Web Services. Lecture III. Valdas Rapševičius Vilnius University Faculty of Mathematics and Informatics

Transcription

1 Web Services Lecture III Valdas Rapševičius Vilnius University Faculty of Mathematics and Informatics

2 Outline Web Architecture Internet HTTP URI Hypermedia ROA Principles Hypermedia Best practices Metadata Valdas Rapševičius. Web Services 2

3 Success of Web Internet HTTP URI Hypertext Valdas Rapševičius. Web Services 3

4 Internet Valdas Rapševičius. Web Services 4

5 Transport: TCP/IP TCP: Transmission Control Protocol Error-free data transportation In-order delivery Unsegmented data stream IP: Internet Protocol (IPv4, IPv6) Addressing by IP numbers Relaying datagrams Valdas Rapševičius. Web Services 5

6 Transport by Example Valdas Rapševičius. Web Services 6

7 TCP/IP Packet Valdas Rapševičius. Web Services 7

8 TPC/IP Connection Timeline Valdas Rapševičius. Web Services 8

9 HTTP Hypertext Transfer Protocol The Internet s Multimedia Courier An application layer protocol Reliable? Uses reliable transport! Resources: RFC 2616: IETF HTTP/1.1 RFC RFC 4229: HTTP Header Field Registrations HTTP/1.1: Header Field Definitions Valdas Rapševičius. Web Services 9

10 HTTP Versions HTTP/0.9 (1991) Supports only the GET method Does not support MIMEs, headers, or versions HTTP/1.0 (1991) Version numbers, headers, additional methods, and multimedia object handling HTTP/1.0+ (mid-1990s) Long-lasting keepalive connections, virtual hosting support, and proxy connection support HTTP/1.1 (late-1990s) Semantics specification, performance optimizations, and removing mis-features De-facto current version of HTTP. HTTP-NG (a.k.a. HTTP/2.0) A prototype proposal for an architectural successor to HTTP/1.1 Focuses on performance optimizations and a more powerful framework for remote execution of server logic Valdas Rapševičius. Web Services 10

11 Web Architecture Web Servers Host web resources (source of web content) Proxies HTTP intermediaries that sit between clients and servers Caches HTTP storehouses that keep copies of popular web pages close to clients Gateways Special web servers that connect to other applications Tunnels Special proxies that blindly forward HTTP communications Agents (aka Clients) Semi-intelligent web clients that make automated HTTP requests Valdas Rapševičius. Web Services 11

12 HTTP: Messages Valdas Rapševičius. Web Services 12

13 Telnet Example Valdas Rapševičius. Web Services 13

14 HTTP: Message Parts Method The action that the client wants the server to perform on the resource. It is a single word, like GET, HEAD, or POST Request-URL A complete URL naming the requested resource, or the path component of the URL Version The version of HTTP that the message is using. Its format looks like: HTTP/<major>.<minor> where major and minor both are integers Status-code A three-digit number describing what happened during the request. The first digit of each code describes the general class of status ( success, error, etc.). Reason-phrase A human-readable version of the numeric status code, consisting of all the text until the end-of-line sequence. The reason phrase is meant solely for human consumption, so, for example, response lines containing HTTP/ NOT OK and HTTP/ OK. Headers Zero or more headers, each of which is a name, followed by a colon (:), followed by optional whitespace, followed by a value, followed by a CRLF. The headers are terminated by a blank line (CRLF), marking the end of the list of headers and the beginning of the entity body. Entity-body The entity body contains a block of arbitrary data. Not all messages contain entity bodies, so sometimes a message terminates with a bare CRLF Valdas Rapševičius. Web Services 14

15 HTTP: Methods Valdas Rapševičius. Web Services 15

16 HTTP: Status Code Valdas Rapševičius. Web Services 16

17 200 OK Success Status Codes Standard response for successful HTTP requests. 201 Created The request has been fulfilled and resulted in a new resource being created. 202 Accepted The request has been accepted for processing, but the processing has not been completed. The request might or might not eventually be acted upon, as it might be disallowed when processing actually takes place. 203 Non-Authoritative Information (since HTTP/1.1) The server successfully processed the request, but is returning information that may be from another source. 204 No Content The server successfully processed the request, but is not returning any content. 205 Reset Content The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view. 206 Partial Content The server is delivering only part of the resource due to a range header sent by the client. The range header is used by tools like wget to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams Valdas Rapševičius. Web Services 17

