SlideShare a Scribd company logo

RESTful API Design, Second Edition

Apigee | Google Cloud
Apigee | Google Cloud

This document provides guidance on designing RESTful APIs. It recommends using nouns instead of verbs, keeping URLs simple with only two endpoints per resource, and following conventions from leading APIs. Complex variations and optional parameters should be "swept behind the '?'." The document emphasizes designing for application developers by making APIs intuitive, consistent and complete while also accommodating exceptional clients. It suggests adding an API virtualization layer to handle complexity.

1 of 106
Downloaded 4,620 times
RESTful API Design Second Edition Brian Mulloy @landlessness 11.03.11 @ 11:03:11 PST Apigee Dial-in or VoIP @apigee See Details in Chat Window
groups.google.com/group/api-craft
youtube.com/apigee
To be a RESTafarian or a Pragmatist?
RESTful API Design, Second Edition
App App App World of API Internal App API User Store Developer APIs Team Systems
Application developers are raison d'être for APIs.
Be pragmatic. For the benefit of application developers.
Pragmatic RESTful APIs are a design problem.
baddesigns.com
RESTful API Design, Second Edition
RESTful API Design, Second Edition
Paul Mijksenaar Design for Function Award 2011
RESTful API Design, Second Edition
Let’s look at puppies.
hackett hackett hackett hackett
... /getAllDogs /locationVerify /foodNeeded /createRecurringDogWalk /giveDirectOrder /healthCheck /getRecurringDogWalkSchedule /getLocation /getDog /massDogParty /getNewDogsSince /getRedDogs /getSittingDogs /dogStateChangesSearch /replaceSittingDogsWithRunningDogs /saveDog ...
RESTful API Design, Second Edition
A puppy’s world is big.
JnL law_keven Smithsonian's National Zoo hackett
... ... /getAllDogs /getAllLeashedDogs /verifyLocation /verifyVeterinarianLocation /feedNeeded /feedNeededFood /createRecurringWakeUp /createRecurringMedication /giveDirectOrder /doDirectOwnerDiscipline /checkHealth /doExpressCheckupWithVeterinarian /getRecurringWakeUpSchedule /getRecurringFeedingSchedule /getLocation /getHungerLevel /getDog /getSquirrelsChasingPuppies /newDog /newDogForOwner /getNewDogsSince /getNewDogsAtKennelSince /getRedDogs /getRedDogsWithoutSiblings /getSittingDogs /getSittingDogsAtPark /setDogStateTo /setLeashedDogStateTo /replaceSittingDogsWithRunningDogs /replaceParkSittingDogsWithRunningDogs /saveDog /saveMommaDogsPuppies ... ...
We are on a slippery slope.
Keep the simple things simple.
Hopkinsii
We only need two base URLs per resource.
The first is for a collection.
/dogs
The second is for an element.
/dogs/1234
POST GET PUT DELETE
CREATE READ UPDATE DELETE
Resource POST GET PUT DELETE create read update delete replace create a delete all /dogs list dogs dogs with new dog dogs new dogs if exists treat as a update Bo collection /dogs/1234 show Bo delete Bo create new if not dog in it create Bo Wikipedia
Resource POST GET PUT DELETE create read update delete replace create a delete all /dogs list dogs dogs with new dog dogs new dogs treat as a if exists collection update Bo /dogs/1234 create show Bo delete Bo new dog if not in it create Bo Wikipedia
Resource POST GET PUT DELETE create read update delete bulk create a delete all /dogs list dogs update new dog dogs dogs if exists update Bo /dogs/1234 error show Bo delete Bo if not error Wikipedia
Verbs are bad.
Nouns are good.
Plurals or singulars?
Foursquare /checkins GroupOn /deals Zappos /Product
Plurals are better. /dogs
Abstract or concrete naming?
Super High /things High /animals Medium /dogs Low /beagles
Concrete is better than abstract. /dogs
What about associations?
GET /owners/5678/dogs POST /owners/5678/dogs
What about complex variations?
Cody Simms
Sweep variations under the ‘?’
/dogs?color=red&state=running&location=park
Hopkinsii
/dogs
What about errors?
meredithfarmer
Facebook HTTP Status Code: 200 {"type":"OAuthException","message":"(#803) Some of the aliases you requested do not exist: foo.bar"} Twilio HTTP Status Code: 401 {"status":401,"message":"Authenticate","code": 20003,"more_info":"http://www.twilio.com/docs/ errors/20003"} SimpleGeo HTTP Status Code: 401 {"code":401,"message":"Authentication Required"}
