Maybe you just skimmed the article, or he's changed it since, but he doesn't say that verbs in URLs was RESTful. He said it was better than RESTful, and I'm inclined to agree with him.
Having tried my hand at designing REST APIs for typical business systems a few times, I've noticed that state machines and transactions are everywhere. Making every resource a noun with the four basic REST verbs leads to a complex and extremely chatty design, whereas slipping a few extra verbs in here and there makes the API simpler, easier to understand, and more efficient.
1. Most people who think that REST is The Best Thing Evar don't really understand what REST is.
2. Most people who think that REST is terrible don't really understand what REST is.
REST is a tool. It's useful for a lot of things. It can alleviate initial scalability issues. It can make an API easier to use or require fewer calls. It can make it easier or more intuitive for someone to learn an API, and it's very often easier to make changes to a REST API because of the way it is written.
But it's just a tool, and if you can't grok that, you're probably a tool as well.
So only true scotsmen aren't tools? I'd argue that if a concept is so badly explained that both its most zealous proponents and antagonists are mistaken, that perhaps it's not such a useful design concept in the first place.
I mean, who could possibly be confused about what the transfer of representational state means?
Those are laws of nature, not design paradigms. They have different (almost opposite) metrics for "great". Relativity (both variants) and QCD are "great" precisely because they were discovered and characterized in spite of the fact that they are counterintuitive and difficult to visualize.
Good software design, on the other hand, is all about human communication. And a design paradigm that can't be communicated easily has less value than one that does.
I agree with the "it's just a tool" sentiment in general, but what other great alternatives are there? I haven't had a favorable experience with SOAP, so I can understand why people think REST The Best Thing Evar. This is based on my own experiences, so I may have used SOAP wrong, misunderstood its intentions, etc. Do you have any examples of when SOAP (or another technology) is preferable to REST?
You can write RESTful SOAP, I don't think the two ideas are perpendicular. The problem with SOAP is more implementation than spec - PHP SOAP is different from .NET SOAP which is (slightly) different from Java SOAP, which leads to headaches.
REST is just a style of API. You can write a JSON API that isn't RESTful just as easily, and in some cases a RESTful API is not warranted.
Do you have an example of RESTful SOAP? I think SOAP's lack of situational HTTP method adoption (i.e. it uses GET or POST for everything, vs DELETE/PUT/etc. when appropriate), and the fact that it wraps another envelope around an already available HTTP envelope makes is hard to deem any SOAP implementation as RESTful. I'm not trying to prove you wrong, I'd just like to see an example (a quick google search yielded nothing for me).
The "other thing" for us is is RPC and PUB/SUB patterns over sockjs (which wraps Websockets+fallbacks).
REST is a tool. But given an engineer a tool like a hammer and pretty soon everything will look like a nail. Sometimes you need a screwdriver when you actually have screws. Hammering them in will work but it is ugly.
Yeah I considered PUB/SUB as another alternative, and it makes sense to use it for realtime applications, but I'm not sure what else (due to my ignorance, not necessarily PUB/SUB limitations). As for RPC, isn't SOAP the successor to that?
The way i think about REST is this: here is my stateful application, how can i make it available over HTTP/REST. So i start identifying resources. Most of them are easy - they map to your domains models. But some of the operations on some of the resources are quite important to my application (eg: ordering products, making a payment etc), so i consider creating separate resources for them.
It looks like you are referring to modeling your stateful application when you talk about RESTful thinking.
That's a very good question, what is RESTful thinking?
I personally think so many of us are misguided in our think when it comes to RESTful APIs. In order to make good design decisions for your API you must understand how the users of your API perceive RESTful APIs. In order for you to understand how the users of your API perceive RESTfuls APIs you must consider how the masses (within your target audience) understand RESTful APIs.
Whether your interpretation of RESTful APIs is right or wrong does not matter. What matters is that people can use it. In order for people to use your API it must be easy to understand. In order for it to be easy understand it must be well documented and consistant.
Therefore RESTful API design must be approached on a case by case basis. You must understand your users, their knowledge base, and how capable they are.
wvanbergen: Interesting article. It was thought provoking at the very least.
I think this is a fair point. REST is all about resources and representations, which makes modeling simple CRUD actions on domain objects very easy. However, modeling application processes effectively is harder and requires deeper thought and a more thorough understanding of REST.
