William set an interesting challenge Square Peg, REST Hole, which unusually I decided to pickup and in a timely fashion. It's worth noting, I'm not a REST purist rather a Web practitioner which will hopefully colour my approach differently to the other fazillion answers this will no doubt generate:
Long-lived operations. You can’t just hang on for a synchronous response. Tim Bray best described the situation, which he called Slow REST. Do you create an “action in progress” resource?
Consider a phone call: a HTML form POSTs two phone numbers to make the call. Phones ring and you're returned a link, or redirected to a page for the call-id. Refreshing that page (using GET) tells you the status of the call: how long they've been talking, how much its cost so far, etc.
If you really want to avoid polling for when the call ended, then there's the Comet hack. Until they release the Websocket doomsday virus.
Query: how do you query for “all the instances of app foo deployed in a container that has patch 1234 installed” in a to-each-resource-its-own-URL world? I’ve seen proposals that create a “query” resource and build it up incrementally by POSTing constraints to it. Very RESTful. Very impractical too.
Um, I don't see the impracticality given how common this is on the Web; a GET form which searches for patch with two fields "container URI" and "patch-number". That returns a list of URIs for each application containing the patch. Asked to do the search today on a large dataset I'd probably use something like CouchDB map reduce, but that's a detail of implementation. For power-users you could offer an advanced options form, or even a SPARQL query form, like http://data.gov.uk This seems so trivial, so I'm starting to worry I'm falling into a trap!
Events: the process of creating and managing subscriptions maps well to the resource-oriented RESTful approach. It’s when you consider event delivery mechanisms that things get nasty. You quickly end up worrying a lot more about firewalls and the cost of keeping HTTP connections open than about RESTful purity.
I'll ignore the Firewall issue, given that's the same for WS-*, but "Event delivery" is a matter of either polling or web-hooks and these days pubsubhubbub has traction, and are certainly easy to understand, implement and scale. If you need a way to aggregate fragmented message flows, then Salmon is worth a look. Really Webhooks, Pubsubhubbub and Salmon are just trendy names for patterns observed working on The Web. A long time ago, I built a system using two RSS feeds for a message queue, one said "here's a list of data items for you", the other on the subscriber said "here's a list of data items I've secured".
Enumeration: what if your resource state is a very long document and you’d rather retrieve it in increments? A basic GET is not going to cut it. You either have to improve on GET or, once again, create a specifically crafted resource (an enumeration context) to serve as a crutch for your protocol.
You have quite a few options: offer the ability to address a portion of the resource, using, say, a query string, e.g. http://example.com/video?start=1:20&end=2:20 or use the Content-Range HTTP header. I prefer bookmarkable URIs you can easily try out in a browser, so would suggest serving the entire document and identifying the portion using a fragment-identifier until it really hurt.
Hmm.. this seems so trivial, I guess I've missed the point, again. Are we talking about long documents, or paging through results, which is a very common pattern on the Web, you've used Google, right? The trick to making this programable is not to say ..?page=2, but put something stable in the URI, ?item=1024&nitems=100.
Filtering: take that same resource with a very long representation. Say you just want a small piece of it (e.g. one XML element). How do you retrieve just that piece?
Ah, maybe I've mixed up this with the last question. Or maybe they're the same question. I'll say as above.
Collections: it’s hard to manage many resources as one when they each have their own control endpoint. It’s especially infuriating when the URLs look like http://myCloud.com/resources/XXX where XXX, the only variable part, is a resource Id and you know – you just know – that there is one application processing all your messages and yet you can’t send it a unique message and tell it to apply the same request to a list of resources.
Write a form which POSTs or PUTs a series of IDs to be changed. Alternatively send a value to modify a collection in one step: e.g. POST status="paused" http://myCloud.com/resources/status/thrashing. You can write an "endpoint"^W CGI^W resource handler^W thing to do anything to anything. I'd consider exposing operations on a set of tags, a search results, whatever, so the collection can be in the eye of the consumer.
