REST: It's not just for servers

Video thumbnail (Frame 0) Video thumbnail (Frame 4995) Video thumbnail (Frame 12689) Video thumbnail (Frame 20106) Video thumbnail (Frame 23644) Video thumbnail (Frame 34128) Video thumbnail (Frame 46137) Video thumbnail (Frame 53411)
Video in TIB AV-Portal: REST: It's not just for servers

Formal Metadata

REST: It's not just for servers
Title of Series
Part Number
Number of Parts
CC Attribution - ShareAlike 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
Have you ever written or used an API wrapper for a webservice? REST is a client-server architecture model and building the server is only half of the challenge. This talk will walk through some of the challenges of building a REST client, describe some best practices and some patterns to avoid, and discuss how we can all work to build better APIs for an open web.
Group action Building Connectivity (graph theory) Source code Mereology Graph coloring Scalability Field (computer science) Hypothesis Twitter Latent heat Goodness of fit Web service Term (mathematics) Hypermedia Physical system Noise (electronics) Dependent and independent variables Constraint (mathematics) File format Moment (mathematics) Independence (probability theory) Representational state transfer Cartesian coordinate system Arithmetic mean Word Website Family Marginal distribution Communications protocol
Axiom of choice Context awareness Group action Code State of matter Multiplication sign 1 (number) Client (computing) Food energy Facebook Web service Mechanism design Mathematics Computer configuration Hypermedia Physical system Area Covering space Constraint (mathematics) Wrapper (data mining) Electronic mailing list Cloud computing Representational state transfer Flow separation Dynamic Host Configuration Protocol Type theory Message passing Uniformer Raum System identification Website Quicksort Web page Server (computing) Mobile app Open source Link (knot theory) Connectivity (graph theory) Web browser Rule of inference Event horizon Scalability Twitter Revision control Term (mathematics) Touch typing Proxy server Dot product Dependent and independent variables Interface (computing) Uniqueness quantification Gender Projective plane Independence (probability theory) Cartesian coordinate system System call Computer animation Web-Designer Personal digital assistant Blog
Gateway (telecommunications) Building State of matter Code Sheaf (mathematics) Set (mathematics) Client (computing) Function (mathematics) Data dictionary Avatar (2009 film) Mathematics User profile Software framework Physical system Vulnerability (computing) Area Email Block (periodic table) Wrapper (data mining) Digitizing Software developer Electronic mailing list Bit Representational state transfer Instance (computer science) Type theory Repository (publishing) Auditory masking Purchasing Trail Server (computing) Link (knot theory) Web browser Number Revision control Business object Profil (magazine) Energy level Computer-assisted translation Domain name Dependent and independent variables Information Gender Interactive television Database Cache (computing) Inversion (music) Word Computer animation Integrated development environment Statement (computer science) Object (grammar) Table (information) Communications protocol Computer worm Library (computing)
Complex (psychology) Building Group action Code Length State of matter Client (computing) Disk read-and-write head Mereology Direct numerical simulation Facebook Mathematics Bit rate Computer configuration Core dump Software framework Series (mathematics) Area Email Mapping Wrapper (data mining) File format Software developer Keyboard shortcut Electronic mailing list Bit Representational state transfer Demoscene Type theory Data management Message passing Digital photography Arithmetic mean Process (computing) Hash function Ring (mathematics) Mathematical singularity Website Bounded variation Resultant Row (database) Spacetime Point (geometry) Web page Slide rule Trail Server (computing) Link (knot theory) Divisor Electronic data interchange Real number Online help Web browser Template (C++) Attribute grammar Revision control Business object Profil (magazine) String (computer science) Computing platform Domain name Default (computer science) Dependent and independent variables Inheritance (object-oriented programming) Copyright infringement Gender Limit (category theory) Cartesian coordinate system System call Uniform resource locator Computer animation Password Video game Object (grammar) Table (information) Abstraction Library (computing)
Computer animation Lecture/Conference Moment (mathematics)
and it just at the time and so it and then by all as in my name's mark that I work at Texas Consulting Group and and just get 3 teachers of is why out where you know the 1 the tweet get any anything that you have of and this is the part of the talk from source to tell you noise margin was the main the I got technical director cactus group on a co-author of light Django and i we we build resting the eyes and cactus we interact with a lot of rest API as cactus this is really really of know about both sides in this uh the end my examples here are in Python is is you my example varies as you might imagine from but it's not a really Django specific about this and it's more about the rest of as a concept a Cyrillic a full introduction like this is this is the real meaning of this is me with my family the completely broken with the greatest smile in an unbelievable amount of pain like this is when I'm real and that only happens for like a few fleeting moments every year the cyclone rest 1 what is rest the but sometimes it feels like just a marketing term it feels like something like responsive people use it I wrote it means sounds good color site response what color API rests but it means something at stands for Representational State Transfer this concept is defined by Roy Fielding PhD thesis of at UC Irvine in 2000 you can determine its better used by web services and marketing teams basically every day since the In rest is not of format or protocol the it's an architectural styles it's a way of building applications in his thesis is stated as an architectural style for building distributed hypermedia system the it emphasizes the scalability generality independent deployment reusable components even more buzz words and things people want the the but there some constraints
