About Me
-
- Name:John McDowall
- Location:Redwood City, California, United States
Other Minds
Archives
Wednesday, September 25, 2002
Thursday, September 26, 2002
Friday, September 27, 2002
Saturday, September 28, 2002
Saturday, October 05, 2002
Monday, October 07, 2002
Tuesday, October 08, 2002
Wednesday, October 09, 2002
Thursday, October 10, 2002
Friday, October 18, 2002
Thursday, October 24, 2002
Tuesday, October 29, 2002
Wednesday, November 06, 2002
Monday, November 11, 2002
Saturday, November 16, 2002
Tuesday, November 26, 2002
Wednesday, November 27, 2002
Wednesday, January 08, 2003
Thursday, January 09, 2003
Saturday, January 11, 2003
Monday, January 13, 2003
Tuesday, January 14, 2003
Monday, January 20, 2003
Saturday, January 25, 2003
Sunday, January 26, 2003
Friday, February 14, 2003
Monday, February 17, 2003
Friday, February 28, 2003
Sunday, March 02, 2003
Friday, March 07, 2003
Monday, March 10, 2003
Wednesday, March 12, 2003
Monday, March 24, 2003
Sunday, March 30, 2003
Sunday, April 13, 2003
Thursday, May 01, 2003
Friday, May 02, 2003
Wednesday, May 07, 2003
Thursday, May 15, 2003
Tuesday, May 20, 2003
Monday, June 02, 2003
Sunday, July 13, 2003
Sunday, August 10, 2003
Thursday, August 14, 2003
Sunday, August 24, 2003
Monday, September 15, 2003
Tuesday, September 16, 2003
Tuesday, September 23, 2003
Wednesday, September 24, 2003
Saturday, October 11, 2003
Sunday, October 19, 2003
Monday, October 20, 2003
Thursday, October 23, 2003
Monday, December 29, 2003
Thursday, January 01, 2004
Friday, January 02, 2004
Monday, January 19, 2004
Thursday, January 29, 2004
Tuesday, February 03, 2004
Monday, February 09, 2004
Tuesday, February 10, 2004
Thursday, February 19, 2004
Sunday, February 29, 2004
Friday, March 12, 2004
Monday, March 22, 2004
Tuesday, March 23, 2004
Thursday, March 25, 2004
Wednesday, March 31, 2004
Tuesday, May 18, 2004
Friday, May 28, 2004
Thursday, June 03, 2004
Wednesday, June 16, 2004
Thursday, June 17, 2004
Saturday, July 03, 2004
Sunday, August 15, 2004
Tuesday, August 17, 2004
Thursday, August 19, 2004
Wednesday, September 08, 2004
Wednesday, October 13, 2004
Thursday, October 14, 2004
Friday, October 15, 2004
Monday, October 18, 2004
Thursday, October 21, 2004
Friday, November 05, 2004
Thursday, November 11, 2004
Tuesday, November 16, 2004
Wednesday, March 02, 2005
Thursday, March 03, 2005
Friday, March 04, 2005
Monday, March 07, 2005
Tuesday, March 08, 2005
Thursday, March 10, 2005
Friday, March 11, 2005
Wednesday, March 16, 2005
Friday, March 18, 2005
Saturday, March 19, 2005
Tuesday, March 22, 2005
Thursday, March 24, 2005
Friday, March 25, 2005
Thursday, March 31, 2005
Monday, April 11, 2005
Wednesday, April 13, 2005
Thursday, April 14, 2005
Monday, April 18, 2005
Tuesday, April 19, 2005
Tuesday, April 26, 2005
Tuesday, May 03, 2005
Thursday, May 05, 2005
RESTful coding standards
In AJAX Considered Harmful Sam Ruby starts to lay out a set of useful coding standards for REST. He addresses Encoding and Idempotency, however going a little further has helped me. I have tried to apply the KISS principal and be a minimalist i.e. only add layers of complexity when you need them
Most use cases I have come across can be reduced to a CRUD interface (and yes there are exceptions, and exceptions prove the rule). The starting point is some standard naming conventions to create some degree of consistency for users for example:
- Create POST to http://xml.domain.com/resource/Create
- Read GET from http://xml.domain.com/resource?QueryString
- Update POST to http://xml.domain.com/resource/Update
- Delete POST to http://xml.domain.com/resource/Delete
The other issue is how to pass arguments and results back and forth. Some decisions are obvious, GET always passes a query string and the return data is always XML both using UTF8. I always have issues with POST though for invocations I recommend using XML always as it is hard on a user to have to switch between POST form parameters and XML for different methods. If XML is always used it keeps everything consistent. However when a delete method only requires a single key it is very tempting to just pass form parameter or even just do a GET with a query string. So far I have stayed with consistency - I would be interested in other opinions.
The other of standardization that helps is error returns, SOAP Faults are a good idea that REST can easily adopt. With a CRUD interface there are a simple set of standard errors that can be defined that come back with a HTTP 500 status code:
- Create: Item Already Exists User has no permissions ...
- Read: Item Does not Exist User has no permissions ....
- Update: Item Does not Exist Item Locked User has no permissions ...
- Delete: Item Does not Exist Item Locked User has no permissions ....
For authentication the lowest common denominator seems to work most of the time - interested to hear about real cases where it does not. If the request is over HTTPS and the authentication is HTTP-Auth then we have pretty good security. One step further would be to PGP the message but that would only be needed where the message needed to be highly secure and it traveled over unsecured pipes before and/or beyond the HTTPS stream.
I would be interested in feedback and extensions to this as it would be nice to have a consistent pattern for programming REST interfaces. The consistent pattern would enable us all to build interfaces faster and learn to use the work of others faster and easier.
