As others have alluded to, it's all fine & dandy to try to adhere to the guidelines of "pure REST" but in reality, you have customers/users who know enough to construct a web request, but don't really understand what HTTP verbs are, what HTTP headers are etc. In my experience, your average developer (of course, not anyone who'd frequent HN!) really doesn't have a good grasp of how HTTP works. So the way you combat this problem is either
1) You provide client libraries in the popular languages so your users can download those and not have to make requests directly. This way you can put versioning and accepted response types in the headers instead of the URL
OR
2) You put everything in the URL and you're done with.
In my company, we initially went with 1) but then realized that just putting a version & format (.json, .xml etc.) in the URL lead to much fewer "Your API isn't working" emails.
Sometimes I feel like I'm missing something, but then I read specs and I read REST manifestos and I just don't see the value over RPC style. When coding against an API, clients are pretty much always want to make "function calls" and get values back. So even if the URL is just "api.localhost.com/apiv1.handler" and everything goes into a XML or JSON body, what's the drawback?
REST advocates insist that URLs shouldn't be constructed either. So every site that boasts "REST" but then goes on to say accounts are at "/account/{id}" aren't really RESTful. (You're supposed to find the account URI via a search or save it from creation.)
Spreading the values of the "function call" all over the place just makes your plumbing code more complicated, but the end result to the user will still be "GetAccount(id) -> Account".
Plus, the concept of making the URIs all be nouns then cramming your logic into the few HTTP verbs is just odd. OK, so HTTP has a DELETE method. Why is that somehow intrinsically better than <action name="DELETE" id="123" />?
So far I've yet to see a real REST API where I say "oh wow, that's a lot easier to handle". Maybe I'm looking at it wrong, and ease-of-use for programmers isn't a goal.
>Maybe I'm looking at it wrong, and ease-of-use for programmers isn't a goal.
IMO, ease of use for the programmers using the API is not the goal. Ease of maintenance is the goal. Basically RPC is bad because it is an extreme tight coupling between client and server. Change one single parameter in one single SOAP method? Get ready for every single client to have to recompile. Even the ones that never used that particular method (there are techniques to minimize this, but with REST you don't have to think about this problem).
REST is about loose coupling. If you follow HATEOAS properly the clients won't even need to recompile if you do a massive refactoring of where your resources are. So long as you're not doing direct serialization of the XML resources, you also won't have to recompile for every tiny schema tweak. If a field you use changes, obviously you have to change the client. If a field you don't use changes you probably don't even need to restart your client.
This is what it buys you. If you don't get any benefit from the loose coupling then you don't need REST. But if that's the case then I wonder if you need a three tiered system at all.
Forget SOAP. Just think of XML-RPC. How does changing one parameter break things any differently than with REST? If I'm offering an API that has a POST with a body containing a field "client_id", and I change that to "clientid"... stuff breaks.
If you use a single endpoint like "/service" and POST bodies, then there are no "resources" to locate in the first place, so no problem when changing your URI schema. "GET /service?type=account&id=123". Or even just "POST /service {body Action=GetAccount Id=123".
I agree with you. For most people, switching to REST is useless, because they're still attached to the conceptual framework of RPC. We're still in the dark ages, re-writing the wheel again and again and again, coding clients for each single service out there. It's not wonder that REST seems useless.
But there's a vast network of services, far bigger than all the RPC APIs out there, that isn't like that. Where clients can connect to different services - even services made years after them, with functionality they couldn't have anticipated - without having to be tailored to them. Where the user can switch the provider of a specific service without having to switch clients, because the protocols are standard and compatible.
I'm talking, of course, about the HTML Web. Where people implement RESTful services without even knowing what they are, just because following a standard is just painfully obvious.
REST is the way we can implement something better; instead of dumb clients, we can have smart agents that interact with the rest of the web as browsers now do, but without the user hand-holding it. And gradually switching RPC to REST is the only way to accomplish that.
REST is one of the stupidest ideas to have ever come out of HTML.
When you write a class do you only have 4 methods on it? Create, Read, Update, Delete?
Case shut & closed.
But, but, but, I hear you say? It's not about the verbs, it's about the intention behind the verb?
Any GET you do to the system inherently changes it. I log you accessed the system, it often changes the way the object behaves (for example, you viewed it, it is now more popular, it now appears higher in results).
I could go on for hours about how virtually every concept in REST is obviously flawed if you are an experienced programmer and simply sit down and think about it.
It doesn't work!
So the concept was flawed from the beginning.
RESTful APIs died a long time ago, but somehow some people are hanging on to the archaic meaning of REST without really realizing that 'REST' now simply means 'API over HTTP'. The best APIs simply dropped supporting RESTful interfaces a long time ago and those crazy people who stick to it, like Google, have to contort their APIs into utter messes just to facilitate it.
