© Ellis Horowitz Marco Papa 2006-2021 1
Web Services and REST
Introduction
• Web sites are normally accessed by a browser guided by a person
• But we have seen that programs can also access a web site, return one or
more pages, and scrape the site for information
• Web Services is the idea of offering the capabilities/information on a web
site via a programming interface, so application programs can more readily
access the information on the site
• Web Services are APIs for accessing a website’s information across the
Internet
© Ellis Horowitz Marco Papa 2006-2021 2
Introduction (cont’d)
• The implementation of Web Services is roughly divided into three
categories:
– Big Web Services which involve XML messages that are communicated by the
Simple Object Access Protocol (SOAP); the API is formally described using the
Web Services Description Language (WSDL). These services are normally used
for server-to-server communication, using additional protocols like XML Security
and XML Encryption.
– REST (Representational State Transfer) Services which use HTTP methods
PUT, GET, POST and DELETE.
– Cloud Services which provide cloud storage, application hosting, content
delivery, and other hosting services.
• All three types of Web Services provide access through APIs.
• The rest of the slides will cover REST Services and Cloud Services
© Ellis Horowitz Marco Papa 2006-2021 3
© Ellis Horowitz Marco Papa 2006-2021 4
REST Services
• Many web sites are now offering their facilities through REST Web Services
• REST Services can be used to access sites that perform the following
functions:
– Web Search (e.g. Google Custom Search)
– Geolocation (e.g. Google Maps Geolocation API)
– Photo Sharing (e.g. SmugMug’s Flickr)
– Social Networking (e.g. Facebook, Twitter)
– Mapping (e.g. Google Maps, Bing Maps)
• Access is provided using one or both of these methods:
– Direct URL, returning a response in one or more formats (XML, JSON, PHP)
– Library-based APIs, embedded in JavaScript, Java, C#, Objective-C and other
source and binary library formats
• Many of these services now require or include OAuth user authentication
– Oauth is a standard for clients to access server resources on behalf of a resource owner
– E.g. see http://en.wikipedia.org/wiki/OAuth
• Many of these services limit daily usage by a single website, and require
payment when the thresholds are breached
© Ellis Horowitz Marco Papa 2006-2021 5
Cloud Services
• Cloud Services covers a variety of hosting services:
– Application Hosting (e.g. AWS, Google App Engine, FireHost, Microsoft Azure)
– Backup and Storage ( e.g. AWS)
– Content Delivery (e.g. Netflix hosted by AWS)
– E-commerce (Amazon.com e-commerce)
– Media Hosting (e.g. Microsoft Azure, RackSpace, Streaming Media Hosting)
– DNS Protection Services (e.g., CloudFlare)
– Consumer Cloud Storage (e.g. Apple iCloud Drive, Dropbox, Microsoft OneDrive,
Google Drive)
• Access is provided using one or both of these methods:
– Dashboard
– Library-based APIs, embedded in Java, C#, Objective-C and other binary library
formats
• All these services are commercial services that require monthly payments
• The consumer cloud services provide limited, free basic storage
REST (Representational State Transfer)
• REST is a style of software architecture for distributed hypermedia systems (i.e.
