The basic principles of REST APIs
If you are learning how to build web applications, you have likely come across the concept of REST APIs. But what exactly defines a REST API?
Before learning about REST, let us first look at APIs in general.
What is an API?
API is short for Application Programming Interface. It creates a connection between systems which allows them to transfer data, usually in the form of JSON (JavaScript Object Notation) or XML (Extensible Markup Language).
Through the API, the client, which could be the frontend of the application or an external system, gets access to a resource of the program. To access this resource, a request is sent to the API by the client. This request has requirements regarding its structure, which should be available in the API’s documentation along with a description of the data structure that is returned in the server’s response if these requirements are met.
What is REST?
REST is short for REpresentational State Transfer. It is a design pattern for APIs.
As the name suggests, a REST API provides a representation of the state of a requested resource to the client. This resource could be a user on a social media platform, and its representation could be an object containing attributes such as the user’s name, age and number of followers.
To build a request, an identifier for the resource, also called the endpoint, is required. It also needs to be specified which operation the server should perform in the form of a HTTP method. The common HTTP methods are GET (for reading data), POST (for creating data), PUT (for updating data), and DELETE (for deleting data).
REST constraints
For an API to be RESTful, it must follow a set of six constraints.
Uniform interface
The request has to include a resource identifier and all the other information the server needs to perform the request. Similarly, the response needs to contain all the information the client needs to understand the response, such as information about the response’s media type.
Additionally, the response needs to have enough information for the client to modify or delete the resource’s state.
A REST client should also be able to use links that are provided in the response to dynamically access other resources.
The purpose of the uniform interface is that requests look the same, whether the client is a browser, a server, an app, or anything else.
Client-server separation
The client and the server perform operations independently and only interact via requests, which the client initiates, and responses, which the server provides only after receiving a request.
Stateless
The API does not remember if the client has already sent a request for a certain resource, or which resources it has requested in the past. Because of this, requests from the client will usually include some sort of token or key that allows the server to authenticate the user and verify whether the user can perform a certain operation.
Layered system
A client does not know how many layers exist between itself and the server. There may for instance be security or load-balancing layers, which should not affect the request or the response.
Cacheable
The data sent by the server contains information about whether or not it is cacheable, in which case it should contain for instance a version number. This way, the client is aware of the version of data that it has and when this data expires, so that it knows when to send a new request to fetch updated data.
Code-on-demand
This is an optional constraint. It is possible for the client to request code from the server, which is contained in the response and the client can execute.
If you are looking to build a REST API from scratch, it might be worth using a professionally constructed starter template from flightpack.io. Our app templates save you hundreds of hours of time and thousands of dollars on development costs by giving you pre-built code for things like server logging; email, push, and sms notifications, photo upload and storage, in-app message threads, user signup and paid subscription management, app performance monitoring, user activity profiling and more!
