Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am studying for a developer certification and I have some doubt related to the general concept of REST and REST Web Services.
From what I can understand REST is more related to software\network architecture style consisting of guidelines and best practices for creating scalable web services respect to a specific technology (differently from SOAP that is a specific implemented network protocol).
The first doubt is: "is REST related only to web services implementation or can be related also to other purposes? If it could be related to other purposes what are?
So from what I can understand using this REST style the messagges are send and receive directly using the HTTP protocol without using an intermediate protocol as SOAP.
I know that REST is statless (does not maintain information about previous states) so if I use the REST style I can't use the Http Session or coockies to mantain informations about what happens before. If it is true, why? what is the benefit of a statles managment? What is the difference with SOAP? Is SOAP statefull? (it seems to me not but I can say wrong things).
Using REST style the resources are modelled as noun, for example:
http://mybank.com/banking/accounts/123456789
And then I can perform a limited set of operations on these resources, operations described by: GET, PUT, POST, DELETE
Reading on the course documentation it say that these operations are the default operation in case of the architecture works over Http protocol. So are these operations the only operations that I can perform or can be used others? Can you explain me this thing?
Maybe I have a big gap in the Http protocol knowledge, I only know that Http protocol only supports the POST and GET operations. So what exatly are these PUT and DELETE operations? Are Http protocol specific operations as GET and POST? What is the difference between PUT and POST? and why REST architecture use PUT instead POST?
Tnx
REST describes guidelines and best practices to design an efficient architecture for the Web.
Can I suggest you to read these two posts? I think that they could help to answer deeply your questions about resources, operations, representations...
https://templth.wordpress.com/2014/12/15/designing-a-web-api/ - Designing a Web API (i.e. RESTful Web services)
https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/ - How to handle security for RESTful Web services
Yes, normally RESTful applications are stateless. This means that you should keep states on the server-side. In the case of security, you need to authenticate users at each request. That said, since Cookies are part of HTTP, you could leverage them within your application.
Hope it helps,
Thierry
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am new to web application design. It seems contemporary web applications usually take this form:
Front-end leverage various JS frameworks to built the UI.
Then front-end invoke back-end web services with JS to exchange XML or JSON data and update the UI accordingly.
Back-end is separated into tiers and expose Web service APIs to whatever external.
Web service APIs also exist for the communication among the back-end tiers.
So the web service APIs should be the critical part to design.
How do we design it? To be specific:
What data/materials are needed to start the design with?
What tools can we use? (I heard about some tools to convert XML into classes.)
And what does the final output of the design look like?
ADD 1
To be specific, suppose there's requirements like this:
Customer should be able to upload and delete certain files from the
file repository.
Customer must be authenticated before modifying the files on file repository.
How can I convert it into detailed API spec, and then concrete class definition?
A related link: http://piwik.org/blog/2008/01/how-to-design-an-api-best-practises-concepts-technical-aspects/
ADD 2 - Regarding RESTful
After reading some books, I came to this:
RESTful architecture is just one of the many ways to integrate
applications. It leverages Web standards in the hope of making the
integration simple and natural. Resources are identified by URLs,
manipulated with HTTP methods, and transferred in certain serialization
form at the convenience of the integrated parties.
To create a Web API (i.e. RESTful service), you need to follow REST principles. I think that this link could give you some hints about the design of RESTful services / Web API: http://restlet.com/blog/2015/03/16/designing-a-web-api/.
To be short, RESTful services should leverage HTTP methods they are designed for:
method GET: return the state of a resource
method POST: perform an action on the resource (creation of an element in a resource list, ...). Be careful not to use an action name within URLs (something like /elements/some-action-name) because it's not RESTful.
method PUT: update the complete state of a resource
method PATCH: update partially the state of a resource
method DELETE: delete a resource
You need also to be aware that they can apply at different levels, so methods won't do the same things:
a list resource (for example, path /elements)
an element resource (for example, path /elements/{elementid})
Other important things you must consider are:
To use status codes to tell the client if the request is sucessful (2xx family), fails because of the client (4xx family) or of the server (5xx family)
To leverage HTTP headers. For example, the header Content-Type for the type of content used (application/json for JSON for example) and Accept for content negotiation if needed...