the if you want your API to be RESTful you need to satisfy some rules the 1st these rules that needs to be a client-server model and the server needs to be stateless so no client context should be stored on the server of between requests the system should be cacheable the layers a client should know whether it's talking directly to the server or in intermediary proxy there should be a uniform interface and how the client server talk to 1 of should be a unique identification of resources self-descriptive messages passed between the client and server and there's an optional code on demand and it's kind of weird to ruminate plus it's not in touch on this so again when you when you bite into this when you can get have say I want a bill RESTful service I'm a client-server model and then build these stateless server these amazingly felt scripted messages when you get to that the while you're supposed to get performance In terms of scalability simplicity modifiability this comes from again this cacheability this separation of concerns that cases can be helped of scale independent so it's not surprising that this is an extraordinary popular architectural style of late if you name a web service and it probably has what it calls arrest laid the social media sites Twitter Facebook Instagram interest Cloud services in US or Rackspace per OpenShift CloudFoundry the list just goes on and on and on and on and those are just the ones that have public API so many people use this just in time they build mobile applications on top of rest the of energy public API as just love love open-source Klein uh that's what this talk is about it's about the client this is 1 of the coolest things I think that that is happening around when the opening up public API as through through often whatever mechanisms you have is why there worked where clients before there was the 1 true and why you have services like Travis that run on top of of and how Travis can call cover roles and Travis can deploy to these de-coupling of services but again scale independently is are built independently of the it's a that's that's what the dream of rest areas of and it happens again with 2 components 1 you need a server if you will learn how to build a server of RESTful servers Django there and then like a half a dozen talked already about that's not just this talk is about the clients and particularly the challenges for clients the some of these come from being the client and some of these come from just the interaction but between the client and server sometimes you think well his the the the issue the HCP I understand as a web developer I can just import religion or import requests and I can just start going in writing a client it sort of works when you brain said so early on getting 1 the worthwhile is hard and maintaining 1 as an API strange what his horse there's a technical challenges that we're going to cover and what and look through as non technical challenges like really terrible Terms of Service which cannot for the so what are some of the technical challenges uh and they're the things that changing in
the eyes when you're talking to a public API you don't have a choice of how it at each it's a client-server model and you don't get to have any say on the other half that's frustrating hard but it means potentially supporting multiple versions of the API client wrapper but making clear which versions you are supporting understanding how that server versions content which is a hotly debated topic rest so for example at Twitter deprecated there 1 0 API now all the or else have a 1 . 1 and these the 2 Urals in particular are the ones that it me in a project they change they have identical responses which is even more frustrating and there is a two-character change then that broke site of World War the ended up but these are this is a relatively simple and easy change to make a larger changes further to take the ice can be harder to deal with a few years ago Twitter got rid of their basic often this which everything all and a funny story that we actually have a client a couple years ago the wonders of brain a site a site was running gender 1 so we have created 1 5 the and there is a piece of a site where they could tweet things that happen can new blog posts and come up and they could hit a button and tweet about it and use basic off and I as diplomatically as I could said up is anyone using these events and they would check whether anyone is using this piece but I was fairly certain they were not using the peace because they had worked in 2 years so they eventually agreed that we can remove it rather than updating the clients are because and and the a big challenge for clients is servers of In particular servers that really don't meet when I say all of the of all the constraints of that are a necessary In particular the the uniform interface constraint is defined defines the concept of hypermedia as the engine of application state the the usually shortened like this I not entirely sure how to pronounce but it's not unusual he implemented in a way that's helpful climb and there's again debate as to whether if necessary whether it's helpful I will tell you it is helpful and I will show you how it's helpful the idea is that the you should build discoverable API that the server should tell the client how it can navigate through the attack how can find resources that exist how to navigate through the this should really be a such a controversial topic this is exactly how we build websites and tell we have links on pages you navigate through them find related pages we have forms the forms had actions and they tell the browser where to submit and how to submit uh days of the same types of concepts here the and when you don't have a discoverable API how is the API discovered it's discovered by humans and humans are terrible you have to read a giant pile dots and again when it's going to change clients don't know humans have to know in humans have to read more docs no so instead of relying on documentation to build discoverable in the eyes the how do you build and discover way I have an example of a change that that but it may and you not to see
the whole example this is my BitBucket profile on version 1 of the bit that there's a tiny little section at the top which is my user profile information which is what I asked for then there's a whole pile of information I didn't ask which is every repository that I have all of the information about every repository their hand and although some information about all the works that I've created down downline in scroll bar and how ridiculously long as responses and I need to use the bucket and much like 5 repositories what began in version 2 was they normalized list if you would like in in a database sense when I ask for my profile inversion to the API I actually get my profile information at the top level it's not very into a user the and then beyond that there is a set of links they say want other information about this user here's where you can find you can find the repositories here you can find marks followers here you can find my avatar are over here the the the and then going back to the keynote you can think about how these can be cast differently the In this 1st response when anything about any 1 of my repositories changes this cash response has to be invalid now here I have a small concise payload I can be cached when I asked for my profile when my repositories change this response doesn't change so this those are a couple challenges on on the server side building RESTful clients is also a