The afterlife: how do you retrieve data about a resource once it’s gone? Which is what a DELETE does to it. Except just because it’s been removed operationally doesn’t mean you have no interest in retrieving data about it.
I avoid DELETE precisely for this reason, or at least reserve it for the nuclear option. As with the phone-call example, hanging up isn't a DELETE, rather a POST or a PUT to change the status of the call to "terminated".
So given William is significantly brighter than me I'm sure I've just set off all the booby-traps, and now have pie all over my face. Hopefully I'm going to learn something as a consequence.
Social comments and analytics for this post...
This post was mentioned on Twitter by mamund: RT @stilkov: Great response by @psd to @vambenepe's post http://bit.ly/az8Afz on REST http://bit.ly/bPVdXL...
Thanks for the comment. Unfortunately you destroyed any chance of a bitter fight to death between us in your first paragraph, when you state "I'm not a REST purist rather a Web practitioner". The fact that this is the right approach is basically the point I am trying to make in my post.
For example, on the query question a query operation is basically what I am asking for (it wasn't clear in my post but I want something more flexible than a templatized form where you only get to insert the app name and the patch number). SPARQL, which you mention as the advanced option, is my favorite as well (again, for advanced search). But no matter what the mechanism we are deviating from pure REST here. While staying consistent with core principles, like returning working URLs in the results, etc.
Same for the enumeration mechanism. Your approach is fine (mostly, there may be some issues w/ paging when the underlying data set is changing) but I don't see this as truly RESTful. The URL you are doing GET on does not represent a clear resource, it's a manufactured URL.
Same for pretty much all the solutions you propose. I think we're in agreement that they represent a practical usage of HTTP but most RESTafarian would, I believe, tell you that that's not REST (though they too may agree that it's the right approach for a given use case).
Maybe I miss the point of many of the questions as well. My naive take on the last one. DELETE removes the content (representation of the resource) not the resource (uri, the identifier). Next time, we query this exact same URI, I can *send* bits which are saying "410 Gone".
The spec says: "The requested resource is no longer available at the server and no forwarding address is known. This condition is expected to be considered permanent."
and "This response is cacheable unless indicated otherwise."
It means that when we query this gone resource, we *can* send a message in addition to the 410 Gone. You could say "There was a resource here, it was talking about pink poneys, but really they're gone over the rainbow". ;)
Note that HTPT ranges can use non-byte units, making the world a bit more fun when it gets to retrieve X items in a list starting at A. See work on media fragments.
"Your approach is fine (mostly, there may be some issues w/ paging when the underlying data set is changing) but I don't see this as truly RESTful. The URL you are doing GET on does not represent a clear resource, it's a manufactured URL."
It is RESTful, and I actually think it's a clear resource -- "the current state of page 1 of this collection of stuff". Manufactured resources are resources like any other, and I seriously, seriously question why anyone would tell you otherwise.
"I think we're in agreement that they represent a practical usage of HTTP but most RESTafarian would, I believe, tell you that that's not REST (though they too may agree that it's the right approach for a given use case)."
Quite honestly, this saddens me. Either you've been talking to RESTafarians that are clueless, or you're assuming a reaction that would not happen.
REST is by its nature an abstract style. HTTP is reality. Practical use of HTTP as best as you can do, and if you need to work around its limitations, you can use the constraints within REST as a guide to how you change your architecture to deal with your requirements.
> Manufactured resources are resources like any other, and I seriously, seriously question why anyone would tell you otherwise.
I believe William's concern is about violating the REST principal that only server should control its URIs, clients shouldn't have to construct them.
But if server provides a URI template or a form for URI constructions it's actually fine for a client to use it. Server retains control over the template.
[...] link: Comment by: uberVU – social comments Posted in Uncategorized | Tags: az8afz-on-rest, mentioned-on-twitter, post-http, rest, [...]