18 Redirection Status Codes (1) 300 Multiple Choices Indicates multiple options for the resource that the client may follow. It, for instance, could be used to present different format options for video, list files with different extensions, or word sense disambiguation. 301 Moved Permanently This and all future requests should be directed to the given URI 302 Found This is an example of industry practice contradicting the standard. The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily") but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, some Web applications and frameworks use the 302 status code as if it were the See Other (since HTTP/1.1) The response to the request can be found under another URI using a GET method. When received in response to a POST (or PUT/DELETE), it should be assumed that the server has received the data and the redirect should be issued with a separate GET message. 304 Not Modified Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-Match. This means that there is no need to retransmit the resource, since the client still has a previously-downloaded copy Valdas Rapševičius. Web Services 18

19 Redirection Status Codes (2) 305 Use Proxy (since HTTP/1.1) The requested resource is only available through a proxy, whose address is provided in the response. 306 Switch Proxy No longer used. Originally meant "Subsequent requests should use the specified proxy." 307 Temporary Redirect (since HTTP/1.1) In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For instance, a POST request should be repeated using another POST request. 308 Permanent Redirect (approved as experimental RFC) The request, and all future requests should be repeated using another URI. 307 and 308 (as proposed) parallel the behaviour of 302 and 301, but do not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly Valdas Rapševičius. Web Services 19

20 301 Example Valdas Rapševičius. Web Services 20

21 304 Example Valdas Rapševičius. Web Services 21

22 Client Error Codes (1) 400 Bad Request The request cannot be fulfilled due to bad syntax 401 Unauthorized Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. 402 Payment Required Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code is not usually used. YouTube uses this status if a particular IP address has made excessive requests, and requires the person to enter a CAPTCHA. 403 Forbidden The request was a valid request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference. On servers where authentication is required, this commonly means that the provided credentials were successfully authenticated but that the credentials still do not grant the client permission to access the resource (e.g. a recognized user attempting to access restricted content). 404 Not Found The requested resource could not be found but may be available again in the future. 405 Method Not Allowed A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource Valdas Rapševičius. Web Services 22

23 Client Error Codes (2) 406 Not Acceptable The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. 407 Proxy Authentication Required The client must first authenticate itself with the proxy. 408 Request Timeout The server timed out waiting for the request. According to W3 HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time." 409 Conflict Indicates that the request could not be processed because of conflict in the request, such as an edit conflict. 410 Gone Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource again in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead. 411 Length Required The request did not specify the length of its content, which is required by the requested resource Valdas Rapševičius. Web Services 23

24 Client Error Codes (3) 412 Precondition Failed The server does not meet one of the preconditions that the requester put on the request. 413 Request Entity Too Large The request is larger than the server is willing or able to process. 414 Request-URI Too Long The URI provided was too long for the server to process. 415 Unsupported Media Type The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. 416 Requested Range Not Satisfiable The client has asked for a portion of the file, but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. 417 Expectation Failed The server cannot meet the requirements of the Expect request-header field Valdas Rapševičius. Web Services 24

25 Server Error Codes 500 Internal Server Error A generic error message, given when no more specific message is suitable. 501 Not Implemented The server either does not recognize the request method, or it lacks the ability to fulfill the request. 502 Bad Gateway The server was acting as a gateway or proxy and received an invalid response from the upstream server. 503 Service Unavailable The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state. 504 Gateway Timeout The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. 505 HTTP Version Not Supported The server does not support the HTTP protocol version used in the request Valdas Rapševičius. Web Services 25

