Hacker News new | past | comments | ask | show | jobs | submit login
REST – Epic Semantic Fail (mikehadlow.blogspot.co.uk)
40 points by alpb on Aug 30, 2012 | hide | past | web | favorite | 36 comments

He's got some good points about how people talk about REST and how it's not a protocol.

But then there's this:

If I want to write a client to communicate with your REST API I’m in a world of pain; there’s no serviceutil I can point at your API to generate me a proxy, instead I have to carefully read your documentation (if it exists) and then lovingly handcraft my client using low level HTTP API calls.

I would infinitely rather use a well-documented HTTP+XML/JSON/clojuredata protocol. The thought of code generation based on WSDLs still makes me feel a little ill even though I haven't done it in years.

Is there a consensus on why the SOAP/WSDL business sucks? Is it just a lousy bloated implementation of a potentially good idea or it's the whole idea that's misguided/unrealistic/foolish?

I'd like to know too. There are a lot of people here rubbishing SOAP without explaining why. I've consumed, simultaneously with hundreds of other developers from disparate teams, 100s of SOAP services across a number of financial institutions and any issues I ran into had nothing to do with SOAP. Generating code with SvcUtil is great and does what it's supposed to - and nothing stops you from refining it or writing your own service clients.

I don't need to run service calls from the command line - I have version controlled integration tests that I right click on and select "run", as should every major consumer of serious services.

I don't believe SOAP web services are always the way to go (I've never used any in my personal projects, preferring my own web API and/or a service bus), but that doesn't mean it's not suitable for other problems.

What's often missing from these debates is defining what environment you're operating in (legacy and dependant systems/platforms/interfaces, network architecture, how much architectural control you have, user load, number of developers, number of teams, release cycles, politics [what was the last big budget item that was purchased to solve the current problem], timelines etc.). Once you start identifying the environment details, some of the simplistic unqualified suggestions people make in these debates seem naive and ridiculous.

SOAP is fragile, bloated and slow. It goes against what the very essence of a service should be, i.e. to expose functionality in as accessible and inter-operable way as possible. The higher up the WS-* stack you go, the less supported it becomes - eventually only the Big Enterprise frameworks from MS and IBM support the complete WS-* stack.

WSDLs promote code-gen and as different SOAP frameworks have varying levels of WSDL support, you often end up with broken + ugly code-gen when trying to consume from different SOAP stacks. SOAP is also a brittle format where even a small namespace change can break the entire request, this makes versioning (a core part of evolving services) extremely difficult.

I generally prefer clean HTTP APIs with Cool URI's and JSON which is a much faster, smaller, more versionable and tolerant format that provides a better programmatic fit than SOAP/XML: http://www.infoq.com/presentations/Heretical-Open-Source

I touch on REST vs SOAP and why SOAP sucks here: http://www.servicestack.net/mythz_blog/?p=154

In general I believe the topic of REST encourages elitist attitudes, cargo cults and un-pragmatic solutions, which I also touch on at: http://www.servicestack.net/mythz_blog/?p=665

and I still strongly believe message-based solutions promote better designs for SOA-style remote services: https://github.com/ServiceStack/ServiceStack/wiki/Advantages...

It's a mediocre and bloated implementation of an idea that's neither particularly good or bad, but really old: remote procedure calls.

when i had to work with it the problem was incompatible implementations and extensions. i assume it would work fine with MS server and client, or with Sun (back then) server and client, but when you mixed them and tried to do anything even vaguely unusual, it hurt.

I've had my .NET clients talk successfully to .NET back-ends, Java back-ends, and Cobol wrappers with no problems, with security extensions, etc. all enabled. But the key to that was having an active architecture group responsible for ensuring consistency across the organisation (libraries for each client platform host).

The idea is fine. I'd cite thrift as essentially an implementation of the same thing, minus all the junk.

Yes I had to go back and check the date to make sure it was not 2005, because that was when we had this argument.

This project attempts a middle ground between SOAP and "roll your own"


It's JSON-RPC with an IDL grammar.

Here's what Roy Fielding himself has to say: http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hyperte...

And here's his presentation on the topic: http://www.slideshare.net/royfielding/a-little-rest-and-rela...

A common REST debate is "When to use POST?". His thoughts on that: http://roy.gbiv.com/untangled/2009/it-is-okay-to-use-post

His whole argument can be distilled down to "REST isn't a protocol, it's a protocol pattern". True enough, but I'm surprised that this is news to anyone working with REST.

Edit: I said "API", should have said "Protocol"

Actually I thought his whole argument was down to "REST isn't a protocol the way HTTP is a protocol" -- look the "P" stands for "protocol" -- which (a) is true in some specific technical sense, and (b) isn't important.

I quote: "This style has no agreed protocol." and "The core missing pieces of any RESTful web service protocol are agreed standards on media type and link metadata." OK, so what?

> OK, so what?

Well, when you try to fill in the blanks you get one of these:

1) AtomPub, which is a relatively simple protcol but has very limited application

2) oData/WSDL, which are powerful but complex

I think it's easier to understand his argument when you think about the problem at scale. Consuming one API is meat and potatoes to most of us; with decent documentation and the REST style largely being followed, API clients can be created rather quickly.

However, if I asked you to consume 1000 "REST" APIs, this becomes problematic. There is no agreement on representation, nor is there metadata available to infer commonalities.

So what have people done? They've tried to introduce solutions from other "protocols". As mentioned in the article, HAL attempts to introduce a predictable envelope around the data, using links and embedded resources to become so HATEOAS friendly.

