Directory UMM :Networking Manual:computer_network_books:

(1)

REST

(Representational State Transfer)

Roger L. Costello

(2)

Acknowledgements

• I would like to thank Paul Prescod for his very helpful

comments on improving this tutorial, as well as his

outstanding articles on REST.

• Also, thanks to the following people for their comments and

suggestions:

– Sam Ruby – Mark Baker

– Robert McKinnon – Mike Dierken – Amy Kazura – Kit Lueder

(3)

What is REST?

• REST is a term coined by Roy Fielding in

his Ph.D dissertation [1] to describe an

architecture style

of networked systems.

(4)

Why is it called

"Representation State Transfer"?

Resource Client http://www.boeing.com/aircraft/747

Boeing747.html

The Client references a Web resource using a URL. A representation

of the resource is returned (in this case as an HTML document).

The representation (e.g., Boeing747.html) places the client application in a state. The result of the client traversing a hyperlink in Boeing747.html is another resource is accessed. The new representation places the client

application into yet another state. Thus, the client application changes (transfers) state with each resource representation --> Representation State Transfer!

(5)

Representation State Transfer

"Representation State Transfer is intended to evoke an image of how a well-designed Web application behaves: a network of web pages (a virtual state-machine), where

the user progresses through an application by selecting links (state transitions), resulting in the next page (representing the next state of the application) being transferred to the user and rendered for their use."

(6)

Motivation for REST

"The motivation for developing REST was to create an architectural model for how the Web should work, such that it could serve as the guiding framework for the Web protocol standards.

REST has been applied to describe the desired Web architecture, help identify existing problems, compare alternative solutions, and ensure that protocol

extensions would not violate the core constraints that make the Web successful."

(7)

REST - not a Standard

• REST is not a standard. You will not see the W3 putting out a

REST specification. You will not see IBM or Microsoft or Sun

selling a REST developer's toolkit. Why? Because REST is

just an architectural style. You can't bottle up that style. You

can only understand it, and design your Web services in that

style.

• While REST is not a standard, it does prescribe the

use

of

standards:

– HTTP – URL

– XML/HTML/GIF/JPEG/etc (Resource Representations)

(8)

REST and the Web

• The Web is an example of a REST system!

• All of those Web services that you have been

using all these many years - book ordering

services, search services, online dictionary

services, etc - are REST-based Web services.

• Alas, you have been using REST, building

(9)

Learn by Example

• This architectural style is best explained with an example.

• I will present an example of a company deploying 3 Web

services using the REST architectural style, then show how

they would be deployed using SOAP.

(10)

Parts Depot Web Services

• Parts Depot, Inc has deployed some web

services to enable its customers to:

– get a list of parts

(11)

The REST way of Implementing

the Web Services

Response (HTML/XML doc)

W

eb

S

er

ve

r

HTTP GET request URL 1

HTTP response

Response (HTML/XML doc)

HTTP GET request URL 2

HTTP response

HTTP POST URL 3

HTTP response URL to submitted PO

(12)

The REST way of Implementing

the Web Service

• Service: Get a list of parts

– The web service makes available a URL to a parts list resource.

Example, a client would use this URL to get the parts list:

• http://www.parts-depot.com/parts

• Note that how the web service generates the parts list is completely transparent to the client. This is loose coupling.

– The web service may wish to allow the client to specify

whether he/she wants the parts list as an HTML document, or as

an XML document. This is how to specify that an XML

document is desired:

(13)

Data Returned - Parts List

<?xml version="1.0"?>

<p:Parts xmlns:p="http://www.parts-depot.com"

xmlns:xlink="http://www.w3.org/1999/xlink"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=

"http://www.parts-depot.com

http://www.parts-depot.com/parts.xsd">

(14)

The REST way of Implementing

the Web Service

• Service: Get detailed information about a

particular part

– The web service makes available a URL to each part

resource. Example, here's how a client requests a

specific part:

(15)

Data Returned - Part

<p:Part xmlns:p="http://www.parts-depot.com" xmlns:xlink="http://www.w3.org/1999/xlink"

http://www.parts-depot.com/part.xsd"> <Part-ID>00345</Part-ID>

<Name>Widget-A</Name>

<Description>This part is used within the frap assembly</Description>

(16)

Questions and Answers

What if Parts Depot has a million parts, will there be a million static pages? For example: http://www.parts-depot/parts/000000

http://www.parts-depot/parts/000001 ...

http://www.parts-depot/parts/999999

We need to distinguish between a logical and a physical URL. The above URLs are logical. They express what resource is desired. They do not identify a physical object. The advantage of using logical URLs is that changes to the underlying implementation of the resource will be transparent to clients (that's loose coupling!).