Code for code 200 - OK 401 - Unauthorized http://en.wikipedia.org/wiki/List_of_HTTP_status_codes Message for people {“message” : “Verbose, plain language description of the problem with hints about how to fix it.” “more_info” : “http://dev.teachdogrest.com/ errors/12345”}
What about versioning?
Twilio /2010-04-01/Accounts/ salesforce.com /services/data/v20.0/sobjects/Account Facebook ?v=1.0
/v1/dogs
Please give me exactly what I need.
LinkedIn /people:(id,first-name,last-name,industry) Facebook /joe.smith/friends?fields=id,name,picture Google (partial response) ?fields=title,media:group(media:thumbnail)
/dogs?fields=name,color,location
What about pagination?
Facebook offset limit Twitter page rpp LinkedIn start count
/dogs?limit=25&offset=50
What about formats?
Google Data ?alt=json Foursquare /venue.json Digg* Accept: application/json ?type=json * The type argument, if present, overrides the Accept header.
/dogs.json /dogs/1234.json
What about defaults?
Format json Pagination (depends on data size) limit=10&offset=0
What about attribute names?
Twitter "created_at": "Thu Nov 03 05:19:38 +0000 2011" Bing "DateTime": "2011-10-29T09:35:00Z" Foursquare "createdAt": 1320296464
JSON is for JavaScript Objects var myObject = JSON.parse(response); These looks funny in JavaScript timing = myObject.created_at; timing = myObject.DateTime;
JavaScript Convention "createdAt": 1320296464 timing = myObject.createdAt; Medial Capitalization aka CamelCase
What about non-resource-y stuff?
Calculate Translate Convert
Use verbs not nouns /convert?from=EUR&to=CNY&amount=100
What about searching?
Global /search?q=fluffy+fur Scoped /owners/5678/dogs/search?q=fluffy+fur Formatted /search.xml?q=fluffy+fur
What about counts?
/dogs/count
What about the rest of the URL?
Facebook graph.facebook.com api.facebook.com developers.facebook.com Foursquare api.foursquare.com developers.foursquare.com Twitter api.twitter.com search.twitter.com stream.twitter.com dev.twitter.com
API gateway api.teachdogrest.com Developer connection developers.teachdogrest.com Do web redirects api ! developers (if from browser) dev ! developers developer ! developers
What about exceptional stuff?
Client intercepts HTTP error codes
Twitter /public_timelines.json? suppress_response_codes=true HTTP Status Code: 200 {"error" : "Could not authenticate you." }
Always returns OK /dogs?suppress_response_codes=true Code for code ignoring 200 - OK Message for people & code {“response_code” : “401”, “message” : “Verbose, plain language description of the problem with hints about how to fix it.” “more_info” : “http://dev.teachdogrest.com/ errors/12345”, “code” : 12345}
Client supports limited HTTP methods
Method Parameter create /dogs?method=post read /dogs update /dogs/1234?method=put&location=park delete /dogs/1234?method=delete
What about authentication?
PayPal Permissions Service API Facebook OAuth 2.0 Twitter OAuth 1.0a
Use latest and greatest OAuth OAuth 2.0 Don’t do something close, but different.
How do application developers use the API?
What about chatty applications?
First be complete & RESTful. Then provide shortcuts.
Partial response syntax can help. /owners/5678?fields=name,dogs(name)
What about when building an UI requires a lot of domain knowledge?
RESTful API Design, Second Edition
Complement your API with code libraries and SDK.
Really? All of this? And iterate it?
RESTful API Design, Second Edition
Application API Virtualization Layer API API API
Be RESTful Only 2 URLs No verbs Use nouns as plurals Concrete over abstract For JSON follow JavaScript conventions Sweep complexity behind the ‘?’ Borrow from leading APIs Account for exceptional clients Add virtualization layer
Questions?
THANK YOU Subscribe to API webinars at: youtube.com/apigee
THANK YOU Questions and ideas to: groups.google.com/group/api-craft
THANK YOU Contact me at: @landlessness brian@apigee.com

More Related Content

RESTful API Design, Second Edition