I've always thought the key to understanding REST is understanding idempotence. Is HTTP request to mark an order as paid idempotent? If so, a PUT/PATCH should be fine. If not (say, you're actually transferring funds) then a POST should be used. This key principle will help make your URL design choices much easier. In your example, the PATCH API appears idempotent, making the suggested POST replacement sort of confusing to me.
When it comes to modeling application processes using HTTP, understanding which requests are repeatable without consequence and which aren't is very important. It's hard to talk about modeling processes RESTfully without talking about idempotence. It's at the heart of the protocol's design.
RESTful thinking needn't be harmful for application processes as long as you do it effectively.
looks like RPC update calls (hey let's map our Ruby attribute updates to HTTP calls, yay!) more than RESTful calls.
Also, not sure why a payment resource would be conceptually "within" an order (although that's got little to do with RESTfullness): why not POST to /payments?order=42? Which would return a link to e.g. /payments/2345 for your actual payment resource?
REST is a great starting point for an API, but generic REST interfaces (in Rails, Django, or any other framework) are relied on too heavily. I'm especially interested in mobile APIs, which have very specific considerations that REST doesn't answer well.
Building a generic data back-end for mobile is very hot right now, with lots of funded startups in the space. Some of them are just offering a REST API, which frankly any Rails or Django developer could produce in about 10 minutes. Mobile APIs need to be different, mostly due to slow or non-existent connections, and require additional thinking. More details here:
Anybody know of any mobile back-end providers that are thinking innovatively about this? I've consulted a few of these startups and they all seem hesitant to make any choices that go beyond REST...but as far as I'm concerned, offering a generic solution for something that mobile devs have to develop every time they create an API would be well worth it. A simple example is to accept a guid for every created object and return that guid in the response. It's something you have to do to know that the object has been sent successfully to the server, so why make the developer code it every time?
I understand why that isn't RESTfull, but why is it more complex?
"customers" are used to thinking in terms of actions. You hit this little button here for payment, you hit this other little button here for shipment. And for developers, these are like methods containing business logic belonging to an object.
That's the most natural mapping, the verb PAY on the object of order 42. Maybe HTTP needs arbitrary verbs instead of a limited predefined set? We'd have to get firewalls and proxies and such out of the habit of processing a request depending on its verb.
The point of having limited and well defined HTTP verbs means that you know what to expect. e.g GET has no effect on the resource, while PUT is idempotent, and POST is neither. This precise set of definitions, along with the remainder of REST principles mean that friction is greatly reduced when building/consuming APIs.
There's actually nothing stopping you from using your own verbs, actually; it's allowed. Lloeki gives a good reason not to, though: I don't know how PAY will be handled without consulting documentation.
It's not a problem, but you don't get all the benefits of HTTP if you don't respect REST. This since HTTP is built around the idea of REST.
To me it seems logical to embrace the ideas of the tool you are using. If you are not utilizing the power of HTTP, why not just use a pure RPC protocol?
I think that we eventually have to open up for more protocols if the web continues to develop into a generic dev platform. In a sense we are already heading in that direction with WebSockets. But since HTTP has been and continues to be such a success, I think that we can atleast try to promote it.
Why? When I see "considered harmful" in a title, I know pretty much what kind of article to expect. I think it's a useful shorthand, and that its origins, and the whimsical attitude associated with it, are irrelevant. What alternative title would you suggest for this article?
Especially here where it's cheap linkbait for an article whose actual claim seems to be “Gee, REST is hard to get right sometimes”. Not that I like the inflamed rhetoric of an actual “considered harmful” call to arms, either.
State machines are excellent, but this comes up every so often on HN and I've come to respect the observation that state machines become very difficult to change.
They particularly rock for games, where the universe is unlikely to suddenly add new interactions or change fundamental laws, but in an evolving business application with requirements that perpetually jag, they can be a source of great pain.
EDIT: After thinking about this a bit more, I realize the state machine use is in reference to an API, which probably should be approached with a certain sense of immutability. I still think that in general, using them outside of games should be approached with serious fore-thought to the potential for change in your requirements.
Is it just me or are these "considered harmful" articles becoming way too cliche? When I see one, I immediately become suspicious of it's content and distrust it as I've come to associate it with some sort of inflammatory headline or flippant way to dismiss legitimate conversation.