Quite likely Parts Depot will store all parts data in a database. Code at the Parts Depot web site will receive each logical URL request, parse it to determine which part is being requested, query the database, and generate the part response document which is returned to the client.

Contrast the above logical URLs with these physical URLs: http://www.parts-depot/parts/000000.html

http://www.parts-depot/parts/000001.html ...

http://www.parts-depot/parts/999999.html

These URLs are clearly pointing to physical (HTML) pages. If there are a million parts it will not be very attractive to have a million static pages. Furthermore, changes to how these parts data is

represented will result in impact all clients that were using the old representation. So, no, there will not be a million static pages.

Q:

(17)

Questions and Answers

What if I have a complex query? For example: "show me all

parts whose unit cost is under $0.50 and for which the quantity

is less than 10". How would you do that with a simple URL?

For complex queries Parts Depot will provide a service to allow a

client to retrieve a form that would then be filled in by the client.

When the client hits "Go" the form would gather up the clients

responses and generate a URL based upon the responses. Thus,

oftentimes the client doesn't generate the URL (think about using

amazon - you start by entering the URL to amazon; from then on

you simply fill in forms and the URLs are automatically created

for you).

Q:

(18)

Questions and Answers

How are REST services described?

In brief, REST services may be described using WSDL and/or

WRDL (Web Resource Description Language). In the future I

will describe more details of how this is accomplished.

Q:

(19)

The REST way of Implementing

the Web Service

• Service: Submit a Purchase Order (PO)

– The web service makes available a URL to submit a PO. The

client creates a PO instance document which conforms to the PO

schema that Parts Depot has designed (and publicized in a WSDL

document). The client submits PO.xml as the payload of an HTTP

POST.

W

eb

S

er

ve

r

PO.xsd PO.xml

HTTP POST

(20)

Submit PO Service (cont.)

• The PO service responds to the HTTP POST with a URL to the submitted PO. Thus, the client can retrieve the PO any time thereafter.

– The PO has become a piece of information which is shared between the client and the server. The shared information (PO) is given an address (URL) by the server and is exposed as a Web service.

W

eb

S

er

ve

r

PO.xml HTTP Response

(21)

Characteristics of a REST-based

Network

• Client-Server: a pull-based interaction style: consuming components pull representations.

• Stateless: each request from client to server must contain all the information necessary to understand the request, and cannot take advantage of any stored context on the server.

• Cache: to improve network efficiency responses must be capable of being labeled as cacheable or non-cacheable.

• Uniform interface: all resources are accessed with a generic interface (e.g., HTTP GET, POST, PUT, DELETE).

• Named resources - the system is comprised of resources which are named using a URI.

(22)

SOAP Version

• We have taken a look at how Parts Depot

may implement its services in a RESTful

manner.

(23)

Implementing the Web Services

using SOAP

Request (XML doc) Response (XML doc)

W

eb

S

er

ve

r

SOAP envelope HTTP POST URL 1 HTTP Response getPartsList() Request (XML doc) Response (XML doc) HTTP POST URL 1

HTTP Response SOAP Server getPart(id)

Note the use of the same URL (URL 1) for all transactions. The SOAP Server parses the SOAP message to determine which method to invoke. All SOAP messages are sent using an HTTP POST.

