# RESTful Web Services (0.5 Day)

- Expose remote API functionality between Client Apps and Web Services over the internet
- Modern evolution from legacy SOAP-based Web Services
- Programmatic interface based on stateless Web protocols and standards, such as HTTP and URI encoding
- Statelessness enhances functional scalability, cacheability, reliability, security, and improves performance
- Idempotency ensures that if the same operation is applied multiple times it will only effect the initial change one time
- Supports intermediaries such as proxies, routers, gateways, and firewalls
- Exchanged data may be in any text encoded format, such as CVS, Base64, HTML, XML, JSON, etc. (NOTE: JSON is most common)
- Operations are expressed as HTTP verbs, such as GET, POST, PUT, DELETE, PATCH, HEAD, CONNECT, OPTIONS and TRACE
- Server-side supported by all major web server frameworks, including Node/Express, Python/Django, Java/Spring, etc.
- Client-side supported by all major web browser frameworks, including Angular, React, etc.
- Both client-server and server-server interactions are supported
- Introduced in 2000 by Roy Fielding in his doctoral dissertation (UC Irvine)

NOTE: The instructor-led lecture in this topic is intentionally minimalistic. This REST lesson is mostly focused on non-instructor-led group study. This helps the student become comfortable with the typical daily study/work flow that is essential in real-world on-the-job software development. Students should spend most of their time in breakout rooms collaborating, researching, studying, and working through online REST tutorials in small groups. Several suggested links to tutorials are provided, however, the student is encouraged to explore others as well.

## Pre-Read Assignment

- Read: https://en.wikipedia.org/wiki/Representational_state_transfer
- Be prepared to provide a brief in-class presentation on any of the following concepts:

## RESTful Request/Response Messages

- Resource URI
- Request Verbs
- Request Headers
- Request Body

## Restful HTTP Methods

- **GET** − read a specific resource (by an identifier) or a collection of resources
- **POST** − create a new resource and also a catch-all verb for operations that don't fit into the other categories
- **DELETE** − remove/delete a specific resource by an identifier
- **PUT** − update a specific existing resource or create a new resource
- And several others

## Postman

- Download and Install: https://www.postman.com
- Getting Started: https://learning.postman.com/docs/getting-started/introduction
- Tutorial: https://www.guru99.com/postman-tutorial.html


## Simple REST API Example

Try the following URL with a GET verb in Postman, or just simply click on it in your browser to see the result:

- https://official-joke-api.appspot.com/jokes/programming/random

## Open Data Protocol

- REST APIs for data query using JSON encoding
- CRUD (Create, read, update, delete)
- https://en.wikipedia.org/wiki/Open_Data_Protocol

## Additional Related Topics

- Swagger: https://en.wikipedia.org/wiki/Swagger_(software)
- OData: https://www.odata.org/documentation
- OAuth 2.0: https://oauth.net/2


## Response Status Codes

- 200 OK - Success (most common code) 
- 201 CREATED - Success in creating the indicated resource (POST or PUT)
- 204 NO CONTENT - Success, but nothing is in the response body, typically the result of for DELETE or PUT operations
- 400 BAD REQUEST - General error for a request that would cause invalid server state due to missing data, etc.
- 401 UNAUTHORIZED - Error for missing or invalid authentication token
- 403 FORBIDDEN - Error when user is authenticated but not authorized to perform the operation
- 404 NOT FOUND - Used when requested resource is not found or if there was a 401 or 403 but for security reasons that is hidden
- 405 METHOD NOT ALLOWED - Indicates requested URL exists but requested HTTP method is not applicable
- 409 CONFLICT - Indicates that request would result in conflict (duplicate records, referential integrity, etc.)
- 500 INTERNAL SERVER ERROR - Error when server throws an unhandled exception (never return this intentionally)

## A Few HTTP Request Examples

See: https://restfulapi.net/http-methods

- GET passively requests resource data from the server (with no effect on the server):
 - GET ```http://www.appdomain.com/products```
 - GET ```http://www.appdomain.com/products/1234```
 - GET ```http://www.appdomain.com/customers?size=20&page=5```
 - GET ```http://www.appdomain.com/customers/5678/orders```
 - GET ```http://www.appdomain.com/users/123```
 - GET ```http://www.appdomain.com/users/123/address```
 - GET ```http://www.appdomain.com/departments/legal```
 
- POST creates a new resource data on the server:
 - HTTP ```POST http://www.appdomain.com/users```
 - HTTP ```POST http://www.appdomain.com/users/123/accounts```

- PUT updates an existing resource data on the server:
 - PUT ```http://www.appdomain.com/customers/1234```
 - PUT ```http://www.appdomain.com/customers/1234/accounts/5678```

- DELETE deletes an existing resource data on the server
 - DELETE ```http://www.appdomain.com/products/1234```
 - DELETE ```http://www.appdomain.com/customers/1234/accounts/5678```

## Versioning REST APIs

Maintaining backward compatibility is important.

- See: https://www.baeldung.com/rest-versioning

## Try It Out: REST API Tutorial

- https://www.freecodecamp.org/news/rest-api-tutorial-rest-client-rest-service-and-api-calls-explained-with-code-examples/

## Newer Specialized REST Alternatives

- **gRPC** https://grpc.io/docs
- **GraphQL** https://graphql.org/learn

## Lab

- REST API Tutorial: https://www.freecodecamp.org/news/rest-api-tutorial-rest-client-rest-service-and-api-calls-explained-with-code-examples

## Homework

- View: What is a REST API? https://www.youtube.com/watch?v=lsMQRaeKNDk
- View: https://www.restapitutorial.com/lessons/whatisrest.html

You may also want to try working with RESTful APIs from major web platforms such as Google or Facebook. Here are a couple of links to get you started with Google's Photos APIs:

- Google APIs Explorer: https://developers.google.com/apis-explorer
- Library API overview: https://developers.google.com/photos/library/guides/overview

## Learning Resources

- W3C Docs: https://www.w3.org/2001/sw/wiki/REST