26 HTTP Headers General headers These are generic headers used by both clients and servers. They serve general purposes that are useful for clients, servers, and other applications to supply to one another. Request headers As the name implies, request headers are specific to request messages. They provide extra information to servers, such as what type of data the client is willing to receive. Response headers Response messages have their own set of headers that provide information to the client Entity headers Entity headers refer to headers that deal with the entity body. For instance, entity headers can tell the type of the data in the entity body. Extension headers Extension headers are nonstandard headers that have been created by application developers but not yet added to the sanctioned HTTP specification. HTTP programs need to tolerate and forward extension headers, even if they don t know what the headers mean Valdas Rapševičius. Web Services 26

27 General Headers General Request Informational Accept Conditional Security Proxy Response Informational Negotiation Security Entity Informational Contents Caching Extension Valdas Rapševičius. Web Services 27

28 General Headers (1) Date The date and time that the message was sent Date: Tue, 15 Nov :12:31 GMT Connection What type of connection the user-agent would prefer Connection: keep-alive Trailer The Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding. Trailer: Max-Forwards Transfer-Encoding The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity. Transfer-Encoding: chunked Valdas Rapševičius. Web Services 28

29 General Headers (2) Upgrade Via Ask the client/server to upgrade to another protocol. Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11 Informs the server of proxies through which the request was sent. Via: 1.0 fred, 1.1 example.com (Apache/1.1) Cache-Control Used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain Cache-Control: no-cache Pragma Implementation-specific headers that may have various effects anywhere along the requestresponse chain. Pragma: no-cache Valdas Rapševičius. Web Services 29

30 General Headers General Request Informational Accept Conditional Security Proxy Response Informational Negotiation Security Entity Informational Contents Caching Extension Valdas Rapševičius. Web Services 30

31 Request Informational Headers From Host The address of the user making the request From: The domain name of the server (for virtual hosting), and the TCP port number on which the server is listening. The port number may be omitted if the port is the standard port for the service requested.[5] Mandatory since HTTP/1.1. Although domain name are specified as caseinsensitive,[6][7] it is not specified whether the contents of the Host field should be interpreted in a case-insensitive manner[8] and in practice some implementations of virtual hosting interpret the contents of the Host field in a case-sensitive manner.[citation needed] Host: en.wikipedia.org:80 Host: mif.vu.lt Referer This is the address of the previous web page from which a link to the currently requested page was followed. (The word referrer is misspelled in the RFC as well as in most implementations.) Referer: Valdas Rapševičius. Web Services 31

32 Non-standard Request Informational Headers These headers are not defined in RFC 2616 but are implemented by many HTTP client applications: Client-IP Provides the IP address of the machine on which the client is running UA-Color Provides information about the color capabilities of the client machine s display UA-CPU Gives the type or manufacturer of the client s CPU UA-Disp Provides information about the client s display (screen) capabilities UA-OS Gives the name and version of operating system running on the client machine UA-Pixels Provides pixel information about the client machine s display Valdas Rapševičius. Web Services 32

33 Request Accept Headers Accept Content-Types that are acceptable Accept: text/plain Accept-Charset Character sets that are acceptable Accept-Charset: utf-8 Accept-Encoding Acceptable encodings. Accept-Encoding: gzip, deflate Accept-Language Acceptable human languages for response Accept-Language: en-us Accept-Datetime TE Acceptable version in time Accept-Datetime: Thu, 31 May :35:00 GMT The transfer encodings the user agent is willing to accept: the same values as for the response header Transfer-Encoding can be used, plus the "trailers" value (related to the "chunked" transfer method) to notify the server it expects to receive additional headers (the trailers) after the last, zero-sized, chunk. TE: trailers, deflate Valdas Rapševičius. Web Services 33

34 Request Conditional Headers Expect Indicates that particular server behaviors are required by the client Expect: 100-continue If-Match Only perform the action if the client supplied entity matches the same entity on the server. This is mainly for methods like PUT to only update a resource if it has not been modified since the user last updated it. If-Match: "737060cd8c284d8af7ad3082f209582d" If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct :43:31 GMT If-None-Match Allows a 304 Not Modified to be returned if content is unchanged If-None-Match: "737060cd8c284d8af7ad3082f209582d" If-Range If the entity is unchanged, send me the part(s) that I am missing; otherwise, send me the entire new entity If-Range: "737060cd8c284d8af7ad3082f209582d" If-Unmodified-Since Only send the response if the entity has not been modified since a specific time. If-Unmodified-Since: Sat, 29 Oct :43:31 GMT Valdas Rapševičius. Web Services 34