PO

(XML doc) HTTP POST _{URL 1}

submit(PO)

Response

(24)

Note about the SOAP URI

URL 1

SOAP

Server

HTTP POST HTTP POST

HTTP POST

It is not a SOAP requirement all messages be funneled to the same URL:

However, it is common among SOAP vendors to follow this practice. For example, here is the URL for all requests when using Apache SOAP:

[host]/soap/servlet/messagerouter

getPartsList()

getPart(id)

(25)

Implementing the Web Service

using SOAP

• Service: Get a list of parts

– The client creates a SOAP document that specifies the

procedure desired.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body>

<p:getPartsList xmlns:p="http://www.parts-depot.com"/> </soap:Body>

</soap:Envelope>

Then the client will HTTP POST this document to the SOAP server at: http://www.parts-depot.com/soap/servlet/messagerouter

(26)

Data Returned - Parts List

<p:getPartsListResponse xmlns:p="http://www.parts-depot.com"> <Parts>

<Part-ID>00345<Part-ID> <Part-ID>00346<Part-ID> <Part-ID>00347<Part-ID> <Part-ID>00348<Part-ID> </Parts>

<p:getPartsListResponse> </soap:Body>

</soap:Envelope>

Note the absence of links. Why is this? A URL that points to a SOAP service is meaningless since the URL to a SOAP service is just to the SOAP server. Thus, the URL would need to be supplemented with some indication of which method to invoke at that URL.

(27)

Implementing the Web Service

using SOAP

• Service: Get detailed information about a particular part

– The client creates a SOAP document that specifies the procedure

desired, along with the part-id parameter.

<p:getPart xmlns:p="http://www.parts-depot.com"> <part-id>00345</part-id>

</p:getPart>

</soap:Body> </soap:Envelope>

Again, the client will HTTP POST this document to the SOAP server at: http://www.parts-depot.com/soap/servlet/messagerouter

Note that this is the same URL as was used when requesting the parts list.

(28)

Data Returned - Part

<p:getPartResponse xmlns:p="http://www.parts-depot.com"> <Part-ID>00345</Part-ID>

<Name>Widget-A</Name>

<Description>This part is used within the frap assembly</Description> <UnitCost currency="USD">0.10</UnitCost>

(29)

Implementing the Web Service

using SOAP

• Service: Submit a Purchase Order (PO)

– The client creates a SOAP document that contains a PO instance

document (which conforms to the PO schema that Parts Depot has

created)

<p:PurchaseOrder xmlns:p="http://www.parts-depot.com"> ...

</p:PurchaseOrder>

Once again, the client will HTTP POST this document to the SOAP server at: http://www.parts-depot.com/soap/servlet/messagerouter

Note that this is the same URL as was used with the other two services.

(30)

Data Returned - PO

Acknowledgment

<p:PO-SubmittalResponse xmlns:p="http://www.parts-depot.com"> <PO-ID>x-010123fjdsk390f</PO-ID>

</p:PO-SubmittalResponse> </soap:Body>

</soap:Envelope>

(31)

Contrasting REST and SOAP

• On the next slides I will contrast REST and SOAP

in terms of:

– Proxy Servers (Web intermediaries)

– Transitioning state in a client application

– Caching (i.e., performance)

– Web evolution (semantic Web)

– Generic interface (versus custom interface)

– Interoperability

(32)

Letter Analogy

• My company has a receiving warehouse. All letters and packages first go there, and from there they are distributed.

• A SOAP Server is analogous to the receiving warehouse - the SOAP Server receives all incoming SOAP messages and then distributes each message to the appropriate

application for processing.

• However, there is one big difference:

– No one in the receiving warehouse is allowed to look inside any letter or package. All decisions about what to do with letters/packages must be made purely by looking at the addressing on the outside. Any attempt to look inside of letters/packages is a violation of Federal Law (U.S.).

– A SOAP Server, on the other hand, is able to "peek inside" the SOAP envelope. In fact, it must do so because the actual target resource is not specified on the outside, but rather, is hidden within the envelope.

• With REST all decisions are made based upon the URL and HTTP method.

(33)

Proxy Servers

• Consider this scenario:

– A company has deployed 3 resources - Resource 1, Resource

2, and Resource 3

– A client wishes to access Resource 1 (get a representation of

Resource 1)

– All client requests go through a proxy server

– The proxy server enforces the policy that access to Resource

2 and Resource 3 is allowed. However, Resource 1 is off

limits (for example, suppose that Resource 1 is

Hotmail, and

the

client's

company policy prohibits accessing Hotmail

(34)

Web Server

Resource 1

Resource 2

Resource 3 Proxy

Server

http://www.somewhere.org/Resource1

“You’re not allowed to access Resource 1”

(35)

REST and Proxy Servers (cont.)

