Your introduction for everything REST and how to understand it.
What is REST?
Representational state transfer (REST) is a software architectural style that defines a set of constraints to
be used for creating Web services. Web services that conform to the REST architectural style, called
RESTful Web services, provide interoperability between computer systems on the Internet.
Terminologies
The following are the most important terms related to REST APIs:
Resource
Resource is an object or representation of something, which has some associated data with it and
can be set methods to operate on it.
E.G Company
Collections
Collections are a set of resources.
E.G Companies is the collection of the Company Resource.
URL
URL (Uniform Resource Locator) is a path through which a resource can be located and actions can
be performed on it.
API Endpoint
In simple terms, an API endpoint is the point of entry in a communication channel where two systems are
interacting. It refers to a touch point of communication between an API and the server.
The location where the API sends a request and where the response emanates is what is known as an
endpoint.
API vs Endpoint
An API refers to a set of protocols and tools that allow interaction between two different applications. It is a technique that enables third-party vendors to write programs that can easily interface with each other. On the other hand, an endpoint is the place of interaction between applications. API refers to the whole set of protocols that allows communication between two systems while an endpoint is a URL that enables the API to gain access to resources on a server.
Web Api Endpoint Naming Convention
Methods Naming Convention
In OOP methods are named with verbs to make it easier to identify what operation that method will
perform, for example the method GetEmployees(int departmentID) will return all the employees that
belongs to a department.
Should we use the same naming convention when designing web Api’s endpoints?
The answer is NO.
Web Api endpoints must be names with NOUNS instead of verbs and it should contain the plural form of
the Resource the api will perform operations on.
Example: https://www.estradaci.com/apis/v1/Employees
If the URL can’t contain verbs, how do we know which action will be performed?
HTTP Verbs will be responsible for telling which action the WEB API should perform.
Let’s look at the most used HTTP Verbs used while creating WEB APIs.
HTTP VERBS.
GET
Use GET requests to retrieve resource representation/information only – and not to modify it in any
way. As GET requests do not change the state of the resource, these are said to be safe methods.
Additionally, GET APIs should be idempotent, which means that making multiple identical requests must
produce the same result every time until another API (POST or PUT) has changed the state of the
resource on the server.
Examples:
GET https://www.estradaci.com/apis/v1/Employees
GET https://www.estradaci.com/apis/v1/Employees/1
GET https://www.estradaci.com/apis/v1/Employees?name=Jeff
All the endpoints above will fetch employees but using different inputs to query the employees.
HTTP POST
Use POST APIs to create new subordinate resources, e.g. a file is subordinate to a directory containing it
or a row is subordinate to a database table. Talking strictly in terms of REST, POST methods are used to
create a new resource into the collection of resources.
Examples:
POST https://www.estradaci.com/apis/v1/Employees
POST https://www.estradaci.com/apis/v1/Employees/Address
Both endpoints above will insert data in the database, the first one will create a new employee and the
second one will create an address for an employee.
HTTP PUT
Use PUT APIs primarily to update existing resource (if the resource does not exist then API may decide to
create a new resource or not). If a new resource has been created by the PUT API, the origin server
MUST inform the user agent via the HTTP response code 201 (Created) response and if an existing
resource is modified, either the 200 (OK) or 204 (No Content) response codes SHOULD be sent to
indicate successful completion of the request.
Examples:
PUT https://www.estradaci.com/apis/v1/Employees
PUT https://www.estradaci.com/apis/v1/Employees/Address
Both endpoints above will update data in the database, the first one will update an employee and the
second one will update the employee`s address.
HTTP DELETE
As the name applies, DELETE APIs are used to delete resources (identified by the Request-URI).
Examples:
DELETE https://www.estradaci.com/apis/v1/Employees
DELETE https://www.estradaci.com/apis/v1/Employees/Address
Both endpoints above will delete data from the database, the first one will delete an employee and the
second one will delete the employee`s address.
As we can see the same URL can perform different actions when requested with different HTTP Verbs.