35 Request Security & Proxy Headers Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Cookie An HTTP cookie previously sent by the server with Set-Cookie Cookie: $Version=1; Skin=new; Proxy-Authorization Authorization credentials for connecting to a proxy. Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Max-Forwards Limit the number of times the message can be forwarded through proxies or gateways Max-Forwards: Valdas Rapševičius. Web Services 35

36 General Headers General Request Informational Accept Conditional Security Proxy Response Informational Negotiation Security Entity Informational Contents Caching Extension Valdas Rapševičius. Web Services 36

37 Response Informational Headers Age The age the object has been in a proxy cache in seconds Age: 12 Retry-After If an entity is temporarily unavailable, this instructs the client to try again after a specified period of time (seconds). Retry-After: 120 Server A name for the server Server: Apache/2.4.1 (Unix) Warning A general warning about possible problems with the entity body. Warning: 199 Miscellaneous warning Valdas Rapševičius. Web Services 37

38 Response Negotiation Headers Accept-Ranges Vary What partial content range types this server supports Accept-Ranges: bytes Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server. Vary: * Valdas Rapševičius. Web Services 38

39 Response Security Headers Set-Cookie An HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1 Proxy-Authenticate Request authentication to access the proxy. Proxy-Authenticate: Basic WWW-Authenticate Indicates the authentication scheme that should be used to access the requested entity. WWW-Authenticate: Basic Valdas Rapševičius. Web Services 39

40 General Headers General Request Informational Accept Conditional Security Proxy Response Informational Negotiation Security Entity Informational Contents Caching Extension Valdas Rapševičius. Web Services 40

41 Entity Informational Headers Allow Valid actions for a specified resource. To be used for a 405 Method not allowed Allow: GET, HEAD Location Used in redirection, or when a new resource has been created Location: Valdas Rapševičius. Web Services 41

42 Entity Content Headers (1) Content-Encoding The type of encoding used on the data. Content-Encoding: gzip Content-Language The language the content is in Content-Language: da Content-Length The length of the response body in octets (8-bit bytes) Content-Length: 348 Content-Location An alternate location for the returned data Content-Location: /index.htm Valdas Rapševičius. Web Services 42

43 Entity Content Headers (2) Content-Location An alternate location for the returned data Content-Location: /index.htm Content-MD5 A Base64-encoded binary MD5 sum of the content of the response Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== Content-Disposition An opportunity to raise a "File Download" dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters. Content-Disposition: attachment; filename="fname.ext" Content-Range Where in a full body message this partial message belongs Content-Range: bytes /47022 Content-Type The MIME type of this content Content-Type: text/html; charset=utf Valdas Rapševičius. Web Services 43

44 Entity Caching Headers Etag An identifier for a specific version of a resource, often a message digest ETag: "737060cd8c284d8af7ad3082f209582d" Expires Gives the date/time after which the response is considered stale Expires: Thu, 01 Dec :00:00 GMT Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov :45:26 GMT Valdas Rapševičius. Web Services 44

45 Caching Valdas Rapševičius. Web Services 45

46 Caching: Workflow Valdas Rapševičius. Web Services 46

47 Cache: If-Modified-Since Valdas Rapševičius. Web Services 47

48 Entity Tags: ETag Valdas Rapševičius. Web Services 48

49 Basic Authentication (1) Valdas Rapševičius. Web Services 49

50 Basic Authentication (2) Valdas Rapševičius. Web Services 50

51 Digest Authentication Valdas Rapševičius. Web Services 51

52 Secure HTTP Valdas Rapševičius. Web Services 52

53 Public Key Encryption Valdas Rapševičius. Web Services 53

54 SSL process (1) Valdas Rapševičius. Web Services 54

55 SSL process (2) Valdas Rapševičius. Web Services 55

56 Content Encoding Valdas Rapševičius. Web Services 56

57 Range Request Valdas Rapševičius. Web Services 57

58 Entity Tags Valdas Rapševičius. Web Services 58

59 HTTP Entities Messages Are Crates, Entities Are Cargo Content Type: MIME (Multipurpose Internet Mail Extensions) Type or Content-Type text/plain (type/subtype) New type registration Procedure RFC Valdas Rapševičius. Web Services 59

