NotesWhere REST is an architectural style for APIs, NARWHL is a framework intended to provide a roadmap for those needing to implement an API using current best practices but flexible enough to grow into the future.Unfurl
NotesWe already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Hereās our playbook on how to secure a REST API.Unfurl
NotesLes recently gave a talk on "Designing a Beautiful REST + JSON API" at the San Francisco Java Users Group, which covers 18 months of his research into API design.Unfurl
NotesHTML is the lowest common denominator in a world where the number of devices are steadily growing. In such a world, our API should be hypermedia driven and we should consider choosing HTML as the media type for our APIs. If we choose this, we can enhance the API with CSS and JavaScript, making the API human-friendly as well. Further, we can use Adaptive Web Design to make the best possible experience for all types of browsers and devices. This kind of solution has some risks and technical issues related to it though. And it is not a silver bullet.Unfurl
NotesYep. Sorry to have to inform you. REST is totally over. The cool kids are moving on. We're building "Hypermedia APIs" now. Such is life.FeedUnfurl
NotesOriginally, this post was titled "A RESTful Reading List," but please note that REST is over. Hypermedia API is the new nomenclature.
I've been doing an intense amount of research on Hypermedia APIs over the last few months, and while I didn't save every resource I found, I've made a list here of the most important.FeedUnfurl
NotesNow, when I said ānobodyā does this, what I meant was āfor APIs.ā This is exactly how the Web works. Think about it. You start off on the homepage. Thatās the only URL you have to know. From there, a bunch of links point you towards each state that you can reach from there. People would consider it ludicrous if they had to remember a dozen URLs to navigate a website, so why do we expect the consumers of our APIs to do so as well?Unfurl
NotesRails-style MVC frameworks are both too much, and not enough at the same time. It really is time for a new framework to support this new architecture.Unfurl
NotesI would love to see every API to be RESTful, consistent, hypertext driven, and more importantly, interoperable. The reality is that getting consistent APIs is hard ā particularly those that are done by distributed teams. For the record ā I vehemently hate SOAP APIs and the SOAP mindset. I dislike RPC-style operation names tunneled over HTTP. I frown and cringe whenever I see unnecessary custom headers and complicated formats. I wish POST+XML goes away. I wish every API gets rewritten to the modern understanding of HTTP and REST, serving JSON.
But I would rather spend my time enabling interoperability than preaching for consistency.Unfurl
Notes"This project allows you to host a "private instance of S3" on top of Google's infrastructure (big table, etc), leveraging existing client S3 libraries and applications - no need to reinvent the wheel."Unfurl
Notes"The essence of REST is to make the states of the protocol explicit and addressible by URIs. The current state of the protocol state machine is represented by the URI you just operated on and the state representation you retrieved. You change state by operating on the URI of the state you're moving to, making that your new state. A state's representation includes the links (arcs in the graph) to the other states that you can move to from the current state. This is exactly how browser based apps work, and there is no reason that your app's protocol can't work that way too."Unfurl
Notes"This explains when to use POST or PUT for creating new resources. The answer ultimately lies in who is responsible for determining the new resourceās URI. If the client is in charge, the client can use PUT to the new URI (like we did for user accounts) and the service can return a response code of 201 (āCreatedā). However, if the service is in charge of generating the new URI, the client should POST the new resource to a factory URI like weāve done for bookmarks. Then, the service can return a response code of 201 (āCreatedā) along with the URI of the new resource in the response āLocationā header."FeedEmbedUnfurl
Notes"What needs to be done to make the REST architectural style clear on the notion that hypertext is a constraint? In other words, if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed?"FeedEmbedUnfurl
Notes"I was talking to a colleague who has to become savvy in a hurry about modern Web applications and he asked āHow do I learn about REST?ā Good question. I thought of a couple of suggestions, then asked Twitter and got some more. Here they are."FeedUnfurl
Notes"But on a technical level, the point is not that "whatever!" is evil. The point is that if you chip a piece off "whatever!" and make it mean something specific, you can optimize around the constraints and reap the benefits."Unfurl
Notes"At this point, the benefits of building RESTful services for the Web should be self evident. The Web has a particular architecture and it makes sense that if you are deploying a service or API on the Web then it should take advantage of this architecture instead of fighting against it. There are millions of deployed clients, servers and intermediaries that support REST and it makes sense to be compatible with their expectations. "FeedUnfurl
Notes"I am in no way saying that AtomPub is the solution. What I am pointing out is that if you want federation then you need to design your protocols and APIs RESTfully. In this example it is hypertext, link following, in the AtomPub spec that allows these two separate services to be linked together."Unfurl
Notes"In some ways this is slightly more elegant than the XMPP solution as neither side has to maintain a dedicated long-running process. ... There are a number of people on inexpensive service providers who have at best web scripting hosting and not much elseUnfurl
Notes"The Blinksale Application Programming Interface is simply another way to access your Blinksale dataāone that makes it easy for third-party and custom tools to programatically access and interact with the service. The API follows the REST style, and this guide should provide everything you need to implement software that works with Blinksale."Unfurl
Notes"In this article, I will try to provide a pragmatic introduction to REST and RESTful HTTP application integration without digressing into this debate"Unfurl
Notes"At the end of the day, if you want to ignore my advice on using REST and dynamic languages, thatās your own problem. ... All I know is that Iām using them very successfully as part of what Iām working on these days, and itās simply glorious."Unfurl
Notes"So stop asking the server to "hold on to things" for you. Please. If you do that one simple thing when you build an application architecture, you have freed the server infrastructure; you have given it wings."FeedUnfurl
Notes"URI Templates are strings that can be transformed into URIs after embedded variables are substituted. This document defines the syntax and processing of URI Templates."Unfurl
Notes"You go to your favorite Web 2.0 search engine and set up a query like http://web20.example.com/search=john+doe&ouptut=atom and search for "john doe," but rather than getting back results as the usual HTML web page, you get it back in Atom format."Unfurl
Notes"In this Conversation with Innovators, the authors discuss what those principles are, and how to apply then in ways that make the programmable Web better - that is, "more uniform, better structured, and using the features of HTTP to greatest advantage."Unfurl
Notes"Put the main application logic into a RESTful server. This is where all the CRUD-style access to resources takes place. Then, write a second proxy ... When browser-based users need to interact with your resources, they actually connect to this proxy."Unfurl
Notes"To maintain a high level of security, the Authentication Proxy interface, AuthSub, enables the application to get an authentication token without ever handling the user's account login information."Unfurl
REST was NEVER about CRUD - Tyk API Gateway and API Management - REST was NEVER about CRUD
RFC 6570 - URI Template
What is the RESTed NARWHL? | The RESTed NARWHL
WebhookInbox
REST is OVER! - Literate Programming
Psychotic Willy Wonka - oh you have a rest api you must have so many content types
The Richardson Maturity Model of RESTā¦ and Roy Fielding | Loosely Connected
The Sun is Setting on Rails-style MVC Frameworks Ā« caines.ca/blog
RESTful API Design, Second Edition
REST Litmus Test for Web Frameworks - Stefan Tilkov's Random Stuff
baltic-avenue - Project Hosting on Google Code
Web Hooks and the Programmable World of Tomorrow - SlideShare
PUT vs POST in RESTful Web Service Ā« vincenthomeās Tech Clips
Dare Obasanjo aka Carnage4Life - REST API Design: Invent Media Types, Not Protocols and Understand the Importance of Hyperlinks
ongoing Ā· Learning REST
Dare Obasanjo aka Carnage4Life - Explaining REST to Damien Katz
tinydb.org
Blinksale | Blinksale API
Blogging From Berkeley: Session State is Evil