## 1. Introduction

All clients consume data from web services via REST APIs. Take your social media site as an example:

![image.png](attachment:image.png)

This how it works in the backend: The stream updates continuously as you scroll down. The website itself is just a container of templates with no actual content (templates are: header, sidebars, stream having no content). When you visit the site, this container page is downloaded into your browser and it starts to make automated requests to REST API of the service:

![image.png](attachment:image.png)

The REST API response with a data package in some format (i.e. JSON):

![image.png](attachment:image.png)

And the page's javascript puts the individual posts into the streams section:

![image.png](attachment:image.png)

And scrolling to the end of the stream, another request is made for 50 more posts to
the REST API and the process repeats itself. The same principles apply to websites, smartphone applications etc.

As you noticed, presentation of the data happens in the browser/app, where REST API seperates the content from the presentation of the content itself.

## 2. The Highlevel workflow of REST API

Lets have a metaphore to explain how REST API workflow works, imagine a library, where:
    
    The books (i.e. resources) are stored in a shelve (i.e. in a database)
    The librarian represents REST API receiving the requests
    The clients making requests: borrow (GET), update (PUT), donate a new book (POST) or remove a book
    (DELETE).

Below in 2.1 and 2.2, we have a single client making the requests, but the principle is the same
when there are many clients simultaneously making requests.

### 2.1 Borrowing workflow (GET)

1. The client is making a borrow request (GET):

**GET /resource_path/resource HTTP 1.1**

2. The rest API identifies the requested resource, figures out what data needs to be gathered and in what format

3. REST API creates the representation of the data matching the requested format

4. REST API bundles the correctly formatted data with the resource id, HTTP Response Code, data format info and other HTTP headers

5. Client receives the information, parses it and presents it to the user.

Here is steps 1-5 visualized in a concrete example:

![image.png](attachment:image.png)

### 2.2 Update workflow (PUT)

This time, the client wants to change something in the previously received resource. The changes are applied to the previously received content directly.

1. The client makes a PUT request providing the modified resource along with its id:
    **PUT /resource_path/resource HTTP1.1**

2. REST API:

    - recognizes this as a PUT request for an existing resource, 
    - notes the requested media format of the provided modified resource, 
    - identifies the requested resource in the database
    - converts the provided modified resource into a format that it suitable for the database
    - Makes the changes submitted to the database
    - Returns the new representation of the resource + HTTP Result Code + the resource id

3. The client receives the response message and processes it.

## What do REST and API stand for?

REST stands for Representational State Transfer. Acc.to MDN, **REST** refers to a group of design principles/constraints that bring reliable and scalable systems. So, REST is **not** a specific technology but rather a data architecture and API design principles by receiving standard methods (i.e. PUT/GET/POST/DELETE)
and by returning standard structured data (i.e. typically JSON or XML).


**Representational State Transfer** is a literal description of what is happening: We transition between representation of states and these representations are transferred back and forth between the application and the server.

To make sense of this consider a typical **WEBPAGE** vs. the social media **WEBAPP** (as in Section 1):

**CASE WEBPAGE**:

Consider the scenario, where your social site was implemented as a webpage. And consider a user first scrolling
in the streams section and after that switching to the messages page.

When the client loads the **webpage**, the server actually provides the whole html page with data (i.e. stream) along with its resources (i.e html page, javascript files, CSS files). When the client browse from one webpage to another, they send a URL
request to the server pointing at the next web resource in the form of HTML document. The server returns the new
HTML document with data (i.e. messages) along withs accompanying files (i.e. CSS files and Javascript files). This replaces the previous content with all new content.

In this approach, each new request requires a completely new HTML document being written by Server/CMS before it is downloaded and rendered in the browser.

**CASE WEBAPPLICATION**:

The social media application (as in Section 1) is downloaded into the browser and is populated with data from the REST API. In this application each page represents the current state (i.e. home page state, messages state). When the visitor loads the app for the first time, all the components that make up the home page (html, css and js) are loaded into the browser. **Note that this time the html contains no data** and JS knows that we are in the home page state and JS makes calls to REST API to receive the stream, the sidebars' and the header's data. The JS then uses the resulting data to build the view. 

When the visitor navigates from one view to another (i.e. main page -> messages page), the client requests for the next view via a URI request, which contain its own empty containers with no data. Then The messages view makes REST calls and with the responses received, the new view builds itself.