60 Multipart Entities Valdas Rapševičius. Web Services 60

61 HTTP problems Single request per connection Because HTTP can only fetch one resource at a time (HTTP pipelining helps, but still enforces only a FIFO queue), a server delay of 500 ms prevents reuse of the TCP channel for additional requests. Browsers work around this problem by using multiple connections. Since 2008, most browsers have finally moved from 2 connections per domain to 6. Exclusively client-initiated requests In HTTP, only the client can initiate a request. Even if the server knows the client needs a resource, it has no mechanism to inform the client and must instead wait to receive a request for the resource from the client. Uncompressed request and response headers Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents expand features, typical header sizes of bytes is common. For modems or ADSL connections, in which the uplink bandwidth is fairly low, this latency can be significant. Reducing the data in headers could directly improve the serialization latency to send requests Redundant headers In addition, several headers are repeatedly sent across requests on the same channel. However, headers such as the User-Agent, Host, and Accept* are generally static and do not need to be resent. Optional data compression. HTTP uses optional compression encodings for data. Content should always be sent in a compressed format. Source: Valdas Rapševičius. Web Services 61

62 Goals Future of HTTP Not to replace HTTP! One connection: prioritizing and multiplexing of subresources Compressing and caching headers Alternatives: HTTP 2.0 Developed by the Hypertext Transfer Protocol Bis (httpbis) working group of the IETF SPDY By Google Supported by Chrome/Chromium, FF 11+ S+M Microsoft WebSockets Full duplex protocol over TCP Valdas Rapševičius. Web Services 62

63 URI URI Uniform Resource Identifier Uniquely Identifies resources in Web URL Uniform Resource Locator Most common form of resource identifier Describe the specific location of a resource on a particular server URN Uniform Resource Name Unique name for a particular piece of content, independent of where the resource currently resides urn:ietf:rfc: Valdas Rapševičius. Web Services 63

64 URL Syntax Valdas Rapševičius. Web Services 64

65 URI Schemes Scheme + : + scheme-specific part Examples: skype:<username or phone number>?call news:alt.tv.simpsons feed: Valdas Rapševičius. Web Services 65

66 Hypertext Hypertext is text which is not constrained to be linear. Hypertext is text which contains links to other texts. The term was coined by Ted Nelson around HyperMedia is a term used for hypertext which is not constrained to be text: it can include graphics, video and sound. Apparently Ted Nelson was the first to use this term too. Hypertext and HyperMedia are concepts, not products Valdas Rapševičius. Web Services 66

67 REST Representational State Transfer (REST) A style of software architecture for distributed systems such as the World Wide Web REST has emerged as a predominant web service design model ROA (Resource-Oriented Architecture) Valdas Rapševičius. Web Services 67

68 REST: Origins Roy Fielding documented REST based on the principles that emerged as the Web evolved (Fielding 2000) Noticed that Web servers, clients, and intermediaries shared some principles that gave them extensibility to work on the large-scale of the Internet Identified four principles of REST (which he called constraints) (Fielding 2000): 1. Identification of resources 2. Manipulation of resources through representations 3. Self-descriptive messages 4. Hypermedia as the engine of application state (abbreviated HATEOAS) Valdas Rapševičius. Web Services 68

69 REST Data Elements Valdas Rapševičius. Web Services 69

70 Resource The key abstraction of information in REST is a resource Any information that can be named can be a resource a document or image a temporal service (e.g. "today's weather in Los Angeles") a collection of other resources, a non-virtual object (e.g. a person) Any concept that might be the target of an author's hypertext reference must fit within the definition of a resource Valdas Rapševičius. Web Services 70

