REST

REST (Representational State Transfer)

REST constraints

Client/Server
Stateless
Cache
Uniform Interface
Layered System
Code on Demand (optional)

Cache

When caching is utilized and resource is requested from a server,
- if the content is modified then we send 200 Ok HTTP status in response.
- if the content is not modified then we send 304 Not Modified HTTP status in response.

Best Practices

Resources

We only need 2 base URLs per resource
- collection (/cars)
- element (/cars/1244)
4 operations (CRUD)
- POST (Create)
  - /cars: create a new car
  - /cars/1244: create a new car with id 1244 or fail
- GET (read)
  - /cars: list cars
  - /cars/1244: show car 1244
- PUT (update)
  - /cars : replace cars
  - /cars/1244: if exists update car 1244, if not, create car 1244 or fail
- DELETE (delete)
  - /cars : delete all cars
  - /cars/1244: delete car 1244
Avoid verbs to name your resources. Use plural nouns.
Use verbs only if the functionality provided by the call is an operation and not a resource, such as:
- Calculate
- Convert
- Translate
Be consistent
Use concrete resource names instead of abstract ones. e.g., /cars, /cats

Response format

Use the Accept header
- accept: application/header
Use JSON as default response format

Few examples how respose format:

Google: ?alt=json
foursqare: \venue.json
digg: Accept: application/json or ?type=json

Pagination

Use ?offset=10&limit=50
Assume default if no parameters are provided. e.g., limit=10&offset=0

Few examples of pagination:

Facebook: ?offset=10&limit=50
Twitter(x): ?offset=10&limit=50
Linkedin: ?start=10&count=50

Attribute names

Use lowerCamalCase for readability

Errors, HTTP status codes

Avoid having more than 8 error codes
- 200 201 304 400 401 403 404 500
Use the same error codes accross all different API’s

Error Responses

Incorporating hints about how to fix errors and a link to get more infomation.

{
  "code": 23213,
  "message": "MESSAGE",
  "info": "https://SOME_DOMAIN/docs/error/CODE"
}

Examples by different orgs:

Facebook

{
  "type": "OAuthExeption",
  "message": "----"
}

Twillo

{
  "status": 401,
  "message" "",
  "code": 20003,
  "more_info": "http://twillo.com/docs/erros/20003"
}

Assosiations

Assosiations used to represent relationships between entities

Create for assosiations resource

POST `/owners/1234/cars`
GET `/owners/1234/cars/1244`

Complex variations

Sweep variations behind the ? in the query string GET /cars?color=red&location=newyork

Versioning

Recommed way /v1/cars
Maintain at least one version back.
Give developers atleast one cycle to react before obsoleting a version.

Examples by different orgs:

Twillow: /2010-04-01/Accounts
Salesforce: /services/data/v20.0/subjects/account
Facebook: /?v=1.0
Linkedin: /v1
Foursquare: /v2
Etsy: /v1

Partial responses

/cars?fields=name,color,regitryLocation.postalCode

Examples by different orgs:

Linkedin: /people:(id,first-name,last-name,industry)
facebook: /joe.smith/friends?fields=id,name,picture
Google: ?fields=title,media:group(media:thumbnail)

Search

Global: /search?q=short+hair
Scoped-1 Object: /cars?q=red+color
Scoped-Multiple Objects: /search?q=red-color&scope=cars,owners

Domain names

API gateway : api.domain.com
Developers Portal: developers.domain.com
Configure web redirects:
- api -> developers (if from browser)
- dev -> developers
- developers -> developers

Examples by different orgs:

Foursquare
- api.foursquare.com
- developers.foursquare.com
Twitter (X)
- api.twitter.com
- search.twitter.com
- stream.twitter.com
- dev.twitter.com
Facebook
- graph.facebook.com
- api.facebook.com
- developers.facebook.com

Authentication

OAuth 2.0

Examples by different orgs:

Facebook: OAuth 2.0
Twitter (X): OAuth 1.0a
Paypal: OAuth 2.0
Google: OAuth 2.0

References

RESTful API Design Best Practices You Need To Know - YouTube