Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't really understand the obsession with using HTTP methods. OP brings up a good point that using only GET/PUT/POST/DELETE to only represent CRUD is extremely limiting, but suggests that using even more obscure HTTP methods would be less limiting? I would argue not only is it limiting, it is also obscure, what is it about "PUT" that implies update vs. create?

If you look at the twitter API (https://dev.twitter.com/docs/api) (commonly held up as exemplary REST) you will see exactly 2 methods, GET and POST. GET means no state change other than logging, POST implies state change. This makes so much more sense because then you can use ?command= and have any command you want and not have people confused about what it means.



> commonly held up as exemplary REST

Not by people who know what they're talking about.

> This makes so much more sense because then you can use ?command= and have any command you want and not have people confused about what it means.

That's textbook RPC. It's a pattern that works well for many things, but it's definitely not REST.


Very sincerely, why is REST an idea worth pursuing?


Have you read Roy Felding's REST dissertation?


Yes, I have. To me there seems to be an abstraction leak. Specifically he's baked HTML into his entire thesis. The idea of interconnecting hypermedia together is great. It does how ever limit on to using spec'ed hypermedia like HTML. HTML is one of the only spec media that can link out of the box.

One of his goals was that a document would be able to provide links to another document in a natural, intuitive way. It is ment to be so intuitive in fact that the interchange of the document doesn't need a schema or WSDL like system. HTML has this ability. JSON however doesn't.

If one wants to nest links in JSON, one has to tell the client how those links will appear. On has to define the structure beyond merely syntaxical correctness. This is where REST falls down, IMHO.

So I recommend pursuing pieces of REST. But a full HATEOS concept seems to meaningfully limit on to symantec HTML.


> To me there seems to be an abstraction leak. Specifically he's baked HTML into his entire thesis.

No he's not, he's baked hyperlinks into his thesis as the base of REST, that has nothing to do with HTML.

> One of his goals was that a document would be able to provide links to another document in a natural, intuitive way.

No. His goal is merely that documents be hyperlinked, how is the application's domain.

> It is ment to be so intuitive in fact that the interchange of the document doesn't need a schema or WSDL like system.

I don't know where you got that one, but it's definitely not part of Fielding's thesis or his comments on the subject since. It's in fact exactly the opposite, the one thing Fielding notes must be documented in details in a RESTful service is media types, aka the documents returned by the service. That's where hyperlink semantics are added.

> JSON however doesn't.

Neither does SGML or XML, that's not an issue.

> If one wants to nest links in JSON, one has to tell the client how those links will appear.

Just as one has done with HTML.

> On has to define the structure beyond merely syntaxical correctness.

Just as with HTML.

> This is where REST falls down, IMHO.

That's complete and utter nonsense.

The only difference between HTML and JSON is that HTML is already an application of a meta-document type (well used to be, of SGML, it's drifted further but conceptually it still is) whereas JSON, much like XML, is a meta-document type from which users build applications (what do you think application/xhtml+xml is?).

You sound like you want some magical silver-bullet through which you don't have to document anything and things suddenly understand each others based on fairy dust. Reality does not work that way.


If one wants to nest links in JSON, one has to tell the client how those links will appear. On has to define the structure beyond merely syntaxical correctness. This is where REST falls down, IMHO.

Then use HTML. Or some other representation with known link semantics.

I don't see how failures or shortcomings of JSON indicate a problem with REST. They are orthogonal; JSON has nothing to do with REST, it's just a serialization format some people like.


I am not sure who wrote it, or where to even find it again, but I have read exactly what virmundi is referring to. It is possible he is confusing authors.

The long and the short of the document was that a REST client must be able to navigate the entire API when given just a single endpoint URL, much like you can navigate an entire website just by entering the homepage URL into your browser, but without the dependance on HTML.

The leap the document made, and what virmundi seems to be referring to, is that a REST client that speaks, say, JSON is not enough to traverse any random service, as everyone will provide a completely different JSON representation of their data. When you start hardcoding site-specific keys in which to find the action descriptions, you lose all of the flexibility the author claimed REST would provide in the first place.


Part of my comment is backed by the implicit constraint on HATEOS, http://en.wikipedia.org/wiki/HATEOAS.

I've downloaded the original thesis. I'll look there to see what's mentioned about the hypermedia linking process.


> Then use HTML. Or some other representation with known link semantics.

Or define link semantics in JSON, the one documentation a restful service should have is that of media types (the documents returned) anyway, the only URL which should appear in the documentation is the root of the service.

Whining that JSON has no link semantics is nonsensical, SGML does not have any either, HTML added those when it was first created as an application of SGML, just as text/xhtml+xml is an application of XML defining links, "XML" as a meta-type does not know about links either.


Actually these is quite a big difference.

PUT specifies the resource to be update, whilst POST does not do so. This means that you must (according to RFC 2616) use POST if you want to create a new resource and PUT if you want to change an existing resource or create one that you know "how to name". This disctinction is sometimes necessary, or at least useful (ex: idempotence of PUT).

I don't understand how any even half-competent developer would be unable to understand this difference and act accordingly.


What if you want to update a value, but you want to store the number of times it was updated to be returned in the JSON (not idempotent, but not an unreasonable thing to want)? Would you still use PUT?

My point is not that the ascribed meaning of POST and PUT is bad, I think the concepts behind both these functions are great, but what if you want to make a different or more complicated function? It makes sense to me to invent your own rather than be limited to what HTTP gives you.


I suppose you could expose the counter as a separate resource. It depends how important that counter is. If it's somewhat incidental, you could use PUT. If it's key to your system, use POST for updating the counted resource, because it's not idempotent.


You examine the situation and determine what makes the most sense. Do you want the client to repeat the request if it's not sure whether it succeeded or not? If so, use PUT; otherwise use POST.

This isn't complicated stuff.


There's no need to be condescending.


Put is supposed to be Idempotent (http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1...).

calling "PUT a=b&c=d" three times should be identical to calling it once. So any time you let the system generate an ID for the resource you should use POST.

PUT works in creation when you know the id beforehand.

I have not worked with amazon s3 but I hear they handle this well. You PUT a file to a url containing the file name. The first PUT creates the file on their end, any future PUT updates that file.


What's often left out is the reason that that's a useful rule to have: if PUTs are always idempotent, then you can always safely repeat a PUT if you're not sure whether it succeeded or not. This makes it easier to build robust systems.


What I like about using GET (and, to some extent, POST) is that it makes it trivial to test your API in a browser while developing it. Just paste in the URL and you get the raw response, fetch time analysis, and everything else the Chrome developer tools provide you.

This shouldn't matter much, but it does.


XHR Poster[0] sounds like an extension you'll enjoy. It provides a much more comprehensive testing interface.

[0]http://goo.gl/UFSdZ (links to Chrome extension store)


I'd add that one of the best features of XHR Poster is that it uses your cookies and any authentication you've already performed in Chrome when sending the requests.

I had to build an API that lived inside a system with entirely too many authentication/cookie checks and using curl was becoming too awkward for testing, this saved me a lot of time.


Thank you so much for the pointer! I've installed it, and I imagine I'll be using it quite a bit in the coming weeks at $work.


Where is the Twitter API held up as "exemplary REST"? I've usually seen Twilio's API as being the de-facto REST API. Not perfect, but pretty close.


>I don't really understand the obsession with >using HTTP methods.

If I could break it down to the simplest form:

GET requests can be cached, any other method should be processed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: