Because the form.action property tells the client what URI to use, the server has control over what the URI is -- we can change it later if we want to.
We could, as you suggest, have a different URI for each command. There's nothing wrong with that, but it does miss an opportunity. You see, one of the important ideas in REST is caching; and HTTP defines cache invalidation semantics; the practical aspect of which is that if you use the /resource identifier as the form action, then successful POST requests will automatically invalidate the client's local copies of the resource.
This does imply, of course, that the POST handler in your implementation will have to determine which command was intended -- probably by looking at information included in the body of the post request; a "commandName" parameter or something similar.
If I am calling a Web APi service and that service makes various other calls to other services, do I use POST or GET?
To elaborate further, let's say I call Web Api Service One saying 'Do the thing'. Web Api One's job when requested thus, is to GET data from Service Two and POST data to Service Three. Perhaps Service One will then update Service Two. Service One will then respond to caller with any success/failure.
My question again is should I the caller, use POST or GET to Service One?
It's all about the semantics of the request. From the RFC 7231:
The request method token is the primary source of request semantics;
it indicates the purpose for which the client has made this request
and what is expected by the client as a successful result.
Here's a brief description of some HTTP methods defined in the RFC RFC 7231 (click the links to check the full method definition):
GET: Transfer a current representation of the target resource.
HEAD: Same as GET, but only transfer the status line and header section.
POST: Perform resource-specific processing on the request payload.
PUT: Replace all current representations of the target resource with the request payload.
DELETE: Remove all current representations of the target resource
In addition to the methods listed above, the RFC 5789 standardized the PATCH HTTP method for performing partial updates to a resource.
POST is commonly seen as a "catch all" method, once the target resource process the request payload according to the resource's own specific semantics.
HTTP methods can be classified as safe and/or idempotent and it must be taken into account when designing an API with on the top of HTTP.
Typically I would only use a variety of HTTP verbs (GET, POST, PUT, DELETE etc) when using a REST API. Then the endpoints are resources in their own right. For example:
/car
So the verbs make sense (are you getting a car? creating one? updating one? removing one?)
But when I am not using a REST API the HTTP verbs tend to have less meaning and I generally only use HTTP POST. Otherwise you hit logical problems like you're experiencing here.
eg
/rentacar
This API models an RPC that may cause many resources to change in many ways. It is not a REST API and so the HTTP Verbs don't really relate.
But in honesty, for RPC (remote procedure calls), people choose between GET and POST by either:
GET for operations that don’t modify anything and POST for other cases.
GET for operations that don’t need too much parameters and POST for other cases.
GET and POST on a random basis or always use POST.
Purists prefer 1. But sometimes you don't know when modifications are going to occur. So, take your pick!
Sometime back I developed a Restful service in Java with only 1 GET resource. It was accessed like this:
GET http://localhost:8080/my-project/customers/transactions
This GET request returns all the customer transactions.
Now, I have another project request where they want to insert customer transactions in a different schema in same database. I thought instead of creating other service I could enhance this service since underlying database is same and it's about customer transactions.
So, I created another method in my service interface createCustomerTransactions and I am thinking to name it same as my GET request but this one will be POST like this:
POST http://localhost:8080/my-project/customers/transactions
I tested this using Soap-UI and it works. My question is it the right way to do Restful. Is it okay to have both GET and POST having same url, internally though they will be pointing to different actual methods?
I am not good with names so can't come up another better name for resource.
TL;DR Yes you can, it is actually a good practice.
Here is why:
Restful when is used with HTTP depends in the resources(URL's) and rely the actions the HTTP verbs, it is common and good practice used this verbs to identify some operations over the resources you have:
GET retrieve all or just one resource.
POST is normally for create a new resource.
PUT used to update a resource
DELETE delete a resource
One of the first tasks that we should do before starting our Restful API is identify which are the resources that we need to have and what will be the attributes of them. The first rule over this approach is to use nouns not verbs, such as person, ticket, customer , etc..
Once you have your resources defined, you need to identify what actions apply to them and how those would map to your API. RESTful principles provide strategies to handle CRUD actions using HTTP methods mapped as follows.
GET /tickets - Retrieves a list of tickets
GET /tickets/12 - Retrieves a specific ticket
POST /tickets - Creates a new ticket
PUT /tickets/12 - Updates ticket #12
PATCH /tickets/12 - Partially updates ticket #12 <-- check this approach.
DELETE /tickets/12 - Deletes ticket #12
The above depends on firewall configurations, but consider the above as a suggestion for API design principles.
Yes you can. In fact this is one of the core fundamentals of RESTful desgin. Its not crud/RPC like i.e. createTransaction or fetchTransaction. HTTP verbs are used to specify actions on resources.
i have a requirement, i want to call list of REST services which have different security mechanisms, like, some may have HTTPS and others may have naked HTTP, few others may have basic authentication and remaining may require a "Authorization header" . i want to call all these REST services with different service mechanism from a single HTTP OUT BOUND END POINT . how can i configure the HTTP endpoint to accomplish this ? or should i use different end points to accomplish my requirement .
You can't do that. Some of the attributes of the Http connector/endpoints can be configured as an expression but not all of them.
You'll have to leverage a choice-router and a number of http and https endpoints.
Different service mechanism requires different configuration...
If you want to do it in a single flow, as Victor said you need to use choice router and based on certain condition it will call the rest service it required...
and in each Choice block, you have to configure the calling of each type of rest service with it's security mechanism
Is it appropriate to perform actions with REST, other than simple create (POST), read (GET), update (PUT), and delete (DELETE)? I'm kind of new to the whole RESTful theology, so bear with me, but how should I accomplish the following:
I have a web service that needs to talk to another web service. Web service A needs to "reserve" an object on Web service B. This object has a timeout of validity, but can be deleted immediately if need be. It's essentially a glorified permissions system which requires web services to reserve a space on web service B before taking any actions.
My initial thought was to 1. enable authentication of some sort, 2. in the serverside response to a GET call, reserve the space and return the result, and 3. provide immediate "unreservation" of the object via a DELETE call. Is this still being RESTful?
Yes, it's OK to perform actions with rest. What matters is that these actions should be guided by the representations you exchange.
If you think about the way the web works (via a browser), you do this all the time: you get an HTML form that lets you choose a number of actions you can perform. Then, you submit the form (typically via POST) and the action is performed.
It's good to be able to use DELETE via a programmatic client (which is something that non-AJAX requests in browsers wouldn't support), but the overall approach of a RESTful system should be very similar to what you find for websites (i.e. the focus should be on the representations: the equivalent of web pages in your system).
GET shouldn't have side effects, so don't use GET to make the reservation itself, use something like POST instead.
No - unlikely to be restful
From your description ...
2. in the serverside response to a GET call, reserve the space and return the result
GETs should be idempotent. For this reason alone, your service is unlikely to be restful because the state of the system after the first GET is different.
You really need to consider that a Reservation is a resource and should be created with a POST to a reservations container which will return the URI of the new resource in the Location header of the HTTP response. This UrI can be used by Get to return the resource and updated with a PUT
Post should be used to extend an existing resource and Put for replacing the state of a resource. In your case, consider the Post to be updating a list of Reservations and returning the URI of the new resource (not just the I'd). Put can be used for changing the state associated with the resource identified by the UR
You're on the right track, but your reservation of the object should be with a PUT; you're PUTting a reservation on the object, i.e. changing the underlying object.
PUT is the right verb here, since you know what resource you're modifying, and it should be idempotent for multiple requests.