the Web)
– Initially proposed by Roy Fielding in a 2000 doctoral dissertation
– See: http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
– The World Wide Web is an example of REST
• There are three fundamental aspects of the REST Design Pattern
– 1. client, 2. servers and 3. resources
– Resources are typically represented as documents
– Systems that follow Fielding’s REST principles are often referred to as
RESTful;
Resources
Every distinguishable entity is a resource
URLs
Every resource is uniquely
identified by a URL
Simple Operations
(PUT,GET,POST,DELETE)
6© Ellis Horowitz Marco Papa 2006-2021
REST versus Other Approaches
• REST
– Software architectural style for distributed hypermedia systems like WWW
– Quickly gained popularity through its simplicity
• SOAP
– Protocol for exchanging XML-based message, normally using HTTP
– Much more robust way to make requests, but more robust than most APIs need
– More complicated to use
• XML-RPC
– RPC protocol with XML as an encoding and HTTP as a transport
– More complex than REST but much simpler than SOAP
• JSON-RPC
– RPC protocol encoded in JSON instead of XML
– Very simple protocol (and very similar to XML-RPC)
7© Ellis Horowitz Marco Papa 2006-2021
REST as Lightweight Web Services
• Much like Web Services, a REST service is:
– Platform-independent (you don’t care if the server is Unix, the client is
a Mac, or anything else),
– Language-independent (C# can talk to Java, etc.),
– Standards-based (runs on top of HTTP), and
– Can be used in the presence of firewalls (port 80/443 always open)
• Like Web Services, REST offers no built-in security features, encryption,
session management, QoS guarantees, etc. But also as with Web Services,
these can be added by building on top of HTTP:
– For security, username/password tokens are often used.
– For encryption, REST can be used on top of HTTPS (secure sockets).
• One thing that is not part of a good REST design is cookies:
– The “ST” in “REST” stands for “State Transfer”, and indeed, in a good
REST design operations are self-contained, and each request carries
with it (transfers) all the information (state) that the server needs in
order to complete it.
© Ellis Horowitz Marco Papa 2006-2021 8
© Ellis Horowitz Marco Papa 2006-2021 9
REST & the HTML Web
(Get book list, get book details, order book)
User
GET /books/ HTTP/1.1
HTTP/1.1 200 OK
Content-Type: text/html
…
Moby Dick
XML QuickRef
Web
Server
GET /books/1234 HTTP/1.1
HTTP/1.1 200 OK
Content-Type: text/html
…
Moby Dick
Buy!
POST /order?id=1234 HTTP/1.1
Content-type: application/x-www-form-urlencoded
…order form data…
HTTP/1.1 200 OK
…
Order
View
list of books
V
iew
book details
O
rder book
Books
Orders
© Ellis Horowitz Marco Papa 2006-2021 10
REST & the XML Web
(get book list, get book details)
Web
Service
G
et list of books
G
et book details
GET /books/ HTTP/1.1
HTTP/1.1 200 OK
Content-type: text/xml
…
GET /books/1234/ HTTP/1.1
HTTP/1.1 200 OK
Content-type: text/xml
…
…other book data…
© Ellis Horowitz Marco Papa 2006-2021 11
REST & the XML Web (2)
(order book)
POST /orders/ HTTP/1.1
…
…
…
Web
Service
O
rder B
ook
HTTP/1.1 201 Created
Location: http://…/abcd/
Rather than web pages being returned
xml files are returned
© Ellis Horowitz Marco Papa 2006-2021 12
REST & the JSON Web
(get book list, get book details)
GET /books/ HTTP/1.1
HTTP/1.1 200 OK
Content-type: text/json
{ “books”: {
“book”: [
{ “href”: “http://…/1234/” },
{ “href”: “http://…/5678/” }
]
}
}
GET /books/1234/ HTTP/1.1
HTTP/1.1 200 OK
Content-type: text/json
{
“book”: {
“title”: “Moby Dick”,
. . . other book data
“order”: { “href”: “http://…/orders” }
}
}
JSON objects are returned
© Ellis Horowitz Marco Papa 2006-2021 13
REST & the JSON Web (2)
(order book)
POST /orders/ HTTP/1.1
{
“order”: {
“bookId”: { “-href”: “http://…/books/1234” },
“payment”: ” … “,
“shipping”: ” … ”
}
}
HTTP/1.1 201 Created
location: http://…/abcd
More Complex REST Requests
• REST can easily handle more complex requests, including multiple parameters.
• All types of HTTP requests: GET, POST, PUT, PATCH, DELETE, COPY, HEAD,
OPTIONS, LINK, UNLINK, PURGE
• In most cases, you’ll just use HTTP GET parameters in the URL.