• The URL identifies the resource that is

desired (e.g., Resource 1)

• The HTTP method identifies the desired

operation (e.g, HTTP GET)

• A proxy server can decide, based upon the

identified resource, and the HTTP method

whether or not to allow the operation.

Desired resource

Method

(36)

Web Server

Resource 1

Resource 2

Resource 3 Proxy

Server

http://www.somewhere.org/soap-server

SOAP Server

“I can’t determine if the message is allowed since I don’t know what Resource it is targeting [that

information is hidden in the Envelope]”

(37)

SOAP and Proxy Servers (cont.)

• The URL is not to the target resource, but rather to a SOAP

server. This makes it harder, and less likely, for a proxy

server to determine which resource is actually being targeted.

• The proxy server would need to look inside the SOAP

message to determine which resource is being requested.

– Further, the proxy server would need to understand the semantics of the message:

</getResource> </soap:Body> </soap:Envelope>

Does this mean that the client is trying to access Resource 1? The proxy server must understand the semantics of every SOAP

(38)

SOAP and Proxy Servers (cont.)

Proxy Server

SOAP message

"What resource is this SOAP message trying to access? What is it trying to do with the resource?"

There are 2 ways to implement the proxy server:

1. Program the proxy server to understand the semantics of each SOAP application that a client will access. This approach is not scalable - for each new SOAP application the proxy server will need to be updated.

(39)

Web Intermediaries

• A proxy server is one example of a Web intermediary. Other

examples are gateways, caches, etc. A typical Web request

may be routed through multiple intermediaries.

• A Web intermediary will have a much greater chance of

making reasonable decisions when a client's request shows, in

the clear, the targeted resource, and the method requested is

understood.

• As we have seen with SOAP both the targeted resource, as

well as the requested method is nested within the SOAP

envelope, thus making it much more difficult for

(40)

State Transitions

• Let us consider a client application as a

state machine - each resource representation

that it receives causes it to transition to the

next state.

S0 Receive Resource 1_{Representation} S1 Receive Resource 2_{Representation} S2 ...

(41)

State Transitions in a

REST-based Network

S0 S1

Receive Resource 1 Representation S2a S2b S2c 2a 2b 2c

Receive Resource 2a Representation

3a 3b

S3a

S3b

Receive Resource 3b Representation

4a 4b 4c

(42)

State Transitions in a

REST-based Network

Recall the Parts Depot example. The parts list resource returns this representation:

<p:Parts xmlns:p="http://www.parts-depot.com"

xmlns:xlink="http://www.w3.org/1999/xlink"

http://www.parts-depot.com/parts.xsd">

This document contains hyperlinks to resources that provide detailed

information about each part. When a client application follows one of the

(43)

State Transitions in a

REST-based Network

Question: If I am sitting at a browser then I can understand how the decision is made on which hyperlink to select (my brain decides). But if this is all being done programmatically, without human intervention, then how will the decision be made on which hyperlink to select?

Answer: The XML hyperlinking technology is XLink. With this technology in addition to providing a URL to the target resource, you can also provide data about the resource you are linking to (using xlink:role). If the

client application is able to understand the semantics of xlink:role then it will be able to make a decision on which resource to choose next.

This is ultra cool - the application is dynamically making decisions

about what resources to access (it is becoming a self-propelled automata). If the client application is not able to evaluate the xlink:role attribute

(44)

State Transitions in a

SOAP-based Network

S0 S1

Receive SOAP from Application 1

S2a

S2b

S2c

Receive SOAP from Application 2a

S3a

S3b

Receive SOAP from Application 3b

(45)

State Transitions in a

SOAP-based Network

Recall the Parts Depot example. The parts list resource returns this SOAP document:

<p:getPartsListResponse xmlns:p="http://www.parts-depot.com"> <Parts>

<Part-ID>00345<Part-ID> <Part-ID>00346<Part-ID> <Part-ID>00347<Part-ID> <Part-ID>00348<Part-ID> </Parts>

<p:getPartsListResponse>

(46)

Why don't SOAP Documents

Contain Hyperlinks?