71 Resource Representation A representation is a sequence of bytes, plus representation metadata to describe those bytes. Other commonly used but less precise names for a representation include: document, file, and HTTP message entity, instance, or variant. A representation consists of data, metadata describing the data, and, on occasion, metadata to describe the metadata (usually for the purpose of verifying message integrity). Metadata is in the form of name-value pairs, where the name corresponds to a standard that defines the value's structure and semantics Valdas Rapševičius. Web Services 71

72 Resource State + Transfer A given representation may indicate the current state of the requested resource or the desired state for the requested resource Valdas Rapševičius. Web Services 72

73 REST Principles Addressability Every object and resource in your system is reachable through a unique identifier Use URIs (URLs)! Constrained interface Stick to the finite set of operations of the application protocol Use HTTP methods! Familiarity, Interoperability, Scalability Representation oriented Client receives a representation of the current state of that resource Client puts or post passes a representation of the resource to the server so that the underlying resource s state can change Use MIME Types! Communicate Statelessly There is no client session data stored on the server Hypermedia As The Engine Of Application State (HATEOAS) Location transparency Decoupling interaction details Reduced state transition errors Valdas Rapševičius. Web Services 73

74 REST Example Valdas Rapševičius. Web Services 74

75 Representations Standard: RDF (application/rdf+xml) Atom Syndication Format (application/atom+xml) GData (Google) or OData (Microsoft) Language-based: Microformat (application/xml, text/xml) Format-based: XML or POX (application/xml, text/xml) JSON (application/json) YAML (text/x-yaml) Valdas Rapševičius. Web Services 75

76 Hypermedia Hypermedia is a document-centric approach with the added support for embedding links to other services and information within that document format Valdas Rapševičius. Web Services 76

77 ROA Best Practices Representations Should Be Addressable (URI) State and Statelessness State of the Resource (ETag) State of Application (URI) Connectedness Links and forms connect the resources to each other The Uniform Interface (HTTP methods) Safety (HEAD & GET methods) Idempotence (PUT & DELETE methods) PUT vs POST Client can create a resource via PUT if it can calculate the final URI Overloading GET & POST? Transactions (as resources)? Authentication Versioning Valdas Rapševičius. Web Services 77

78 Common REST Mistakes Tunneling everything through GET Ignoring response codes Ignoring caching Ignoring hypermedia Ignoring MIME types Valdas Rapševičius. Web Services 78

79 REST API Implementation Figure out the data set Split the data set into resources For each kind of resource: Name the resources with URIs Expose a subset of the uniform interface Design the representation(s) accepted from the client Design the representation(s) served to the client Integrate this resource into existing resources, using hypermedia links and forms Consider the typical course of events: what s supposed to happen? Consider error conditions: what might go wrong? Valdas Rapševičius. Web Services 79

80 RO Analysis and Design (ROA/D) Valdas Rapševičius. Web Services 80

81 From Data to GUI Valdas Rapševičius. Web Services 81

82 REST Services Maturity Level 0 services that have a single URI (all interactions through a single resource) use a single HTTP method (typically POST, i.e., WS-*) Level 1 many URIs (numerous logical resources) single HTTP verb Level 2 numerous URI-addressable resources several of the HTTP verbs on each exposed resource (CRUD) Level 3 representations contain URI links to other resources application state transitions as a result by Valdas Rapševičius. Web Services 82

83 Metadata Entry point(s) Resource paths Methods to access these resources GET, POST, PUT, etc. Parameters that need to be supplied with these methods Query, Template, HTTP Header, etc. Formats of inbound / outbound messages/representations JSON Schema, XML Schema, Relax NG, etc. Status codes and error/fault messages Documentary information for all these descriptions, etc Valdas Rapševičius. Web Services 83

84 Metadata formats WSDL WADL Web Application Description Language submitted to the W3C by Sun in Swagger Developed by Reverb iodocs Developed by Masherys apiary.io Developed by Apiary Valdas Rapševičius. Web Services 84

85 Future of Web Valdas Rapševičius. Web Services 85

86 Conclusions Web is based on simple principles REST Resources Web (see Web!) Hypermedia New protocols WebSockets, SPDY/HTTP/2.0 SOA vs ROA Simplicity wins again! Valdas Rapševičius. Web Services 86