• For example:
http://www.acme.com/phonebook/UserDetails?firstName=John&lastName=Doe
• If you need to pass long parameters, or binary ones, you’d normally use HTTP POST
requests, and include the parameters in the POST body.
• As a rule,
1. GET requests should be for read-only queries; they should not change the state
of the server and its data.
2. For creation, updating, and deleting data, use POST requests. POST can also be
used for read-only queries, as noted above, when complex params are required.’
3. PUT, DELETE are also used for updating and deleting items.
• “Legacy” REST services might use XML in their responses.
• Newer REST Services use JSON in their responses.
• Postman can be used to test any of the HTTP requests.
© Ellis Horowitz Marco Papa 2006-2021 14
Postman
• Postman is a tool for API testing
• Platforms include Chrome add-on, MacOS, Windows and Linux native apps
• Download page available at:
https://www.getpostman.com/apps
• Free version comes with the following support:
– Unlimited Postman collections, variables, environments, & collection runs
– Postman Workspaces
– Postman Help Center & Community Support
– API Documentation (1000 Monthly document views)
– Mock Servers (1000 Monthly mock server calls)
– Postman API (1000 Monthly API calls)
– API Monitoring (100 Monthly calls)
• Postman Pro and Postman Enterprise provide additional feature on a monthly
subscription.
© Ellis Horowitz Marco Papa 2006-2021 15
REST Server Responses
• A server response in REST used to be an XML file; for example,
ACME Boomerang
Used by Coyote in Zoom at the Top, 1962
17.32
http://www.acme.com/parts/3322
ACME Dehydrated Boulders
Used by Coyote in Scrambled Aches, 1957
19.95
http://www.acme.com/parts/783
• However, other formats can also be used; REST is not bound to XML in any way.
JSON is the response format recently used the most. Possible formats include CSV.
• One option that is not acceptable as a REST response format, except in very specific
cases is HTML, or any other format which is meant for human consumption and is not
easily processed by clients.
• The specific exception is, of course, when the REST service is documented to return
a human-readable document; and when viewing the entire WWW as a RESTful
application, we find that HTML is in fact the most common REST response format.
© Ellis Horowitz Marco Papa 2006-2021 16
Flickr
• Photo-sharing community with APIs provide viewing and uploading access
• Request formats: REST, XML-RCP, SOAP
• Response Formats: REST, XML-RPC, SOAP, JSON, PHP. Supports
JSONP.
• API Developer Kits available for 15 languages including ActionScript
(Flash), Java (Android), .NET, Objective-C (iOS)
• Comprehensive number of API methods for authentication, blogs, contacts,
favorites, galleries, people, photos
• Example Query:
– https://api.flickr.com/services/rest/?method=flickr.photos.getRecent&api
_key=f2cc26448280a762143ba4a865795ab4&format=json
– (remove format parameter for XML results)
– https required since June 2014
© Ellis Horowitz Marco Papa 2006-2021 18
Flickr Sample JSON Result
jsonFlickrApi({“photos”:{“page”:1, “pages”:10, “perpage”:100, “total”:1000, “photo”:[{“id”:”6879393174″,