• In a pure SOAP system, that is where all accesses

are to SOAP-based Web services, then each SOAP

document will be an island.

• The reason for this is simple: with SOAP a URL is

meaningless by itself. The URL just points to a

SOAP server. To be useful the URL must be

accompanied by the SOAP message.

(47)

Caching (i.e., performance)

• In a network-based application it is

(48)

REST and Caching

Web Server

Resource 1 Cache

Server

http://www.somewhere.org/Resource1

“I have a copy in my cache. Here it is.”

2a 2b

(49)

REST and Caching (cont.)

• The results of a resource request contains an indication in

the HTTP header of whether these results are cacheable

(and when the data will become stale).

• If the HTTP header says that it is cacheable, then cache

servers can make a local copy.

• Later, if a client requests the same resource then the client

can return a cached copy.

Cache Server Desired resource

Method = GET

Forward request

(50)

SOAP and Caching

• When you submit a SOAP message it is always with an HTTP POST,

even though the intent of the message may be to "get" data.

– So a cache server would not know from the HTTP method whether the client is doing a request.

• A SOAP URI is always to the SOAP server, not to the actual target

– Consequently, a cache server would not know from the URI what resource is being requested.

• Thus, with a SOAP message the cache server cannot determine (1) if

data is being requested, nor (2) what resource is being requested.

– Conclusion: No caching possible with SOAP!

Cache Server URI to SOAP Server

Method = POST

"I don’t know what is the target resource. Furthermore, I don't even know if the resource is being requested. So, I must

(51)

Evolving the Web

(Semantic Web)

• The vision of Tim Berners-Lee is to turn the Web into a semantic

Web[1].

• One of the key components of his vision is that every resource on the

Web have its own URI.

– Axiom 0: Universality 1

• Any resource anywhere can be given a URI

– Axiom 0a: Universality 2

• Any resource of significance should be given a URI.

• The REST style is consistent with this vision - every resource has a

logical URI.

• SOAP URI's are funneled through a single URI to the SOAP server.

This is not consistent with the semantic Web vision.

(52)

Generic Interface

• A key feature of REST (and the Web) is that every

resource have a generic interface. Namely, access to every

resource is accomplished using HTTP GET, POST, PUT,

and DELETE.

• We have seen how the combination of a URI and a generic

method set {URI, method} enables Web components to

perform useful work:

– Proxy Server(URI, method) -> accept/reject

(53)

Generic Interface (cont.)

• With SOAP there is no defined set of

methods. Each SOAP application is free to

define its own set of methods.

(54)

Interoperability

• The key to interoperability is standardization. The

reason why independent resources on the Web are able

to interoperate today is because the Web has

standardized on:

– Addressing and naming resources -> URI

– Generic resource interface -> HTTP GET, POST, PUT,

DELETE

– Resource representations -> HTML, XML, GIF, JPEG, etc

– Media types -> MIME types (text/html, text/plain, etc)

(55)

Interoperability (cont.)

• SOAP depends much more on

customization:

– Addressing and naming resources -> each SOAP

message provides its own unique method of naming a

resource

(56)

Processing the Request/Response

Payload

• With both REST and SOAP you need prior

agreement on the semantics of the data.

<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <p:getPartsListResponse xmlns:p="http://www.parts-depot.com"> <Parts> <Part-ID>00345<Part-ID> <Part-ID>00346<Part-ID> <Part-ID>00347<Part-ID> <Part-ID>00348<Part-ID> </Parts> <p:getPartsListResponse> </soap:Body> </soap:Envelope> <?xml version="1.0"?> <p:Parts xmlns:p="http://www.parts-depot.com" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://www.parts-depot.com http://www.parts-depot.com/parts.xsd">

(57)

Processing the Request/Response

Payload

• Note: if the payload is in the format of RDF or DAML

then the client application may be able to dynamically

learn the meaning of the response data.

(58)

Recommendation

• In the context of the Web, the REST approach is the preferred and most cost-effective architectural style for implementing services due to its scalability, its ability to allow dynamic connectivity without prior planning, its ability to enable independent evolution of clients and services, and its built-in support for caching and security.