challenge because some environments have weak H piece of work this is typically in a browser based environment as well developers you probably don't get to always use by non to do your API interactions and when I say that some browsers have rekishi peace support I mean i.e. has terrible is piece for me do cu words our cross cross domain from request especially completely broken and is no delete or put so we need to cross domain of the requests the content type is broken a all the things you would want we really building a robust the API is not there nice the and so servers need to work around and of gender rest framework as many of you have talked on your today have ways of doing this there's an a commonly used up TCP header called method override to say this is a post but it should have been and delete so treat like interleaved our if you control the server that's a facility that you have and if you don't control the server a 1 of the biggest problems for clients so is managing stick said its state now the client-server model and it should be stated all entirely state with the protocol statements instantaneously the the server status guess who has to manage state the guy as like herding cats it's a pain and particularly in trying to build a general client libraries managing state is difficult you don't know what state the person who continued your client is interested in but they need help them with some some basic piece that's what we talked about so what what should you do to build a good decline 1 the best practices in building of API climb the well the 1st thing is to build a useful objects and this almost sounds like a tautology or uh if you something stupidly obvious if you wanna build something useful and should return useful objects but you would be surprised if you interviewed have solved how many API clients basically import requests do the request spit back a dictionary block you should provide useful objects that translating dictionaries is J some walls into meaningful business objects the API the and they should help you linked to a related resources should help you perform actions because you're not just asking for dictionary I'm asking for the masking for my user profiles I'm asking for repository the things I wanna do with my my profile of the things I wanna do my repository they and delete my repository maybe I want to see would last commit on my repositories in I want to uh update my user profiles those types of things is what are you should building in a play on clients so here's an example from Twilio Python they're right out in the hall you want about them uh so Twilio he haven't gone to the table I don't have any affiliation with Toyota's a clear and pay me to put this on there no they would be out there further Toyota wants on the the to earlier than SMS gateway and you can purchase numbers while they do more than just the telephone again a translate a SMS voices into http you can purchase new numbers you can send sms as these are all the things you might and when you use the Python Twilio wrapper and you search for available phone numbers you get back 1 of these again instances of available phone number and available phone numbers do 1 thing that's really helpful which is they know how to purchase themselves which is probably why you were searching for available on numbers how users and you you construct an instance of the client with your credentials I a search for phone numbers nine-one-nine area code and then if there's a number of just by the 1st of I don't care what the other digits are just 1 in this area I don't know anything about the Urals as the person using this we don't want to know anything about your that's why and using the climb I wanna know that to do a purchase any need to take the response from the search and the dual post to another place I just wanna purchase at what this rapid this is a great example well of writing rest the another piece of useful information e 1 track brain touched on this a lot of cache headers this is a piece of state but the client needs to track if the server is giving you the tags Last-Modified headers you don't send them back here are holding up here and in this cacheable warranted they it's not but this system is an cacheable if you're not respecting the catch so these useful objects you create for your API clients should help you track of cache headers the this is something that is you take for granted in Python because it just kind of happened to browse your browser's really smart about tracking Etak tracking left not knowing where the resource was held locally but but in Python you need to take a little more so an example of a of a client
library that does this is what you get home for a Python wrapper they have a series of objects and build upon 1 another and the core get home object has a you I fetched I think smart profile and did some things and I'm gonna updated I wanna make sure and got some of the most recent copy before I make my uptake that only 1 update 1 the but this is rest so I have to say on the whole thing so but the body still has the last modified header and finally the ETag that's that's actually handled by the parent class were self modified itself the taxes and this is use like this I would log n the and I can get the users who is currently a lot that's not my get a password don't tried along in without variational Bayes factors is known ever suspect that that this but I get the user who is currently longer and I can see my head at so cool I give you I don't know why but I like that I wanna know what when the tag get help when it when they think of me 125 hash really represents me and I can do a conditional refresh and say getting my profile if it hasn't changed this is the version I have what is the new version of Marx profile it doesn't update that much and the cool thing about this for forget how in particular of if you get a 3 or 4 you get it they're not modified response it does not count toward the API rate and that's probably couldn't have their applications the problem