“owner”:”50010354@N05″, “secret”:”cf784500dd”, “server”:”7080″, “farm”:8,
“title”:”wjk_20110611_0092.jpg”, “ispublic”:1, “isfriend”:0, “isfamily”:0}, {“id”:”6879393274″,
“owner”:”31403543@N03″, “secret”:”af280ab218″, “server”:”6231″, “farm”:7, “title”:”Imagen 415″,
“ispublic”:1, “isfriend”:0, “isfamily”:0}, {“id”:”6879393306″, “owner”:”66286618@N05″,
“secret”:”7fc731bc3d”, “server”:”6237″, “farm”:7, “title”:”IMG_6241-1″, “ispublic”:1, “isfriend”:0,
“isfamily”:0}, {“id”:”6879393338″, “owner”:”28935680@N03″, “secret”:”ec7444d9b6″,
“server”:”7237″, “farm”:8, “title”:”IMG_6756″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879393352″, “owner”:”32752988@N06″, “secret”:”be56f5751c”, “server”:”6046″, “farm”:7,
“title”:”AED_4586″, “ispublic”:1, “isfriend”:0, “isfamily”:0}, {“id”:”6879393370″,
“owner”:”29083790@N00″, “secret”:”ec89570135″, “server”:”6219″, “farm”:7, “title”:”IMG_6546″,
“ispublic”:1, “isfriend”:0, “isfamily”:0}, {“id”:”6879393402″, “owner”:”50702313@N08″,
“secret”:”18ecdd7871″, “server”:”7191″, “farm”:8, “title”:”Group A 3″, “ispublic”:1, “isfriend”:0,
“isfamily”:0}, {“id”:”6879393418″, “owner”:”8502118@N08″, “secret”:”082968f6a9″,
“server”:”6220″, “farm”:7, “title”:”Buff-necked Ibis (Theristicus caudatus)”, “ispublic”:1, “isfriend”:0,
“isfamily”:0}, {“id”:”6879393440″, “owner”:”51425572@N04″, “secret”:”bc5f816ffb”,
“server”:”6219″, “farm”:7, “title”:”P2115768″, “ispublic”:1, “isfriend”:0, “isfamily”:0}, […]})
© Ellis Horowitz Marco Papa 2006-2021 19
Partial Flickr Sample JSON Result With Formatting
jsonFlickrApi({“photos”:{“page”:1, “pages”:10, “perpage”:100, “total”:1000,
“photo”:[
{“id”:”6879682760″, “owner”:”8348059@N02″, “secret”:”1ac6c7e2c4″, “server”:”6220″, “farm”:7,
“title”:”DSC_0619″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682762″, “owner”:”35772789@N02″, “secret”:”db5dffb91d”, “server”:”6117″, “farm”:7,
“title”:”Dianna Romo 5″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682776″, “owner”:”8091633@N05″, “secret”:”302174b53e”, “server”:”6118″, “farm”:7,
“title”:”DSC_4259″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682778″, “owner”:”58641881@N08″, “secret”:”c028082788″, “server”:”7212″, “farm”:8,
“title”:”DSC_0777″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682790″, “owner”:”32045507@N06″, “secret”:”d80d372bd2″, “server”:”6093″, “farm”:7,
“title”:”IMG_9136″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682792″, “owner”:”76919580@N08″, “secret”:”57e8d1cf8d”, “server”:”7277″, “farm”:8,
“title”:”DSC01410″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
{“id”:”6879682796″, “owner”:”50838701@N04″, “secret”:”a3431e27e9″, “server”:”6042″, “farm”:7,
“title”:”eP3274587″, “ispublic”:1, “isfriend”:0, “isfamily”:0},
© Ellis Horowitz Marco Papa 2006-2021 20
Microsoft Bing Maps REST Services
• Bing Maps REST Services: https://docs.microsoft.com/en-us/bingmaps/rest-services/
• The Bing Spatial Data Services are REST-based services that offer three key
functionalities: batch geocoding, point of interest (POI) data, and the ability to store and
expose your spatial data.
• Used for performing tasks such as geocoding, reverse-geocoding, routing and static
imagery.
