REST is a new SOAP

Several years ago I was developing a new information system for one large telecom. We had to interact with the growing number of web services being opened by older systems or business partners. As you understand, we received a good portion of SOAP -ad. Abusive WSDL , incompatible libraries, strange bugs ... Where possible we tried to promote - and use - simple RPC protocols: XMLRPC or JSONRPC.

Our first servers and clients using these protocols were very simple, with modest capabilities and unreliable. But we gradually improved them and after a few hundred lines of code we achieved what we wanted:

• support for various dialects (like XMLRPC extensions created for Apache),
• built-in conversion between Python exceptions and hierarchical error codes
• separate processing of functional and technical errors,
• automatic retries in case of technical errors,
• relevant journaling and collecting statistics before and after queries,
• thorough verification of input data ...

Now you can reliably connect to any such API with just a few lines of code. And also we could now, with the help of several decorators and document updates, open any set of functions for a wide audience, for servers and browsers.

And when it came to the interaction between different applications (built on the basis of microservices), our system administrator was already engaged in this. With the software part, there was practically no ambiguity.

Developer rests after a difficult half-hour RPC API integration

And then REST appeared.

REpresentational State Transfer - transfer of the view state.

This new wave has shaken the foundations of interservice service.

RPC is dead, the future was for RESTful: resources live on their own URLs, and you can only manipulate them via HTTP.

Since then, every API that we have had to expose or to which we have addressed has turned into a new difficulty, if not to say - into insanity.

And what is the problem with REST?

In order not to describe on the fingers, I will illustrate with an example. Here is a small API, data types are removed for readability.

createAccount(username, contact_email, password) -> account_id
addSubscription(account_id, subscription_type) -> subscription_id
sendActivationReminderEmail(account_id) -> null
cancelSubscription(subscription_id, reason, immediate=True) -> null
getAccountDetails(account_id) -> {full data tree}

(InvalidParameterError, MissingParameterError, WorkflowError…) ( , AlreadyExistingUsernameError), .

API , , . (state machine), ( ).

API RPC-: .

, RESTful.

, . « REST», .

CRUD-? must_send_activation_reminder_email? activation_reminder_email resource? DELETE cancelSubscription(), grace- ? getAccountDetails(), REST?

URL-endpoint «»? , , .

HTTP-?

, ?

HTTP-, URL, , , ?

. , , . , , , .

, REST ?

, ( : rest «»).

, .

REST-

REST CRUD, , . , HTTP- (POST), (GET), (PUT/PATCH) (DELETE) .

, HTTP- . , . , : « , ». , , . .

, . , PUT, PATCH DELETE ? . GET POST . POST , HTTP-. , — .

PUT ? , , « » (complete resource), . . , GET. , GET ( , , …)? PUT? « HTTP 409», ( GET…)? , ( )? , , REST , , . GET , ( ), POST/PUT — .

PATCH? , , 99 % , , , , ( ). (, PayPal), RESTful- . : PATCH . « », . , . -- — - REST.

DELETE? , , PDF- . DELETE . REST- , - . DELETE- base64- ?

REST , « » API « RESTful». , PUT URL (/myresourcebase/myresourceid), « » — POST URL (/myresourcebase) HTTP- «» URL ( HTTP-). : . — Big Endian Little Endian, , « » .

… URL’ . , urlencode() REST URL’? - . SSRF/CSRF-.

urlencode 30 URL’

REST-

«» . — , .

HTTP . , .

HTTP 404 Not Found — -RESTful, ? : nginx , API 404 , , …

,

, HTTP 401 Unauthorized, ? Ajax- Safari , ( ).

HTTP REST, . — : .

HTTP Webdav, Microsoft, , . , REST, , , HTTP- HTTP 418 I’m a teapot . HTTP 400 Bad Request , , , , , . : , , . API .

REST

REST , , , REST . :

REST — - . .

.

REST .

, , , .

REST — , . , .

, . .

REST , (stateless).

, - - , . , , … . , , HTTP, RPC.

REST HTTP-!

: GET- -. , (Memcached . .) 99 % -? — . API , - Varnish ? , «» ? . , HTTP-, GET , REST .

REST !

? API : API, ; API, . REST . «», , N + 1 . (, , …) — N + 1 HTTP-. , ID . , , .

REST .

? REST - URL’ “/v2/” “/v3/”? C API, , / . , REST .

REST , HTTP!

, , . XML — , HTTP — . ( «» XML), . RPC, .

REST , CURL!

CURL HTTP. SOAP. GET-, JSON- XML- POST-. , , API-, .

, .

. , , HATEOAS; ( ) «». , , — . API, , : . : PUT URL’, , , .

, HATEOAS

REST ?

«». REST — , « ».

: - RESTful- , ?

?

- URL- . API REST- , , .

Django-Rest-Framework REST API, SQL/noSQL-. «CRUD HTTP», . API , , REST- , .

HTTP- , . , .

?

, .

API N .
URL’, , , API. .
, - ?

.

. . . . . .

. PHP, Ruby, Python, .NET, iOS, Android, Java… Go NodeJS.

Github-. , pull-. . , - ActiveRecord RPC-.

. , , -.

API

: , , . . .

REST : , HTTP-, .

— — ? , .

, - , REST . REST, CRUD-. REST-, , , .

. . , RPC , . .

RPC 99 % , , , . , — HTTP, — .

REST , .
REST , .
REST , .
REST — SOAP.

. , , , HTTP2… . -.

, . XMLRPC JSONRPC, Pyro RMI , GraphQL gRPC API…