Otherwise there are some formats like Swagger and RAML you can leverage to craft your Web API. A tool like Restlet Studio could a good help to create the structure of your REST service online, get the corresponding Swagger and RAML contents, and even generate server skeletons or client SDKs. You can notice that this tool only follows REST principles...
Regarding security, you need to leverage the Authorization header. There are several strategies:
Basic one. The username / password are encoded with Base64 and sent in the header.
Token-based one. You could have a look at this link for more details: https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/
OAuth2. See this link: http://www.bubblecode.net/en/2013/03/10/understanding-oauth2/.
Regarding file upload, you can leverage multipart contents. See this link: http://restlet.com/blog/2015/10/27/implementing-file-upload-with-restlet-framework/. We use the Restlet framework but you might pick up some generic hints...
Hope it helps you,
Thierry
In my opinion the concept of a Rest-full API is a little blurry, I would advise you to take a look at this article http://martinfowler.com/articles/richardsonMaturityModel.html
Not many public rest-full api's actually achive the discussed level 3. The general idea it to model your api around the "resources" your application deals in and respect the proper http verbs.
As for tools I kinda like https://apiary.io/ it helps you build an API and can provide mock responses as well
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a database which I consider to be my application and a website acting as a user interface for that application. It is now time to add more user interfaces to my application (phone apps etc).
Keeping this in mind, I have come up with a web service architecture to feed data to all my user interfaces. I would like to sanity check this with the brains on stack overflow. Btw - this is all Azure hosted.
Database, as is.
Core web service - this handles all important methods and invokes the main processes on the DB. For example, registration. This will also automatically queue emails to be sent, etc.
Web Services for each UI (website, phone app) - these are specific methods for the UI data calls - e.g. GetDataForRegistrationPage - specific to the website and not needed for the app. The app would have different requirements.
So far I think this is reasonable though I'm interested in your opinions. I would like a bit of help with the next bit: how they communicate.
I would like the Core web service to be a WCF Service that can ONLY be accessed on named pipe endpoints - ensuring that only the client web services can communicate with them (I can guarantee they are on the same machine).
I would like the Client Web Services to bind to their applications by TCP or http. The website will be on a separate machine but on the same network and so is a good contender for TCP. The apps will of course be on clients and would be best as http I believe.
I am worried that I've introduced too many steps with this design. Using registration as an example, the user would register using the website page which goes to the web server which would invoke the registration method on the website web service, which would invoke the registration method on the core web service, which would invoke registration on the database.
Thank you for your thoughts!
(I posted the below as answer but got told off. If we really want to be anal about this then I guess no one should have posted anything as answer as there is no real answer - I was asking for opinions, but anyway...)
Just in case it is of any interest to others having similar design questions. I have decided to get rid of the core service idea and just use a class library shared between each client service.
Pros: Easier to develop, one less complication (setting up named pipes seems impossible to me) and one less process to get involved (even if it is on the same machine).
Cons: Each service now HAS to be on Azure, otherwise it cannot access the Azure storage facilities. I will be using the queue to schedule emails. With the first approach I could have potentially hosted one service on a completely separate platform.
Feel free to comment with any ideas or observations. Thank you for the input, Ramiramilu and Markus.
Your approach seems to provide a good separation of concerns. Depending on the size of your project, it might be a bit too much. If you are looking for a way to simplify your architecture, here are my thoughts:
Client WebServices
I'd propose to analyze how big the differences of the Client WebServices really are or whether it is possible to set up a common service for all clients. Even if you were able to move a lot of shared code to the Core WebService, you'd have to implementent very similar interfaces over and over again. Of course this implies that there won't be a specific WebService that is tailored to the needs of a specific client. If you build on WCF, you can also offer services with different bindings so that e.g. the WebSite accesses the service using a NetTcpBinding whereas another client communicates with the same service over a SOAP interface (WebHttpBinding or WSHttpBinding whichever fits your needs). This would be much more efficient because you'd not have to implement common building blocks like authentication and authorization for each Client WebService.
Also you might want to have a look at ASP.NET WebAPI and consider building a REST API that should be accessible from all devices - though it is as efficient as a TCP binding. You could also host your Web API in the WebSite project so that you can use it both from other client and for AJAX requests. As your WebSite is accessible from the internet anyway, this is also a good approach from an infrastructure point of view.