• REST Request URLs:
– Find a location by Address:
http://dev.virtualearth.net/REST/v1/Locations/CA/adminDistrict/postalCode/locality/address
Line?includeNeighborhood=includeNeighborhood&maxResults=maxResults&key=Bing
MapsKey
– Find a location by Query:
http://dev.virtualearth.net/REST/v1/Locations/1%20Microsoft%20Way%20Redmond
%20WA%2098052?o=xml&key=BingMapsKey
– Find a location by Point:
!””#$%%&'()(*+”,-.’-+”!)/'”%0123%(4%1.'(-“*5/%6*7″8#5*/”79:;):4?@44A)BC;CC?:;)?@44A)BCDAD?:;)
for many more details about this example see
https://developers.google.com/maps/documentati
on/javascript/tutorial
34© Ellis Horowitz Marco Papa 2006-2021
Changing the Map’s Center Point
• Use Geocoding API to
find the
latitude/longitude of a
local address
• Use a geocoding service
at:
https://developers.googl
e.com/maps/documenta
tion/geocoding/start
• For an address we will
use the CS dept
• The result is the lat/long
35© Ellis Horowitz Marco Papa 2006-2021
Simple Map with Lat/Long Change
36© Ellis Horowitz Marco Papa 2006-2021
Changing the Zoom Level
• the zoom level controls the distance
above the map
• higher values cause the zoom to close in
• set the zoom value to 16 and the
resulting map is produced
ROADMAP
37© Ellis Horowitz Marco Papa 2006-2021
Adding a Marker to the Map
• But where is the CS dept.? we need to add a marker
• we see an example of a marker at
https://developers.google.com/maps/documentation/javascript/examples/marker-simple
function initialize() {
var myLatLng = {lat: 34.020, lng: -118.290};
var mapOptions = { zoom: 4, center: myLatlng }
var map = new google.maps.Map(document.getElementById(‘map-
canvas’), mapOptions);
var marker = new google.maps.Marker({
position: myLatlng,
map: map,
title: ‘CS Dept’
});
}
google.maps.event.addDomListener(window, ‘load’, initialize);
38© Ellis Horowitz Marco Papa 2006-2021
Change the Map Type
one can alter the map type by adding the line:
mapTypeId: ‘satellite’; or
map.setMapTypeId(‘terrain’);
there are 4 map types:
HYBRID
ROADMAP
SATELLITE
TERRAIN
39© Ellis Horowitz Marco Papa 2006-2021
Add a Marker with Tool Tip
40© Ellis Horowitz Marco Papa 2006-2021
Adding a Popup Info Window to the Marker
41© Ellis Horowitz Marco Papa 2006-2021
Apple iCloud For Developers
• Apple’s iCloud service places all information captured on any Apple
device into the cloud, making it immediately available to all other
Apple devices
• 5GB (free) – 50GB, 200GB, 1TB plans available at:
– http://www.apple.com/icloud/
– https://developer.apple.com/icloud/index.html
• iCloud APIs available for iOS 5 through 13 and OS X 10.9+
– CloudKit framework
– Storage API for Documents
– Storage API for key-value data storage
– Storage API for Core Data
– Fallback Store (iOS 7+)
– Account Changes (iOS 7+)
– Manage iCloud Content (iOS 7+)
– Xcode debugging (Xcode 5+)
– iPhone simulator support (iOS 7+)
© Ellis Horowitz Marco Papa 2006-2021 42
REST Best Practices
• 1. Provide a URI for each resource that you want exposed.
• 2. Prefer URIs that are logical over URIs that are physical. For example prefer
http://www.boeing.com/airplanes/747
Over:
http://www.boeing.com/airplanes/747.html
• Logical URIs allow the resource implementation to change without impacting client applications
• 3. As a corollary to (2) use nouns in the logical URI, not verbs. Resources are “things“ not “actions”
• 4. Make all HTTP GETs side-effect free.
• 5. Use links in your responses to requests. Doing so connects your response with other data. It enables
client applications to be self-propelled. That is, the response itself contains info about “what’s the next
step to take”.
• 6. Minimize the use of query strings. For example, prefer
http://www.parts-depot.com/parts/00345
Over
http://www.parts-depot.com/parts?part-id=00345
• 7. Use the slash “/” to represent a parent-child, whole-part relationship
• 8. Use a “gradual unfolding methodology” for exposing data to clients. That is, a resource
representation should provide links to obtain more details.
• 9. Always implement a service using HTTP GET when the purpose of the service is to allow a client to
retrieve a resource representation, i.e. don’t use HTTP POST
© Ellis Horowitz Marco Papa 2006-2021 43