**The key difference between WEBPAGE vs. WEBAPPLICATION** is that in a WEBAPPLICATION scenario, the state changes (i.e. scrolling in the social media stream or switching from main page state to messages page state), only data object (i.e. JSON or XML) is transferred, not the entire new set of html/css/js files. Note that application can render its data without rendering a whole new page.

This allows multiple different clients consuming data from the same RESTFUL resource:

![image.png](attachment:image.png)

In the context of REST **API**s, the API is the collection of keywords (GET/PUT/POST/DELETE) used to access and work with REST resources. 

## 3. URL vs URI

**URI**: A compact set of characters identifying a resource in a simple way. Examples:

    - https://restfuldev/post/5
    - mailto:batman@example.com


**URL**: Subset of URI identifying the resource and explaining how to access that resource by providing an explicit method (i.e. https or ftp )

![image.png](attachment:image.png)

In other words, a URL is a URI, but not all URIs (i.e. mailto:batman@example.com) are URLs:

![image.png](attachment:image.png)

## 4. THE SIX CONTSTRAINTS OF REST

They are:
    1. Client-Server Architecture
    2. Statelessness
    3. Cachebility
    4. Layered System
    5. Code on demand
    6. Uniform interface

### 4.1 Client-Server Architecture

This contraint ensures proper seperation of concerns: The client manages UI concerns whereas the server manages data storage concerns. This way a RESTful service can serve many clients without caring what they look like and what they are doing with the data they receive. In other words, we have a complete seperation of content and its presentation. 

### 4.2 Statelessness

No client context information, aka "state", can be stored in the server in between requests. The clients are responsible for keeping track of their own session state:

![image.png](attachment:image.png)

RESTful service can store a client's state.

### 4.3 Cachebility

All rest responses must be clearly marked as **cachable** or **not cacheble** to ensure that caching works as expected. This means that 
    - caching responses that won't change for reasonable periods of time
    - blocking caching for constantly changing responses
    
For example, server can say "Keep this data for 5 days, then forget you ever saw it".

### 4.4 Layered System

The client cannot know or should not care, whether it is connected directly to the server or to its mirror/CDN.

![image.png](attachment:image.png)

### 4.5 Code on demand

To extend the functionality, servers are allowed to send executable code (i.e. JS or compiled code) to their clients.

### 4.6 Uniform Interface

This constrains breaks down into the following contraints:

**Resource identification in Requests**: The URI request must specify what resource to look for (i.e. post no 4) and what format of the resource (i.e. application/json). Note that the resource is the data sitting on the server in its own internal format. What is provided to the client is a **representation** of it.

**Self-descriptive messages**: Each representation must describe its own data format (i.e. application/json). That is, REST API must return the data type along with the data itself.

**Resource Manipulation Throught representations**: Once the client has the representation of a resource, it can
modify and delete that resource.

**Hypermedia as the engine of the application**: The client must be able to discover all the available resources and methods through the hyperlinks provided. (???) In other words, the RESTful service describes its own use with every return of a resource. Imagine in a WordPress site client is making GET /posts/ on a collection resource. REST API returns a collection of all the posts in a JSON array. Each element in the array represents a single post. Thanks to this constraint, each post contains URIs pointing to itself.

![image.png](attachment:image.png)

## 5. REST and HTTP: RESTful API

In the constraints of REST API, there is no statement requiring the use of HTTP protocol. REST and HTTP are a convenient pair. When a REST service runs on HTTP to give us access to web resources, we call it RESTful API.
In other words, if you send a request through HTTP to a rest service that meets the six contraints, that service is a RESTful API.

## 6. What interacts with REST APIs?

The clients (i.e. web app, native apps, etc) consume the REST APIs by creating and sending requests and receiving and parsing responses. The REST API itself does not care who the client is as long as the client follows the rules. The REST APIs job is to process the request, prepare data and send responses. Where those responses come from and where those responses go are relatively irrelevant. 

That means, if you have an open REST API anyone can access that API. Once they are in they can figure out how to access its methods and resources thanks to the rest constraint "Hypermedia as the engine of the application". Once they have that information, they can then send valid requests to get access to the REST API resources. 

That means that if you have an OPEN REST API, then whatever client comes knocking, they can consume your API. 
But most REST APIs are not OPEN (i.e. anyone can access the REST API or anyone can do anything with the resources). Most REST APIs have strict restrictions on who can access what, what capabilities (i.e. DELETE) are granted and how many requests they can make in a set time period. Twitter for example has several REST APIs. In order to use the Twitter APIs, the user must authenticate themselves with username & password. Once access is granted strict rate limits are applied to ensure that client does not overuse the service. If a certain number of usage is reached, the client gets API limit reached error.  