However, there still are holes. How do I know what to do with links? The rel can tell you only so much - back to the documentation we go. How about we introduce a rel to a schema, like XSD, WADL or JSON Schema? Not many have done that and even fewer enjoy working with them.

How about knowing if I can PUT or POST to one of these links? Well the API could support OPTIONS request, but does this suit your data intensive mobile app consuming the API? Not too snappy. We could list them out individually in the representation (thereby replicating the HTTP design through representation) but now the size of the representation is growing dramatically just to support metadata that rarely changes.

OData, GData and even CMIS have all tried to take a stab at data communication protocols. Yes, they bring solutions to some of these issues at the cost of complexity and verbosity. Plus, they use use discovery endpoints. And they still tend to fall back on XML over JSON because of use of Atom etc. And now we are halfway back to SOAP.

How about the versioning issue? Should client be aware of representation structure changes and adapt accordingly? Well WRML (http://www.wrml.org/) tried to take that one on and all the best to you if you read that through once and understand it, never mind implementing the actual clients and servers.

As ori_b summarized "REST isn't a protocol, it's a protocol pattern". REST can't fit all scenarios. But I think what's becoming clear is that no-one has found anything better, just more specialized. So the days of auto-building clients to consume APIs is far away.

I guess we'll just have to embrace the chaos and keep building snowflakes.

This parallels the beliefs of someone I know, who's working on providing an answer to this in a true REST framework, complete with meaningful links, extra metadata, etc. It's a WIP, but I'm sure he'd enjoy the conversation if others are interested. http://www.wrml.org

REST's protocol is HTTP. REST isn't an API, but you can create RESTful API's.


Edit: The first three sentences on the Wikipedia article are all you need to know. http://en.wikipedia.org/wiki/Representational_state_transfer

REST's protocol is not HTTP. Quoting the very page you linked:

> REST was initially described in the context of HTTP, but it is not limited to that protocol.

So we HAVE the Google Discovery Service [1] that would be awesome if it could be used with other than just google's APIs.

[1] https://developers.google.com/discovery/v1/getting_started

So he wants to turn REST into SOAP? Personally, I'll pass on that. REST is agile. REST is not about a ponderous, verbose, bloated specification for 5 things I want to do an 50 other things I don't need but have to take with it.

"It seems like I’ve been rubbishing the whole ‘REST’ project. Actually I think the current situation is healthy. Monolithic ‘enterprise’ protocols like SOAP usually end up being a bad idea."

I'm not so sure the OP's argument is substantive. I don't know whether Roy intended that his architectural style, described in his thesis, to become a loosely defined web service 'protocol', but we're not really making everything up as we go along. A well-implemented REST API is far and away simpler to understand (and easier to use) than a SOAP counterpart.

That's a bit of a false dichotomy though. SOAP is a giant turd, but it's not the only alternative out there. JSON-RPC is just as easy to understand as REST, without all the pedantry.

One advantage of REST, I don't know if it's especially meaningful in this context, is that RPC mechanisms encourage people to think of remote calls as local, but remote calls have a lot more failure modes than local ones do. REST keeps you aware that you're dealing with remote resources the whole time.

Most of us don't worry about pedantry too much. We try to stick to best practices - just like with the rest of development we do - and get on with it.

JSON-RPC is just as easy to understand as REST, without all the pedantry.

I hadn't heard of that, but it sounds exciting, partly because it's so self-explanatory.

Can you elaborate "a well-implemented REST API is far and away simpler to understand" statement, please? Or do you have some examples or points that may make things clear for me? Thanks in advance.

From my own experience, a decent RESTful API is perfectly easy to use from the command line using curl. Try that with with a SOAP interface!

Yeah, that's what I was thinking. I am just curious how a proper REST API looks different than Github, Stripe or other startups implemented.

I saw an article a while back advocating that when you hit, say, a search resource, it should return links to the next page, so, if you hit /comments/?name=alpb&perPage=10, you might get:

    <comments nextPage="/comments/?name=alpb&perPage=10&page=2">
There's so many ways to include results though. One way would be:

      <comment href="/comments/2398293">Text of comment</comment>
You could also do:

There's no standard way of getting across what a link is to another resource, or where that information should go.

I don't think this is, in practice, a huge deal, because people don't write generic consumers of RESTful APIs. At some point you need to actually know what it is you're trying to do and code for it.

On top of that, with RDF or XLink or XPointer and whatnot there probably are standards for doing this kind of thing, but nobody knows them, uses them or follows them.

Yup, that's HATEOAS: using hypertext to inform your clients about the state of the application (where they are, and what they can do next from this point).

My favorite acronym of all time.

"There's no standard way of getting across what a link is to another resource, or where that information should go."

That doesn't quite mesh with my understanding. Some media types support hyperlinks, like HTML, which describe how links should be included (anchors, forms and link elements).

For media types that don't support hyperlinks, such as images, video etc; you can use the HTTP header Link (http://www.w3.org/wiki/LinkHeader).

Both these methods support the relationship attribute allowing you to specify the relationship between resources thus documenting the way clients should interact with such linked hypermedia (e.g. the HTML media type specifies that Link elements with the rel attribute should perform a HTTP GET request to the indicated resource).

In the example you gave, you could use a rel attribute like "comment" and link to the comments. RESTful clients could then follow the hyperlinks to the comments, knowing how to interact with them and what to do:

<link rel="comment" href="/comments/2398293"/>

Right, but unless your resources adhere to some other standard, there's no reason why the downstream consumer would expect to find URLs in certain places or know what to do with them if they were there. Again, I don't see this as a problem, though the OP does.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact