i have created simple REST architecture using Jersey and Tomcat. I sent data from server (as a resource using "/get") to client and then customer makes some computation on this data. My problem is, how to send this calculated data from client to server ?
Since you're using a REST architecture, how to send the data back to the server depends on what this data represents.
For example, suppose you are dealing with users, a GET on /users is performed, so the client has the data, now
if the client changes something you might want to make it PUT on /users/:userid, the PUT here represents the fact that you are updating a user identified by userid
if the client does not find a user it might want to create it, so you might want it to perform a POST on /users with the user in the payload
This is just an example to briefly explain how it works, of course it depends on your case, if you need more help please update your answer adding details.
Related
I have the task to implement an API with Spring Boot and a relational database to save the data from a client (mobile app) and synchronize it.
So far no problem. I have some endpoints to post and get the stored data.
Now I have the task to provide an endpoint that return the complete data in a GET-Request and another to save the complete data of the client via a POST-Request.
My problem is:
How do I store the complete data in one POST-Request(JSON)?
The database has multiple entities with manytomany relationships and if I just POST them then I have some problems with the relations between the Entities.
My approach to GET the complete data was to just create a new Entity with every entity in it. Is this the best solution?
And is this even a good solution to POST the complete data instead of the usage of the other endpoints to get the entities one by one. Or is there another approach to store and restore the complete data from server and client? Whereby I think that posting the complete data makes less sense.
is this even a good solution to POST the complete data instead of the usage of the other endpoints to get the entities one by one
In some scenarios you may want to force update or synchronize the client data with the server, for example, WhatsApp backup now option.
How do I store the complete data in one POST-Request(JSON)
You can make one post endpoint that extracts the data sent from the client and internally use all your repositories or daos for each property.
My approach to GET the complete data was to just create a new Entity
with every entity in it. Is this the best solution
either by doing as you mentioned or by handling it manually in the endpoint like this
also check this one which uses apache camel to aggregate multiple endpoints
For the development of an API we want to create a new organization and a new user for that organization with one form submission (the registration) using a clean RESTful API design.
As we don't want to mix different resources (organizations and users) and create the them with one call (the response of that call is it an organization or an user?) we need to split the registration into two calls: create organization first and directly after create user.
But if the user and organization creation is split into two independent API calls we see the following problems:
How to handle errors? Eg. if the create organization is successful but the create user fails due to an error (eg. user email already exists). In that case an organization without any user is created and nobody can login to change the organization resource.
How to handle the authorization after creating the organization? Can everybody with the organization id simply create a new user without any login check (login is only possible with email and password)? Or will the create organization return a token to create the first user? (The token logic will make the client quite complicated: how to handle resubmissions etc.)
How to handle errors? Eg. if the create organization is successful but the create user fails due to an error (eg. user email already exists). In that case an organization without any user is created and nobody can login to change the organization resource
Except for PATCH none of the standard HTTP methods really tackles a transactional behavior. PATCH i.e. demands that all of the instruction steps defined within the patch document need to be processed atomically. Either all or none of them have to be applied. So if one instruction fails none of the modifications must be applied. The difference between PATCH and the other methods however is, that PATCH should contain a set of instructions to apply onto one or multiple resources while the other operation in a sense target a single document usually.
If viewed from a document management system, which HTTP truely is at its heart as any business rules you conclude are just a side-effect of the document management (see this great talk), the operations of HTTP make a bit more sense. I.e. PUT replaces the current document with the one provided. If none existed so far it is similar to a document creation. The spec here mentions that PUT is allowed to have side-effects. I.e. similar to GIT where a commit will push the head forward though the actual commit will still be accessible via its own URI. DELETE removes the association of the URI to the document stored. Whether that leads to a document removal on the imaginary filesystem or not is an implementation detail. GET will only return the content of that document to the invoker and POST only processes the request according to the service own semantics giving no further promises on what it does with the payload. So whether one or multiple resources are created, or even none at all, is up to the implementation. However, if you create resources you need to return a 201 Created response containing a Location header with the URI of the newly created resource that hints clients about the newly created resource. In the case of multiple resources being created, the spec is a bit less clear what should be returned in that case as only one Location header may appear within the respone.
The usage of a form-based creation approach is for sure a RESTful approach as here the server teaches a client on the needed inputs to perform the task. A client usually isn't that much interested in how the server is actually processing and storing the data, all it is interested in is the completion of its request, either successfully or with a hint on the problems the server had while processing the request.
Whether you create everything in one go or divide each part to its own request is some choice you have to make. I.e. on a typical Web site you may encounter a wizzard like approach were you enter some organization related information first into a form, click a submit button and then get a further form response asking you to enter user details with a further response summarizing the details and asking for confirmation. The data could be stored in some temporary resource that on confirming the summary will create everything in one go mimicking some kind of atomic processing failing the creation of the organization in case some problems were encountered with the user details and such. Such an approach is convenient if you have multiple optional data that depends on previous choices.
Of course you could also enter the data in one single form and send it to the server via a POST request and then create the respective resources that way. Which URL to return in the Location header is yet a different decision. If the main resource being created is the organization that I'd opt for the organization URI, especially if it allows to list its defined users. Internally you can utilize transactions to guarantee a consistent state between organization and user and in a failure to do this you simply can roll back the transaction and return an error to the user.
If you attempt to divide the creation into multiple steps you surely will have to deal with the exception case of the user resources and its effects on the organization resource. As mentioned HTTP does not give any hints on that as to HTTP these are two separate and unrelated requests. Here, not the server should be the smart thing but the client has to be. If it encounters problems while user creation it should perform the cleanup of the organization itself. The server/API is just seen as dumb storage thing in such a case.
