REST APIs

IT1901 Fall 2020 - 17th Lecture

Overview

REST APIs
- HTTP requests
- Methods
- APIs
- REST Recap

HTTP requests

Hypertext Transfer Protocol (HTTP)
clients (e.g. browser) send requests
servers (web site / service) send responses

HTTP Request message

a request line GET / HTTP/1.1
request headers - User-Agent, Accept, Content-Type etc.
an empty line (containing only a carriage return and a line feed)
an optional message body

HTTP Methods

HTTP specification defines methods to indicate what action is expected from the server
- GET, HEAD, OPTIONS
- POST, PUT, PATCH
- DELETE

APIs

Application Programming Interface
"Glue" that makes possible different pieces of software to interoperate
It is meant to be machine readable / usable
APIs are everywhere - at different levels - software libraries, operating system, applications, web services etc.

APIs (2)

typically a set of calls or requests, expected call format, expected response format, data structures
separate the implementation from the interface
allow programs in one language to use functionality written in some other language
cater to modular software

REST

REST

REpresentational State Transfer (REST)
architectural style involving use of Web Services
set of constraints are applied
- client server
- statelessness (no client context is stored on the server side)
- cacheability (responses state if they can be cached or not)
- uniform interface
- layered system (adding layers like proxy or load balancer)

REST (cont.)

Web services that implement REST are called RESTful APIs
a base URI, example: https://gitlab.stud.idi.ntnu.no/api/v4
set of exposed web resources
standard HTTP methods (e.g., GET, POST, PUT, PATCH and DELETE);
data formats for requests and responses (json, xml, etc)

Security considerations

CORS (Cross-Origin Resource Sharing)
- headers Access-Control-Allow-Origin
Authentication (Basic Auth, OAuth etc)
HTTPS (HTTP over TLS)

Summary

Norwegian University of Science and Technology