The underlying premise of this investigation is that REST is less useful that it could be due to concerns about a) interoperability, and b) discoverability. To address this, we propose adopting microformat-style conventions to further constrain the ways REST already constrains web services.
In particular, we constrain REST to work with existing web browser clients -- yet also be machine-parseable. This means:
- All inputs must be url-encoded (or maybe mime/multipart)
- All output must be XHTML, either:
- All URI links must be encoded as either:
- Anchors (<a>) (via 'href')
- Forms (<a>) (via 'action')
- Only GET and POST actions are supported
This may seem very strict, but that's the point: by adding more constraints, we reduce gratuitous degrees of freedom and enable greater consistency.
This may not solve every conceivable problem, but it should handle the 50% case pretty well:
- REST: 80% of web services
- XHTML: 80% of XML expressiveness
- GET/POST + urlencoding: 80% of queries
or, put another way:
- 80% x 80% x 80% = 51.2% of the benefit for
- 20% x 20% x 20% = 0.8% of the effort
To make parsing and auto-discovery easier -- and also simplify the design process -- we propose the following additional conventions.
As usual in REST, every noun must be a URI. However, we explicitly define three types of URIs:
- The base URI for the web service, e.g.:
- URIs representing individual entities, e.g.:
- The URIs used to create or search for those instances, e.g.:
Note that each record is defined by a set of key-value pairs living under that table.
There can also be 'singletons' - a class which only has a single instance.
REST depends on using verbs properly. Your typical verbs are POST (create), GET (retrieve), PUT (update), and DELETE (delete). More verbs can be defined and used, but the listed above are most commonly used and supported.
As we know, HTML forms spec (and therefore commonly used UAs) only provides support for POST and GET verbs. This limitation has been the biggest argument against mixing HTML and REST: tunnelling of PUT and DELETE verbs through POST (or even worse, GET) creates architectural unREST.
However, some architectures simply do not need deletion and update operations. Using HTML with REST requires employing such architectures.
While that may seem overly restrictive, as a practical matter those cover the "80%" of public web services we are trying to solve (after all, you are welcome to use your own private methods if you need to).
Even better, we can define very precise semantics for what GET & POST mean for each of the different nouns:
GET base GET base?view=api # Return hyperlinks and forms GET base?query # search for records across multiple table
GET table GET table?view=api GET table?query # search for records in that table POST table?create # create record
GET record # encode as xoxo GET record?view=edit # encode as hyperlinks/anchors GET record?view=api # encode as hyperlinks/anchors + descriptions POST record?update # update record -- this is tunnelling, a no-no
For simplicity, we assume:
- users can not delete anything
- users can not create tables (or singletons)
To be sure, there are natural ways to extend this protocol to provide that functionality. However, as that is primarly for admin usage, and thus a private API, we're glossing over it here. From a user's point of view, we provide analogous capabilities using POST:
- "DELETE" is replaced by "mark for deletion"
- "PUT" is replaced by "ask table to create record"
Results should be returned in a xoxo-compatible format. In particular, query results should leverage OpenSearch 1.1.
[Do HTML bindings for this already exist?]
Questions for further research
Anchor Design Pattern
<a class="rest" href="http//somesite.com/prog/adduser">label</a>
Forms Design Pattern
I use a number of <form>s to declare the API for a web resource:
The visual human name in h1-tags:
A human readable explanation using in some html.
Foobalizer foobalizes grunts and glomph. Note that blorks already must be gazzed!
Then the form that specifies one function:
<form id="fooblize" action="GET" action="http://www.example.com/glurt">
<label for="grunt">Grunt</label> <input type="text" class="varchar(20)" />
<label for="grunt">Blork</label> <input type="text" class="int4" />
<input type="submit" value="Foobalize" /> </form>
- REST self-describing API proposal
- OpenSearch search results standard (REST-like)