Core WebService
You could substitute a class library for the Core WebService. The Client WebService(s) can integrate this much easier without having to deal with additional complexity, e.g. for authenticating at the Core WebService.
As you want to host the Core WebService on the same machine anyway, I'd only build a service if there is a strong reason for it. I can't come up with one now.
Conclusion
If your requirements are only to add some clients with a limited set of capabilities, I'd suggest to add a Web API to your WebSite project and access it from the other clients. See this link for more information.
This might be a silly question on this site, but I want to learn more about it.
Being in the Software Engineering field, I have come to know that it's useful to get acquainted with Web-Services. I am trying to understand it. To do so, I must know the difference between a Web-Service and a Application-Service in simple terms.
I have heard about SOAP & REST Services.
For a newbie like me, its overwhelming to understand these concepts when I search them in Google.
How to understand these things better and in what order?
I think it's a great and simple question which usually confuses most of developers. What is Application Service and what is web Service?
Web service is a common term which you can find easily on the internet. Although some time they cross each others boundaries but here is a simplest explanation I can think of:
Application service or Application Layer is an abstraction layer reserved for communications protocols and methods designed for process-to-process communications. Application layer protocols use the underlying transport layer protocols to establish host-to-host connections.
Some time you can also use Application Service to define method calls within your application.
WebService: Any application or method which can be accessed by web is a Webservice. You can also say: anything available on the web is WebService.
There are three common web service architectures:
RESTful resource-oriented,
RPC-style e.g. SOAP
REST-RPC hybrid. 90% of the web sites use this unknowingly e.g. http://mysite.com/get/pictures?tag=birthday :)
I thought to practice SOAP API. I know it is a time for REST but I thought to give a try to SOAP. I somehow got Flickr.com API supporting SOAP but it has very difficult documentation. No, working examples are available.
Q1. So, do anyone know where I can learn SOAP. Do anyone has SOAP working example for Flickr API
Q2. Any service other than Flickr providing SOAP interface. I saw Google search api has closed new request for SOAP.
regards
SOAP has been largely superseded by REST on the public Internet - as you have noted in your question and has been alluded to in comments.
There are still large users in the Intranet context, companies with an installed base of SOAP, Service Bus, and other concepts that you may well come across if you end up working at one of them. (There are still CORBA users out there also!) When you control both ends of the application, you may have less reason to be flexible using REST.
So if you are looking for useful public implementations you are mostly out of luck.
That said: do create your own services and try them out on your own. Define a service and implement it. Create a client in a different language. Create another client in a third language.
If you are looking for an educational experience, this will lead you down some of the same paths that has lead to REST use in wide-scale disparate systems (and may also shed light on why the public/private has split the way it has)
Good Luck
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
What exactly is RESTful programming?
What are RESTful web services? What would be an example of it?
What is the difference between the asmx web services and the WCF RESTful service?
REST is a client-server architecture which (among other things) leverages the full capacity of the HTTP protocol.
Some relevant points in REST:
Each URL on the server represents a resource; either a collection resource or an element resource.
A collection resource would be available at a URL like http://restful.ex/items/ which would be a representation of a list of items.
A element resource would be available at a URL like http://restful.ex/items/2 which would be a representation of a single item, identified by 2.
Different HTTP methods are used for different CRUD operations:
a GET is a read operation
a PUT is a write/modify operation
a POST is a create/new operation
a DELETE is a... ok, that one is kind of self-explanatory.
State (or rather, client context) is not stored on the server-side; all state is in the representations passed back and forth by the client's requests and the server's responses.
You can check out Roy Fielding's (the creator of the REST architectural style) wiki page here and then move on to his PhD dissertation here and finally for a quick example just take a look at the Twitter API.
It's basically web services that implement CRUD using the HTTP methods(GET, POST, PUT, DELETE)
RESTful webservices use HTTP methods explicitly by mapping the REST operations to HTTP methods:
Create - POST
Retrieve - GET
Update - PUT
Delete - DELETE
Here is a link to a good summary.
Check description of REST. Web services conforming to this principle are called RESTful.