to Cervantes and they they repaid they paid for say this is encountered your API when because it in here is again a response you was not laugh the C 1 and avoid hard coding that is another thing to do when building on it I kinds the you should use the URL of and links that are returned from the server when they're given and we saw the given by big bucket sadly most the bit bucket clients haven't been updated for version 2 the the the use by get how I think that type uh again out 3 pi uses the the response is sent back by by did have their use them as an example the the so a more common place where these are given is pagination would you get a list of things the many as while they don't give you nice block of of of related links on detail pages do usually provide the next or previous URL when you paginate on top so this is Pyrex This is the Rackspace EPI the entire method here is shown it's kind along well but this is their wild DNS of manager see then a search through all the DNS records that you have managed by Rex on a homogeneous record had that song was a 1 page but I will do FIL here you can see it passes of a link from the bodies and so like is there is there next URL is there a previous URL and hold onto it and then when it lists through them it just iterates through them you have this option is a list of all and don't just yield it was keep making API calls you know go through all things more responses assigning affects the next the next 1 the next it's pretty fantastic I can tell you that this hasn't worked for me a before on Facebook where they actually gave me the wrong next URL and I just dilute the return me until I hit the rate limit of but when your server works this works so here say use the setting up the conventions and we're all on pirates the effort that is about is about to iterate through all of the all the all so in their cloudy and as you can search for records and rightfully so the search by default list all results doesn't just search the 1st page of results in will yield all result so I can find all the scenes that set up for example but comments problem areas if you're building a sufferers service platform where you may have a lessee seeming records of the mapping of your domain to climb domain you may have a lot and this is again you have a good and bad what makes it really easy to use it abstracts away the fact that there is pagination here it also Heinz how many API calls this is gonna take it's not immediately obvious how many of the articles that that make or how fast it will make this would make them as fast as I can iterate through the list so but again as as someone using the client I don't I don't want to do that pagination itself so I'm happy that they do this for so there's some some things to do there's 1 thing that I really want you to stop knowing this is my please for the Python community and gender community is to start making rest clients are basically glorified URL builders uh if you were rest Client only build your else like the server has failed the client has failed you're not really doing anything more helpful than just string formatting we're adding like syntactic sugar on top there's nothing you can really make a general REST API Client at this point not enough sanitization message formats yet universal work in that in that space anything claiming to be a general REST API Client is this kind of missing the point in their life the there's no shortcuts right the business objects that come back from arrested behind you have to understand it yet there's no generality that and EEG a castle but different so what what's what's an example I don't mean to pick on the
developers of slumber deprive a real meaning people but this is 1 that attempts to be a general REST API and it's very clever Python this is exceptionally clever pipe it translates method calls and attribution into your house fantastic it looks so promising but it gives you back dictionary blobs the which you then need to translate and of to make additional calls like this the put call here to do the update to do the delete and these objects don't know how to do themselves they don't know how to update themselves the I and when you look at this again it looks so elegant it looks like a python I love to read but what is come here and here is that when the API changes from note to notes plural because it is kind of awkward to have these links fault singular resource names I could change all of these calls this client hasn't saved me anything In fact it's added a layer of abstraction that I'm still building the URL so I could have done this with string formatting I I still have to translate all the objects doesn't help me with fashion it's just it's and added syntactic sugar over building your so please don't do that just to summarize we talked about we talk about rest rest of a client-server model the and servers or a completely useless without clients fact I don't know you can really call something arrest API doesn't have a client because it's a client-server model so the if you're going to build a REST API I would encourage you to try to write a climb understand the pain of navigating your API with climb and don't just show examples that have 1 request it's really easy to make 1 request it's hard to manage state over requests do you know tracking of this profile that I wanna later up to show large examples treat your API just like you treat your website make it discoverable browsable think about how clients for going navigate and find the data that they want how they didn't do that actions that they need to do the up but again again I think that REST API generous framework does a great job with this with the browsable EDI and you get this experience in the browser kind click-through handling get the next piece of data In this is like documentation when you have to explain how something works you realize how terrible it works and you get to redesign before it's too late so some some Hindi resources because there's like fear of links to the slides the original teasers and this all rant on by Broadway feeling about REST API as must be paper text written is part C. about constructing URI templates if you more complex templates assignment that get help does and a Python library users the length of the new example 1 didn't and linked to slumber condition last year the photo credits the thank you for listening and i'm more of ring way Django actually have few pre-release copies and assignment 12 30 at the cactus table of the 1 that you would come by will have 1 on the table the 1 I flip through and look at it but thanks for listening and build great APS at
the moment and this is in in the in the in the