How to handle the authorization after creating the organization? Can everybody with the organization id simply create a new user without any login check (login is only possible with email and password)? Or will the create organization return a token to create the first user? (The token logic will make the client quite complicated: how to handle resubmissions etc.)
It basically depends on your design here. Usually some kind of permission management should be added to the API. Some frameworks already contain support for such, i.e. in the Java and Spring ecosystem you can add certain annotations onto operation endpoints and business methods that check certain assigned user roles and permissions and only allow access if they are available.
In case you have a split organization and user creation approach and encountered a problem during user creation you could send a form back to the client requesting other user details as one already exist for an other organization until valid data was returned. Plenty of Web-based APIs nowadys send some confirmation links via mail to verify the correctness of the email-address and the user is only "logged-in" the first time when he clicked the activation link in that email. In pure HTTP you'd send a HTTP Authorization header containing the user credentials. In the absence of an activated user the service would return 401 Unauthorized as failure preventing the user from authenticating with the service. In such a case an external administrative entity (i.e. a project manager or administrator of the API) would have to create a user for that organization and send the data to the requestor. Though, such a state should be highly avoided IMO. Here, probing a user for admissible user details is sure preferrable, I guess.
You might also run some kind of cleanup routine in the back (or perform a manual cleanup task) after a given threshold amount on organizations that have no user assigned to it to free up resources and avoid carrying arround inconsitent state, according to your definition, as there has to be a user assigned to an organization.
As you see, you have a couple of design choices how to tackle such a scenario. Whether you enter the data in one form and send everything in one go to the server or use a temporary resource to collect data from n consecutive form requests until the user confirms that data and you process everything in one go atomically or you use dedicated requests per task and have some backing routines that check the consitency of the system is up to you.
A final note on a thing mentioned in your title. REST clients shouldn't consider resources to have a specific type as this leads to clients expecting certain endpoints to return certain types. This also leads to clients interpreting URIs to determine the type of that resource. As the server is free to change its URI scheme any time it wants to, chances are that clients wont be able to determine the type based on the URI automatically without a developer building in that kind of knowledge into the client. This avoids the actual benefits a REST architecture should provide, namely the freedom for evolution in future that is enabled by the decoupling of clients from servers. Instead of using typed resources clients should rely on content-type negotiation where standardized representation formats understood and supported by both, client and server, are exchanged. The media-types defining these representation formats specify the processing rules and semantics of each of the elements within the payload and allow interoperability.
This may be a total shot in the dark, but looking for a service that basically exposes a database model as a restful service which we can query from the front-end (eliminating the need for a middle layer/server).
The idea would be simple enough, create a database with say a products table. This would then be exposed automatically via an API that represents that table. On your front end the user could enter text or choose several options and then via JS you could hit that endpoint (with the user's choices as parameters which inevitably becomes a SELECT and retrieves the data), that returns some JSON back in the form of results and via JS you display it on the front-end.
I have to believe something like this exists and maybe I am not being clear enough, but its basically an auto-created backend. This would be great for rapid prototyping.
Thanks in advance if anyone has ideas!
I have rest services that i will be posting data to. Is it better to post data using http form elements in the post data or is it better to post all the data in one json string and then parse the string at the server side. Any reason to go one way vs the other?
Thanks in advance. I am trying to make sure architecturally we code this the best way.
Thanks
I think you have to use the first solution because it is more close to the RESTful architecture. In addition, this solution is a standard, so you will don't need to do extra things to encode / decode the POST parameters.
I think it depends on your data.
If your data is quite flat with a one to one correspondence between keys and simple values then the form style submission is probably most appropriate. If you have more complex nested data or an array of some kind I would roll with the json approach. I don't think either option is more or less RESTful.
Form elements are the way to go. If you use json in your post, then you need to communicate the structure to the clients. This is usually done out-of-band (I've never seen it done in-band, but I might be wrong), which creates a coupling between the client and the server.
When you use a form, the in-band form communicates to the client what the post data should be. When the data requirements change, the form is changed and the client can (possibly) adjust accordingly.
For instance, just say you've defined the following nouns in your media-type: email, password, first-name, last-name, date-of-birth etc and you have a user creation form that requires email and password, with the other user optionally data populated later on (via another form). Later it's decided that you want users to provide their name when the account is created, so you update the form so that is requires email, password, first-name and last-name. Since the clients are already familiar with these nouns (and know what data belongs in each), well written clients will be compatible with the updated form. If it was just json data being posted, the clients would not work as they would have no idea the required json data had changed (unless you change the media-type, in which case you'll break them anyway).
Now this approach only works for nouns that have been defined in your media-type. If you are adding a new noun, then you can either only ever make it optional (existing clients will still work, new clients can take advantage of the new noun) or if you need to make it required, then you need to create a new media-type, which only new (or updated) clients will be able to use.
I wanted to know if its possible to display the contents of a mysql table on a page as soon as its contents are changed/updated
There are 2 conceptual methods for getting data from your server and updating your page accordingly: PUSH and PULL
The PULL method is one in which your page polls the server at a predefined interval to retrieve updated data and update the view accordingly. A search here or on Google for "server polling" or "ajax polling" will likely give you all the info you need to implement this approach.
The PUSH method is one in which the server pushes data down to the client (your page) when it is updated. The Ajax Push Engine (APE) is a framework for doing data PUSH operations over the web, I'd recommend checking it out if you want more info on this approach.
If you're looking for a more specific answer to your question, you'll need to post more relevant information about your problem, i.e.: server platform, programming language, etc...