• There are several major problems with using SOAP in the Web environment:

– The resource being targeted is not known simply from the URL. It is hidden within the SOAP message. – The method being invoked is not known from the HTTP method. It is also hidden within the SOAP

message.

– The set of methods is completely arbitrary. Every SOAP application is free to define its own set of methods.

• As we have discussed these problems create an impedance mismatch with today's Web - SOAP messages cannot be utilized by proxy servers, cache servers, etc. The lack of URLs within SOAP messages is very foreign to the Web, and isolates itself from the Web. Finally, the evolution of the Web is where every resource is identified with a URI. SOAPs clumping of resources behind a single URI is contrary to the Web vision.

(59)

REST Best Practices

1. Provide a URI for each resource that you want (or will want) exposed. This is consistent with Tim Berners-Lee's axioms for the Web, as well as the W3 TAG recommendations.

2. Prefer URIs that are logical over URIs that are physical. For example:

Prefer:

http://www.boeing.com/airplanes/747 Over:

http://www.boeing.com/airplanes/747.html

Logical URIs allow the resource implementation to change without impacting client applications.

3. As a corollary to (2) use nouns in the logical URI, not verbs. Resources are "things" not "actions".

4. Make all HTTP GETs side-effect free. Doing so makes the request "safe".

5. Use links in your responses to requests! Doing so connects your response with other data. It enables client applications to be "self-propelled". That is, the response itself contains info about "what's the next step to take". Contrast this to responses that do not contain links. Thus, the decision of "what's the next step to take" must be made out-of-band.

6. Minimize the use of query strings. For example:

Prefer:

http://www.parts-depot.com/parts/00345 Over:

http://www.parts-depot.com/parts?part-id=00345

(60)

REST Best Practices (cont.)

7. Use the slash "/" in a URI to represent a parent-child, whole-part relationship.

8. Use a "gradual unfolding methodology" for exposing data to clients. That is, a resource representation should provide links to obtain more details.

(61)

References

• Paul Prescod has written several excellent articles on

REST:

– Second Generation Web Services

• http://www.xml.com/pub/a/2002/02/06/rest.html

– REST and the Real World

• http://www.xml.com/pub/a/2002/02/20/rest.html

– SOAP, REST and Interoperability

• http://www.prescod.net/rest/standardization.html

Directory UMM :Networking Manual:computer_network_books:

Roger L. Costello

suggestions:

Why is it called

Representation State Transfer

REST - not a Standard

can only understand it, and design your Web services in that

– HTTP – URL

REST and the Web

Learn by Example

Parts Depot Web Services

HTTP POST URL 3

The REST way of Implementing

– The web service may wish to allow the client to specify

The REST way of Implementing

Data Returned - Part

Questions and Answers

Questions and Answers

client to retrieve a form that would then be filled in by the client.

you simply fill in forms and the URLs are automatically created

The REST way of Implementing

HTTP POST

Submit PO Service (cont.)

Characteristics of a REST-based

SOAP Version

Note about the SOAP URI

HTTP POST HTTP POST

Implementing the Web Service

Data Returned - Parts List

Implementing the Web Service

Data Returned - Part

Implementing the Web Service

Data Returned - PO

• On the next slides I will contrast REST and SOAP

Proxy Servers

2 and Resource 3 is allowed. However, Resource 1 is off

REST and Proxy Servers (cont.)

SOAP and Proxy Servers (cont.)

message to determine which resource is being requested.

SOAP and Proxy Servers (cont.)

Web Intermediaries

the clear, the targeted resource, and the method requested is

• Let us consider a client application as a

State Transitions in a

State Transitions in a

State Transitions in a

Why don't SOAP Documents

SOAP server. To be useful the URL must be

REST and Caching (cont.)

can return a cached copy.

• A SOAP URI is always to the SOAP server, not to the actual target

Evolving the Web

• The REST style is consistent with this vision - every resource has a

resource have a generic interface. Namely, access to every

Generic Interface (cont.)

to interoperate today is because the Web has

• SOAP depends much more on

agreement on the semantics of the data.

Payload

REST Best Practices

REST Best Practices (cont.)

• Paul Prescod has written several excellent articles on

– Evaluating XML for Protocol Control Data