rest - What can go wrong if we do NOT follow RESTful best practices? -


tl;dr : scroll down last paragraph.

there lot of talk best practices when defining restful apis: http methods support, http method use in each case, http status code return, when pass parameters in query string vs. in path vs. in content body vs. in headers, how versioning, result set limiting, pagination, etc.

if determined make use of best practices, there lots of questions , answers out there best practice doing given thing. unfortunately, there appears no question (nor answer) why use best practices in first place.

most of best practice guidelines direct developers follow principle of least surprise, which, under normal circumstances, enough reason follow them. unfortunately, rest-over-http capricious standard, best practices of impossible implement without becoming intimately involved it, , drawback of intimate involvement tend end application being tightly bound particular transport mechanism. so, people (like me) debating whether benefit of "least surprise" justifies drawback of littering application rest-over-http concerns.

a different approach examined alternative best practices suggests our involvement http should limited bare minimum necessary in order application-defined payload point point b. according approach, use single rest entry point url in entire application, never use http method other http post, never return http status code other http 200 ok, , never pass parameter in way other within application-specific payload of request. request either fail delivered, in case responsibility of web server return "http 404 not found" client, or delivered, in case delivery of request "http 200 ok" far transport protocol concerned, , else might go wrong point on exclusively application concern, , none of transport protocol's business. obviously, approach kind of saying "let me show stick best practices".

now, there other voices things not simple, , if not follow restful best practices, things break.

the story goes example, in event of unauthorized access, should return actual "http 401 unauthorized" (instead of successful response containing json-serialized unauthorizedexception) because upon receiving 401, browser prompt user of credentials. of course not hold water, because rest requests not issued browsers being used human users.

another, more sophisticated way story goes usually, between client , server exist proxies, , these proxies inspect http requests , responses, , try make sense out of them, handle different requests differently. example, say, somewhere between client , server there may caching proxy, may treat requests exact same url identical , therefore cacheable. so, path parameters necessary differentiate between different resources, otherwise caching proxy might ever forward request server once, , return cached responses clients thereafter. furthermore, caching proxy may need know request-response exchange resulted in failure due particular error such "permission denied", again not cache response, otherwise request resulting in temporary error may answered cached error response forever.

so, questions are:

besides "familiarity" , "least surprise", other reasons there following rest best practices? these concerns proxies real? caching proxies dumb cache rest responses? hard configure proxies behave in less dumb ways? there drawbacks in configuring proxies behave in less dumb ways?

it's worth considering you're suggesting way http apis used designed 15 years or so. api designers tending move away approach these days. have reasons.

some points consider if want avoid using rest on http:

  • rest on http efficient use of http/s transport mechanism. avoiding rest paradigm runs risk of every request / response being wrapped in verbose envelopes. soap example of this.

  • rest encourages client , server decoupling putting application semantics standard mechanisms - http , xml/json (or others data formats). these protocols , standards supported standard libraries , have been built on years of experience. sure, can create own 'unauthorized' response body 200 status code, rest frameworks make unnecessary why bother?

  • rest design approach encourages view of distributed system focuses on data rather functionality, , has proven useful mechanism building distributed systems. avoiding rest runs risk of focusing on rpc-like mechanisms have risks of own:

    • they can become fine-grained , 'chatty'
    • which can inefficient use of network bandwidth
    • which can tightly couple client , server, through introducing stateful-ness , temporal coupling beteween requests.
    • and can difficult scale horizontally note: there times when rpc approach better way of breaking down distributed system resource-oriented approach, tend exceptions rather rule.

  • existing tools developers make debugging / investigations of restful apis easier. it's easy use browser simple get, example. , tools such postman or restclient exist more complex rest-style queries. in extreme situations tcpdump useful, browser debugging tools such firebug. if every api call has application layer semantics built on top of http (e.g. special response types particular error situations) lose value of tooling. building soap envelopes in postman pain. reading soap response envelopes.

  • network infrastructure around caching can dumb you're asking. it's possible around have think , inevitably involve increased network traffic in situations it's unnecessary. , caching responses repeated queries 1 way in apis scale out, you'll need 'solve' problem (i.e. reinvent wheel) of how cache repeated queries.

having said that, if want pure message-passing design distributed system rather restful one, why consider http @ all? why not use message-oriented middleware (e.g. rabbitmq) build application, possibly sort of http bridge somewhere internet-based clients? using http pure transport mechanism involving simple 'message accepted / not accepted' semantics seems overkill.


-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more