## 7. Anatomy of a REST request

A REST request has 2 parts: the method & the URI:

In [None]:
GET https://reqres.in/api/users/2

URI points to the resource that we want to interact with. The method are the 8 standard HTTP methods:
    - GET
    - POST
    - PUT
    - DELETE
    - HEAD
    - OPTIONS
    - PATCH


Whether all these methods work on the provided URI depends on the configuration of REST API and the authentication capabilities of the user.

This data must contain **Content-Type** header to comply with the self descriptive messages constraint. 
It CAN also contain other headers such as **Authorization** header, **Cache-Control** etc.

## 8. A key step: Discovery of existing methods and resources

Thanks to the "Hypermedia as the engine of the application" constraint, a REST API can tell about its existing methods and resources. Using GET and OPTION methods, we can walk our way through the response. 

**TODO**: (???) Add an example REST API call with OPTIONs on a resource

## 9. Resource vs. Representation

**Resource** is an abstraction of information in REST. Any information can be called a **resource**, a document
an image and so on.. With resource there is **conceptual mapping**; Consider our example of librarian, you specify a resource to GET; this resource could be a red book in shelf number 4. The resource is that **conceptual mapping**. The REST API does not care about the content of the red book, if we replace the red book with another red book, the resource points at that new redbook and so on..

A resource can be a **collection** or a **singleton** (i.e. meaning it points at a single item). "All red books" is a collection resource. Usually URI of the request points out whether the resource in question refers to a Singleton or a collection of items;            

So, a **resource** is a unique pointer (i.e. a unique URL) to data that is stored on the server database.

**Representation** is a capture of the current state of that resource. That is, rather than accessing the actual data of the resource (i.e. as it is stored in the database), we access a representation/copy of that resource.
So, unlike a library where you actuall check out the book itself the REST server generates a snapshot representation of that book for you when you requested it. You can on the client side modify that representation to fit with your specifications. This is why the same REST resource can serve up the same data to multiple clients at the same time, and why a REST resource can have different variants during its lifetime. Also, data can be stored in a format that is specific to the database, but its **representation** can be in any other format such as JSON or XML.  

## 10. POST/PUT/PATCH

**POST**: Create a new resource and add it to a collection. Response codes:
       - 201 Created + Link to the resource id in the response header
       - 401 Unauthorized
       - 409 Conflict; there is already a resource (??? with that URI)
       - 404 Not Found (???)

For ex, you have a collection of products and you want to add a new product, you send a POST request along with the data for the new product in JSON format. JSON API creates a new product under /products/ resource, gives it a new ID and resource URI.

An example of POST request:

![image.png](attachment:image.png)

**PUT**: Update an existing SINGLETON resource based on ID by replacing the resource. Response codes:
        - 200 OK
        - 204 No Content (??? when no content is present at the server, relation to 404)
        - 401 Unauthorized
        - 404 Not Found (id is not found)
        - 405 Method Not Allowed (if PUT request is made to a COLLECTION resource rather than SINGLETON resource)

Unlike POST, which does not provide an id of the resource, a PUT request contains the ID of that resource and the new content to be added to that resource.

An example of a PUT request:

![image.png](attachment:image.png)

**PATCH**: Modify an existing SINGLETON resource based on ID by carrying along instructions (???) on how to modify. Note that unlike PUT replacing the resource, PATCH modifies the resource's bits and pieces without replacing the whole resource:

        - 200 OK
        - 204 No Content (??? when no content is present at the server, relation to 404)
        - 401 Unauthorized
        - 404 Not Found (id is not found)
        - 405 Method Not Allowed (if PUT request is made to a COLLECTION resource rather than SINGLETON resource)
 

## 11. DELETE

Delete a SINGLETON resource based on ID. Response codes:
    - 200 OK
    - 401 Unauthorized
    - 404 Not Found
    - 405 Method Not Allowed: If you try to delete a COLLECTION resource instead of a SINGLETON resource.

Below is an example of a DELETE request:

![image.png](attachment:image.png)

## 12. OPTIONS

Get options available from this collection/singleton resource

## 13. HEAD

GET just the response headers from the resource. Response codes:
    - 200 OK
    - 404 Not Found

## 14. REST and Authorization/Authentication

Usually almost all users can submit GET/HEAD and OPTIONS requests. Some users can submit POST requests and a rare few users can submit PUT/PATCH and DELETE requests.