Mopic -


5 common traps lurking in RESTful development

Unfortunately, many RESTful API developers fall into the same traps during design. Here are five common mistakes that you can avoid with the right planning.

The steady evolution of componentization, rapid development and microservices-based applications promotes RESTful API use. However, RESTful design isn't easy. Let's explore the major traps that can ensnare RESTful development and the projects built on it.

The wrong HTTP method

HTTP supports almost a dozen request methods, including GET, PUT and POST. It's easy to pick the wrong method, particularly when there are several ways to do the same thing. A misstep here can alter the handling method on the service side of the API.

The best approach for verb control during RESTful development is to clearly lay out the expected client-side requests. Then, map those requests to the expected API calls and the appropriate verbs. This strategy ensures that the best methods support data exchanges, and it keeps developers from misusing so-called secondary verbs, such as DELETE, CONNECT and even HEAD or TRACE.

Ineffective state management

The trap that gets developers in the most trouble is failure to effectively deal with state. State is a software component's memory of past operations, which affects how current work processes. When a component is stateful, the application can't replace or scale it without recovering its memory of past operations. Many developers ignore this detail when they work with RESTful APIs.

The best strategy for effective state control is to design APIs so that they only provide inputs to a service. Basically, that makes the client side of the service behave in a state-aware manner. If that's not possible, use an external database to provide that state information to any instance of an application that needs it.

Failure to version APIs

A third RESTful development trap stems from the fact that many API designers fail to version APIs correctly, and this often affects API stability in a complex service. Most APIs evolve over time with respect to their parameters, which necessitates code changes. Many API designers leave Version control completely up to their source code versioning system, such as Git, but this method doesn't guarantee that old calls won't break once the code changes.

Version control, particularly in rapid development, is critical for API consistency. To add a measure of additional safety, include the new version of the API in the RESTful call, but keep the past version available. This extra step will help detect old calls, and it should also help ensure that the application doesn't misinterpret old parameters.

Ignoring passed data

Sometimes, developers pay too little attention to the format and size of passed data. Keep the volume of data that passes through a RESTful URL relatively small. When larger volumes of data pass through, variable data should post with some indication of how long the message is. Also, it helps to consistently use either XML or JSON rather than trying to combine the two.

Processing variable data can lead to program errors, and a poor REST data structure compromises the readability of data. Make sure you can read your parameters, interpret what they mean and understand exactly what data gets passed. Otherwise, it will prove difficult to debug RESTful APIs. With either XML or JSON, the format of data should always be valid. This helps ensure that improper user behavior or an incorrect parameter format won't create a format violation that breaks things down the line.

Map dialog steps to HTTP methods

An API is a medium of communications between a client and a service, and everything you expect the client to do must map to an HTTP method. The proper parameters must support that method, and a service that controls state correctly must process it. If you take the time to map out the dialog and explore how each step is processed, you can avoid serious problems in RESTful development.

Bad API error code selection

API call failures are inevitable, but many developers still struggle when it comes to API error codes. Don't invent your own error procedure -- use standard codes. Dozens of HTTP error codes are neatly divided into groups and indicate the broad reason for a failure. These standard codes improve the chances that users can correctly interpret responses. Another benefit of standardization is developer mobility: People more easily work with multiple APIs if they don't need to learn different coding conventions.

You should also include the data that other developers need as plain text within the API return message. Whoever receives this return message can then pass this data to other developers, as appropriate. It's tempting to use this additional text to define a set of subordinate codes that further refine the HTTP codes, but resist the urge unless you're prepared to carefully manage those secondary codes. If you're not consistent, this bevy of information will likely just confuse other developers.

Dig Deeper on Enterprise application integration

Software Quality
Cloud Computing