The document discusses various aspects of REST APIs including formal REST constraints like being client-server, stateless, cacheable, and having a uniform interface. It covers the Richardson maturity model, proper use of HTTP methods like POST and PUT, approaches to versioning, security concerns around CORS, CSRF, XML external entities, and recommendations around documentation, filtering, exceptions, and state management.
3. "The Code is more what you'd call guidelines than actual rules. Welcome
aboard the Black Pearl, Miss Turner"
-- Cpt. Hector Barbossa to Elizabeth Swann
RT Ben Hale
jk@devskiller.com / @jkubrynski 3 / 42
7. POST vs PUT
POST creates new resources
jk@devskiller.com / @jkubrynski 7 / 42
8. POST vs PUT
POST creates new resources
PUT updates existing resources
PUT can create resource if ID is already known
jk@devskiller.com / @jkubrynski 8 / 42
14. ETag
If-None-Match header set to entity uuid
if matches then "304 Not Modified"
uuid can be smart - entity id and version
"User:34652:15"
jk@devskiller.com / @jkubrynski 14 / 42
15. Compression
reduces response size dramatically
10 times smaller response is nothing special
usually really easy to enable
jk@devskiller.com / @jkubrynski 15 / 42
19. @DanaDanger HTTP codes classification
20x: cool
30x: ask that dude over there
40x: you fucked up
50x: we fucked up
jk@devskiller.com / @jkubrynski 19 / 42
21. Exceptions
hide sensitive information
but include detailed information
{
"status":400,
"code":40483,
"message":"Incorrectbodysignature",
"moreInfo":"http://www.mycompany.com/errors/40483"
}
jk@devskiller.com / @jkubrynski 21 / 42
22. API Versioning
don't even think about
api.domain.com/v2/orders
URIs to the same resources should be fixed
between versions
jk@devskiller.com / @jkubrynski 22 / 42
23. API Versioning
don't even think about
api.domain.com/v2/orders
URIs to the same resources should be fixed
between versions
use Content-Type
1 version: application/vnd.domain+json
2 version: application/vnd.domain.v2+json
jk@devskiller.com / @jkubrynski 23 / 42
24. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
jk@devskiller.com / @jkubrynski 24 / 42
25. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
Dynamic queries are easier in POST body
jk@devskiller.com / @jkubrynski 25 / 42
26. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
Dynamic queries are easier in POST body
POST /reviews/searches
GET /reviews/searches/23?page=2
jk@devskiller.com / @jkubrynski 26 / 42