For example the https://www.estradaci.com/apis/v1/Employees can Get, Create, Update and Delete
employees based on the HTTP Verb used.
HTTP response status codes
Sometimes when the client sends a request to the server it expects a response indicating the result of the
operation. it’s a good practice to return coherent status codes to make it easy to the client understand what
happened when the request is processed.
HTTP defines standard status codes that can be used to convey the results of a client’s request. The
status codes are divided into the five categories presented below.
CATEGORY DESCRIPTION
1xx: Informational Communicates transfer protocol-level information.
2xx: Success Indicates that the client’s request was accepted successfully.
3xx: Redirection Indicates that the client must take some additional action in order to complete their request.
4xx: Client Error This category of error status codes points the finger at clients.
5xx: Server Error The server takes responsibility for these error status codes.
Check below the description of the most used Status Codes used when creating a web api.
For a complete list of the HTTP Status Codes check https://docs.microsoft.com/en-
us/dotnet/api/system.net.httpstatuscode?view=netframework-4.8
200 (OK)
It indicates that the REST API successfully carried out whatever action the client requested, and that no
more specific code in the 2xx series is appropriate.
201 (Created)
A REST API responds with the 201 status code whenever a resource is created inside a collection. There
may also be times when a new resource is created as a result of some controller action, in which case
201 would also be an appropriate response.
204 (No Content)
The 204 status code is usually sent out in response to a PUT, POST, or DELETE request when the REST
API declines to send back any status message or representation in the response message’s body.
An API may also send 204 in conjunction with a GET request to indicate that the requested resource
exists, but has no state representation to include in the body.
304 (Not Modified)
This status code is similar to 204 (“No Content”) in that the response body must be empty. The key
distinction is that 204 is used when there is nothing to send in the body, whereas 304 is used when the
resource has not been modified since the version specified by the request headers If-Modified-Since or
If-None-Match.
400 (Bad Request)
400 is the generic client-side error status, used when no other 4xx error code is appropriate. Errors can
be like malformed request syntax, invalid request message parameters, or deceptive request routing
etc.
The client SHOULD NOT repeat the request without modifications.
401 (Unauthorized)
A 401 error response indicates that the client tried to operate on a protected resource without providing
the proper authorization. It may have provided the wrong credentials or none at all.
404 (Not Found)
The 404 error status code indicates that the REST API can’t map the client’s URI to a resource but may
be available in the future. Subsequent requests by the client are permissible.
500 (Internal Server Error)
500 is the generic REST API error response. Most web frameworks automatically respond with this
response status code whenever they execute some request handler code that raises an exception.
Content Negotiation
When sending a request to an API we need to tell the server what is the type of the data we are sending
and the server is responsible to tell the client the same.
At server side, an incoming request may have an entity attached to it. To determine it’s type, server
uses the HTTP request header Content-Type.
Some common examples of content types are :“text/plain”, “application/xml”, “text/html”, “application/json”, “image/gif”, and “image/jpeg”.
Content-Type: application/json
Similarly, to determine what type of representation is desired at client side, HTTP header ACCEPT is
used. It will have one of the values as mentioned for Content-Type above.
Accept: application/json
The most used content-type used by APIS to represent the object the is being sent to the server or
returned to the client is JSON, make sure to use the camelCase naming convention when using JSON.
API Versioning
One of the most important things in WEB API development is the versioning.
WEB APIs must be well versioned in order to prevent the clients that are consuming it to break.
When a Break Change is made to an existing WEB API, instead of modifying the existing one we must
create a new version of it.
For example:
Several changes are required to be made on the WEB API
https://www.estradaci.com/apis/v1/Employees and these changes may lead the consumers to break
their integrations.
Instead of simply applying the changes to this API we need to create a new version of the api, E.G
https://www.estradaci.com/apis/v2/Employees.
This will prevent the clients that are consuming the V1 to break and will give them the time and
flexibility to migrate their calls to the V2.