Worse, people are still building entire systems based off its flawed nature. Microsoft just released WebAPI which tries to force you into a RESTful model. But then again, they never really have understood the web.
When you write a class do you only have 4 methods on it? Create, Read, Update, Delete?
Just because you are unable to stop thinking in terms of classes, doesn't mean REST is flawed. REST doesn't have classes, it has resources, and they work differently.
Any GET you do to the system inherently changes it. I log you accessed the system, it often changes the way the object behaves (for example, you viewed it, it is now more popular, it now appears higher in results).
GET is not part of REST, it's part of HTTP, which is a particular implementation of a RESTful architecture. The flaws of HTTP are irrelevant to whether REST makes sense or not.
It doesn't work!
Your line is self-disproving, since you used a RESTful service to send it. The web has literally billions of services following REST. The proof that it works is shown again every time you click a link.
RESTful APIs died a long time ago, but somehow some people are hanging on to the archaic meaning of REST without really realizing that 'REST' now simply means 'API over HTTP'. The best APIs simply dropped supporting RESTful interfaces a long time ago and those crazy people who stick to it, like Google, have to contort their APIs into utter messes just to facilitate it.
Again, you've used a RESTful API to post this very message. RESTful APIs work, it's RPC with a RESTful facade which doesn't, and it can't die soon enough.
There is however one use case for which I haven't found a good way to use REST: have the client upload a document to the server and return the same document in a single call, transformed (say, applying an XSL server-side). You're not really creating a new resource here, or accessing an existing one.
But I agree that in most cases, REST is good enough, and certainly a hell of a lot better than old-style RPC or "let's-put-an-action-verb-in-the-URL-and-call-it-REST" HTTP APIs.
What happens if the connection is lost during the conversion? Do you really want to force the client to send it again and redo the conversion? Is the document time sensitive enough that it's better to repeat the process?
If not, then I'd say that it does make sense to create a new resource: the document. You create it by POSTing the original, and the server returns a 201 Created, with a Location header pointing to its new URL. The client can then GET it to download the converted version. The document resource should have a TTL so that it can be pruned from cache.
I don't think REST fits all use cases, and RPC does make sense when your needs don't fit the advantages of following REST, but I don't think that's the case here.
> What happens if the connection is lost during the conversion? Do you really want to force the client to send it again and redo the conversion? Is the document time sensitive enough that it's better to repeat the process?
No, I don't think it would be an issue to repeat the process in this case.
> f not, then I'd say that it does make sense to create a new resource: the document. You create it by POSTing the original, and the server returns a 201 Created, with a Location header pointing to its new URL. The client can then GET it to download the converted version. The document resource should have a TTL so that it can be pruned from cache.
I guess, but it forces the server to store the document somewhere (presumably in RAM). It's much easier and cheaper in RAM to answer the POST with the formatted document, and you also spare complexity client-side (only a single HTTP call and only a single location for error handling). But yes, it would be a possibility.
... The HTML Web works because the "smart client" is a human driving the browser. (Or a dumb crawler that doesn't care what it gets.) I don't see how it's at all related to APIs driven by software.
And the HTML Web is NOT RESTful. Plenty of sites return different results for a URL, break links, have non-idempotent GET, don't return the created item's URL on POST, etc.
So when people talk like this about API-driven stuff, it sounds like UDDI or some magic dream. Can you draw a direct line to what kind of code is gonna be written? Or is this like a "well if we invent AI-like stuff then it'd be nice because AI won't be able to figure out RPC?" Maybe I'm being dumb and unimaginative.
I think you misinterpreted the parent post. You two are almost certainly talking about the same kind of REST aka the mainstream understanding of it popularized by APIs like Twitter, Twilio, Stripe, etc. The "real/pure REST" folks are talking about by-the-dissertion Fielding's REST which is far more complicated and confusing and is probably not a good idea for a public API. It goes beyond verbs and pretty URLs. Look into Hypermedia APIs. That's the One True REST.
Yeah, Twilio's API isn't REST as it has versions and content types in the URIs. Plus, you're supposed to construct URIs (and all the clients do this AFAIK, since it'd be idiotic waste of a roundtrip not to). E.g. "/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers/{IncomingPhoneNumberSid}"
Yet it's the closest thing I've seen held up as a "good RESTful API". In practise, it just means I've got to write more code to shove parameters into the URI and body.
"REST" as used by pretty much everyone is just a codeword for "we didn't use SOAP!". And maybe the URLs are more than just "/FooService" and maybe they use HTTP verbs.
1) You provide client libraries in the popular languages so your users can download those and not have to make requests directly. This way you can put versioning and accepted response types in the headers instead of the URL
OR
2) You put everything in the URL and you're done with.
In my company, we initially went with 1) but then realized that just putting a version & format (.json, .xml etc.) in the URL lead to much fewer "Your API isn't working" emails.