# Intro to REST APIs

 - What is a REST API?
 - What is HATEOS, and why is it important?
 - How does the HTTP request/response cycle work?
 - What are the HTTP verbs, and how do they work?
 - How can we map create-read-update-delete (CRUD) operations onto the HTTP verbs?
 - What are some common HTTP response codes and what do they mean?

# What is REST, anyway?

**Re**presentational **S**tate **T**ransfer, from Roy Fielding's Thesis: https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm

 - Architectural style that embraces the basic technologies of the web (HTTP and hyptertext)
 - *Not* a specification like SOAP, XMLRPC, or others


## Main characteristics of REST

 - There are some abstract _resources_ that you wish to expose to the web
 - Those _resources_ have one or more _representations_ (HTML, JSON, and XML are common)
 - Resources are unambiguously identified by a _resource identifier_ (URL)
 - _Hypermedia_ is used to link resources to one another using their URLs

# HATEOAS

**H**ypertext **a**s **t**he **e**ngine **o**f **a**pplication **s**tate

 - Applications can use the API without any prior knowledge of its URL structure
 - All resources are located using URLs that are present in other resources
 - There is an initial URL / resource from which you can discover all other URLs / resources in the API
 - Your client code and your server code can evolve independently

# REST and HTTP

(**H**yper**t**ext **t**ransfer **p**rotocol, for those who were wondering)

The web, as it's used by web browsers and random folks, is more or less a REST API.

 - You use a small number of entry points
 - All resources are fetched using URLs, usually by following a link in another resource
 - Your browser negotiates the exact representation of each resource, but generally fetches HTML and images

# HTTP Overview: The request

At a conceptual level, HTTP is just a series of requests and responses. An HTTP request consists of:

 - The request line (e.g. `GET / HTTP/1.1`)
   - Verb: `GET`
   - URL: `/`
   - HTTP version: `HTTP/1.1`
 - Headers for metadata about the request (e.g. `Host: www.cnn.com` or `Authorization: basic foobarbaz`)
 - (sometimes) a body containing a representation

# HTTP Overview: The verbs

 - GET - retrieve a resource by URL
 - PUT - replace a resource at a given URL with the content of this request
 - DELETE - delete the resource at this URL
 - POST - do something else
 - PATCH (proposed but not yet standard) - update the resource at a given URL with the content of this request

# HTTP Overview: The verbs

- Safe: does it leave the resource unmodified?
- Idempotent: if you issue the request a single time, is the resource the same as if you issue the request multiple times?
- Body: does the request include a resource representation in the body?


| Verb   | Safe? | Idempotent? | Body? |
|--------|-------|-------------|-------|
| GET    | yes   | yes         | no    |
| PUT    | no    | yes         | yes   |
| POST   | no    | no          | yes   |
| DELETE | no    | yes         | maybe |
| PATCH  | no    | no          | yes   |

# JSON: Javascript Object Notation

```json
{"JSON": {
    "can_contain": {
        "integers": 3, 
        "floating_point": 3.14,
        "strings": "foobar",
        "boolean": [true, false],
        "arrays": [],
        "sub-objects": {},
        "null": null
    }
}}
```

In [1]:
import json
s='''{"JSON": {
    "can_contain": {
        "integers": 3, 
        "floating_point": 3.14,
        "strings": "foobar",
        "boolean": [true, false],
        "arrays": [],
        "sub-objects": {},
        "null": null
    }
}}
'''

In [2]:
json.loads(s)

{'JSON': {'can_contain': {'integers': 3,
   'floating_point': 3.14,
   'strings': 'foobar',
   'boolean': [True, False],
   'arrays': [],
   'sub-objects': {},
   'null': None}}}

In [3]:
json.dumps({'foo': 'bar'})

'{"foo": "bar"}'

In [4]:
json.loads(json.dumps({'foo': 'bar'}))

{'foo': 'bar'}

# One more acronym: CRUD

**C**reate, **R**ead, **U**pdate, **D**elete: how we deal with data

A common pattern, and one we'll use in the REST APIs we create, is to map CRUD onto the HTTP verbs as follows:

| CRUD   | HTTP        |
|--------|-------------|
| Create | POST        |
| Read   | GET         |
| Update | PUT / PATCH |
| Delete | DELETE      |

# HTTP Overview: The response

 - The response line (e.g. `HTTP/1.1 200 OK`)
   - HTTP Version: `HTTP/1.1`
   - Response code: `200 OK`
 - Headers (e.g. `Cache-Control: max-age=60`)
 - (sometimes) a body containing a representation


# HTTP Overview: Response Codes

There are a lot of them. Below are the more common ones you'll use/see.

 - 1xx - Informational - you won't need to worry much about these
 - 2xx - Everything's OK!
   - 200 OK
   - 201 Created
   - 202 Accepted
   - 204 No Content
 - 3xx - Redirection
   - 301 Moved Permanently
   - 302 Found ('temporary redirect')
   - 303 See Other (another 'temporary redirect' -- this one is "more correct" than 302)


# HTTP Overview: Response Codes (error)

 - 4xx - There was a problem with the *client*
   - 400 Bad Request
   - 401 Unauthorized
   - 403 Forbidden
   - 404 Not Found
   - 405 Method Not Allowed
   - 409 Conflict
   - 410 Gone
   - 422 Unprocessable Entity
 - 5xx - There was a problem with the *server*
   - 500 Internal Server Error
   - 502 Bad Gateway
   - 503 Service Unavailable
   - 504 Gateway Timeout

# HTTP/1.1 418 I'm a teapot

https://tools.ietf.org/html/rfc2324#section-2.3.2