Skip to main content

Restless about REST

Posted by cayhorstmann on October 17, 2008 at 4:37 PM PDT

In my software engineering class, we are designing an application that shows films and events for the Cinequest film festival on Blackberry devices. We need to get film schedules and descriptions from a server onto the mobile phones. A typical query would be: “Show all movies playing today”.

SOAP seems total overkill, and I doubt that there is a SOAP stack for the BB. (A Google search yields this page.) So, I figured it is time to embrace REST.

There are lots of tutorials on the web, such as this one and this one. To query an entity, you simply use a URL

You can also consider sets of entities as resources, such as

If these entities or entity sets are immutable or change rarely, you can use the HTTP infrastructure for caching to reduce server load.

But my life isn't that simple. Moviegoers will want to see films by venue, by date, or by genre. So, what do I do? Following the examples, I would have queries

That seems pretty hokey. I don't want the server to parse the string and divine what I was after. I considered a couple of alternatives

That didn't seem to be much better. I ended up with

but it seems so RESTless. I'd love a pointer to a more in-depth tutorial or some expert opinion.

(The gratuitous image is the cover of a Korean movie "The Restless".)


On another note, I will be providing a series of blogs on using Jersey in the next few days. I look forward to your questions there.

anjanb2: Thanks for the reference! I feel so much better after reading Section 5.5. "Name the Resources." (Hooray for Safari. I hope the authors make a few pennies from my page views.)

hi there, there's a book from Sam Ruby et al :

Cay, I don't think you should worry that your service isn't restless simply because you have a query string. The primary point for RESTful architectures isn't that you do or don't have a query; it's whether the URI (including the query) indicates a specific resource or set of resources. AND that URI should not specify behavior or API. Nothing about your URI indicates an action or from looking at the URI, I suppose I might be able to GET the resource. Or perhaps if I fill in a form and POST to that same resource, I will add a film title. I think it's fine.

I've been wondering about the same recently, from the articles/tutorials I've read query strings are discurraged but I don't see how we can be without them for anything but the most basic stuff. Looking at Google, Amazon, Flickr and their REST API's would suggest this to be acceptable behavior. What I still can't quite grok however, is how to deal with authorization. Even if a service is behind SSL, putting credentials in the URI seems like a bad idea. So I guess what we have to do is simply POST this to an intial service to uptain a sessionId we CAN use in the URI?

mrmorris, what's wrong with HTTP authentication? You are right that auth info definitely does not belong in the URI. There's nothing unRESTful about query strings. The just identify a different kind of resource - namely, the search result. I've elaborated on this here:

@stefantilkov Thanks for the feedback. But can you write a JavaScript based presentation tier and handle authorization with HTTP-auth? And can you just deploy the service to a vanilla servlet container and still only rely on HTTP-auth (servlet filter)? Those are some issues I haven't been able to find much info on.

@mrmorris in Restful Web Services, they mention you should consider a query string for algorithmically produced content. They use Google search as an example.

A film has only one release date and provided a film belongs to only one genre then I would go with etc Now the real question is imagine the following and it contains a hyperlink to Mat Damon, how would that URI look like? Implicit in the "POST" on the movie is the fact that it may include a "POST" on the actor(s). cheers su./hail

I have a dumb question. People frequently mention that authentication should be performed at the HTTP level. To me this means either Basic or Digest authentication ( Is that what people are referring to?

Prescod has some good thoughts on REST here I found that I only understood REST when I looked at good examples of it's application in the wild. my favorite is AtomPub (gdata is an implementation of that) Taylor

Cay, Your last URI is perfect. As ilazarte mentions, "RESTful Web Services" (the book) explicitly recommends using query parameters for queries against a resource. PS: I just finished reading the book and it cleared up a lot of my questions. I recommend you read it too! Gili

Here is a recent post from the "father" of REST: