Rest – Creating an entity relationship in REST: May I create the parent by posting to a child id

designdesign-patternsrest

We are currently designing a REST API to access classical customer data.
One of the elements in the API are the assets of an user. The assets are added under a given service. The backend API will only add an asset to an user under a given service. So, there's no User–Asset relation, but a User–[Service]–Asset relationship.

Our URI's will look like this:

/users/{id}/assets/{id}/services/{id}

Uses of the API will know the asset id and the service id to create a new entry.
What we are struggling with is the creation of this relation.

One straightforward way would be to post the whole relation to /users/{id}/assets/

POST /users/{id}/assets    
{asset:${id}, service:{id}, attribute1:"{var}", attribute2:"{var}"}

but then we are not actually creating an asset as the URI might indicate, but an asset-service relation.

As an alternative, we are considering POST'ing to the URI addressing the relation, like this:

POST /users/{id}/assets/{id}/service/{id}
{attribute1:"{var}", attribute2:"{var}"}

But in this case, the resource path /users/{id}/assets/{id} will not exist before the POST and will be created as a side-effect.

Is POST'ing to a resource path that does not exist yet allowed at all?

Thanks for your thoughts,

Gerard.

Best Answer

It sounds like you're suggesting that, whenever a user first posts to a non-existent relation, you will create it as part of the post.

If you're asking whether this kind of create-on-access pattern is a valid, acceptable development pattern, the answer is yes it is - it's both valid, and a fairly common pattern to see.

Related Solutions

REST API Concepts Explained

Is it appropriate to mix some sort of action call with a resource URI (e.g. /collection/123?action=resendEmail)? Would it be better to specify the action and pass the resource id to it (e.g. /collection/resendEmail?id=123)? Is this the wrong way to be going about it? Traditionally (at least with HTTP) the action being performed is the request method (GET, POST, PUT, DELETE), but those don't really allow for custom actions with a resource.

I'd rather model that in a different way, with a collection of resources representing the emails that are to be sent; the sending will be processed by the internals of the service in due course, at which point the corresponding resource will be removed. (Or the user could DELETE the resource early, causing a canceling of the request to do the send.)

Whatever you do, don't put verbs in the resource name! That's the noun (and the query part is the set of adjectives). Nouning verbs weirds REST!

I use the querystring portion of the URL to filter the set of resources returned when querying a collection (e.g. /collection?someField=someval). Within my API controller I then determine what kind of comparison it is going to do with that field and value. I've found this really doesn't work. I need a way to allow the API user to specify the type of comparison they want to perform.

The best idea I've come up with so far is to allow the API user to specify it as an appendage to the field name (e.g. /collection?someField:gte=someval - to indicate that it should return resources where someField is greater than or equal to (>=) whatever someval is. Is this a good idea? A bad idea? If so, why? Is there a better way to allow the user to specify the type of comparison to perform with the given field and value?

I'd rather specify a general filter clause and have that as an optional query parameter on any request to fetch the contents of the collection. The client can then specify exactly how to restrict the set returned, in whatever way you desire. I'd also worry a bit about the discoverability of the filter/query language; the richer you make it, the harder it is for arbitrary clients to discover. An alternative approach which, at least theoretically, deals with that discoverability issue is to allow making restriction sub-resources of the collection, which clients obtain by POSTing a document describing the restriction to the collection resource. It's still a slight abuse, but at least it's one you can clearly make discoverable!

This sort of discoverability is one of the things that I find least strong with REST.

I often see URI's that look something like /person/123/dogs to get the persons dogs. I generally have avoided something like that because in the end I figure that by creating a URI like that you are actually just accessing a dogs collection filtered by a specific person ID. It would be equivalent to /dogs?person=123. Is there ever really a good reason for a REST URI to be more than two levels deep (/collection/resource_id)?

When the nested collection is truly a sub-feature of the outer collection's member entities, it is reasonable to structure them as a sub-resource. By “sub-feature” I mean something like UML composition relation, where destroying the outer resource naturally means destroying the inner collection.

Other types of collection can be modeled as an HTTP redirect; thus /person/123/dogs can indeed be responded to by doing a 307 that redirects to /dogs?person=123. In this case, the collection isn't actually UML composition, but rather UML aggregation. The difference matters; it is significant!

POST vs PUT Requests – Understanding the Convention

Read the HTTP spec that defines those methods. Seriously. It will clarify a lot of questions for you going forward.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

In HTTP, PUT is specifically the create / update method. Create if it doesn't exist, or update it if it does.
POST is sort of the grab-bag method. As Roy Fielding has said, it's the method to use when you don't want to generalize your operation.

Their usage has broken down this way in RESTish services:

Usually, create has fallen into the POST camp, because of the idea of "appending to a collection." It's become the way to append a resource to a list of resources.

However, POST is also the "data processing" method, so it's also applicable for ANYTHING ELSE YOU WANT TO DO. If you want to drive a battleship through a loophole in REST, use POST.

Taken together, POST is useful for create, because you can say "process this (incomplete) data, and append it to this list resource".

The semantics of PUT are much more specific. PUT is the "make it so" method. So if you have a complete representation, and a complete URL, then you PUT it and "make it so". If it doesn't already exist, the service will create it.

So, yes, both PUT and POST can be appropriate for create. Even for update, you might want to POST a piece of data for the resource to process. You can't draw a bright-line definition between CREATE / UPDATE and PUT / POST.

I've seen lots and lots of people try to map CRUD explicitly to the HTTP methods, but it always breaks down, because a) HTTP follows a "update or create" model and not a separate create and update model, and b) the breadth of POST is so large. Also, there are subtleties in the way data is processed that CRUD misses -- like identifier generation.

...

For example, let's say the Galactic Police Academy has a REST service. They have a Cadet resource & you can GET a Cadet by their helmet # for their service details.

GET http://galacticpoliceacademy/cadets/12345

All the Cadets are another resource that retrieves a list or collection of cadets:

GET http://galacticpoliceacademy/cadets/

Notice that the individual GET just adds information to the collection resource.

Now, if I get accepted to the Galactic Police Academy, I don't have my helmet # yet, so we'll POST my information to the collection.

POST http://galacticpoliceacademy/cadets/

{ info: "my info" }

Which will process my information, assign me a helmet number, and add me to the collection. Now the collection of cadets has 1 more item (i.e. me), and I can GET my details using my newly assigned helmet #. I can also pull the list of cadets, and I will be there in the list.

Some cadets transfer from the Provisional Frontier Militia, and already have their own helmets. They can just be PUT into the /cadets/ collection directly, since they already have a helmet number. The helmet numbers are unique, so they won't collide with another cadet, and they'll just be put straight into the list, as-is.
(!) If the asteroid that the academy is on gets blown up by space criminals, and we need to rebuild on a new asteroid, then I could PUT a copy of the existing list, or PUT a record for each of the survivors, and in the end I'd have a list of cadets that looks exactly like the data I have. Then I could start POSTing as I refill the ranks.
There's a surge of patriotism after the attack on the Academy, resulting in a large number of new recruits. We can POST a list of new recruits (without helmets) and the New Academy service will append each to the list and assign each of them a helmet #.

So your example of 10 / 11 items in a resource collection is right on -- that's correct behavior. Usually I don't mix PUT and POST for create for a particular resource, but the HTTP semantics allow it.

Best Answer

Related Solutions

REST API Concepts Explained

POST vs PUT Requests – Understanding the Convention

Related Topic