REST is the underlying architectural principle of the web. The amazing thing about the web is the fact that clients (browsers) and servers can interact in complex ways without the client knowing anything beforehand about the server and the resources it hosts. The key constraint is that the server and client must both agree on the media used, which in the case of the web is HTML.
An API that adheres to the principles of REST does not require the client to know anything about the structure of the API. Rather, the server needs to provide whatever information the client needs to interact with the service. An HTML form is an example of this: The server specifies the location of the resource and the required fields. The browser doesn't know in advance where to submit the information, and it doesn't know in advance what information to submit. Both forms of information are entirely supplied by the server. (This principle is called HATEOAS: Hypermedia As The Engine Of Application State.)
So, how does this apply to HTTP, and how can it be implemented in practice? HTTP is oriented around verbs and resources. The two verbs in mainstream usage are GET
and POST
, which I think everyone will recognize. However, the HTTP standard defines several others such as PUT
and DELETE
. These verbs are then applied to resources, according to the instructions provided by the server.
For example, Let's imagine that we have a user database that is managed by a web service. Our service uses a custom hypermedia based on JSON, for which we assign the mimetype application/json+userdb
(There might also be an application/xml+userdb
and application/whatever+userdb
- many media types may be supported). The client and the server have both been programmed to understand this format, but they don't know anything about each other. As Roy Fielding points out:
A REST API should spend almost all of its descriptive effort in
defining the media type(s) used for representing resources and driving
application state, or in defining extended relation names and/or
hypertext-enabled mark-up for existing standard media types.
A request for the base resource /
might return something like this:
Request
GET /
Accept: application/json+userdb
Response
200 OK
Content-Type: application/json+userdb
{
"version": "1.0",
"links": [
{
"href": "/user",
"rel": "list",
"method": "GET"
},
{
"href": "/user",
"rel": "create",
"method": "POST"
}
]
}
We know from the description of our media that we can find information about related resources from sections called "links". This is called Hypermedia controls. In this case, we can tell from such a section that we can find a user list by making another request for /user
:
Request
GET /user
Accept: application/json+userdb
Response
200 OK
Content-Type: application/json+userdb
{
"users": [
{
"id": 1,
"name": "Emil",
"country: "Sweden",
"links": [
{
"href": "/user/1",
"rel": "self",
"method": "GET"
},
{
"href": "/user/1",
"rel": "edit",
"method": "PUT"
},
{
"href": "/user/1",
"rel": "delete",
"method": "DELETE"
}
]
},
{
"id": 2,
"name": "Adam",
"country: "Scotland",
"links": [
{
"href": "/user/2",
"rel": "self",
"method": "GET"
},
{
"href": "/user/2",
"rel": "edit",
"method": "PUT"
},
{
"href": "/user/2",
"rel": "delete",
"method": "DELETE"
}
]
}
],
"links": [
{
"href": "/user",
"rel": "create",
"method": "POST"
}
]
}
We can tell a lot from this response. For instance, we now know we can create a new user by POST
ing to /user
:
Request
POST /user
Accept: application/json+userdb
Content-Type: application/json+userdb
{
"name": "Karl",
"country": "Austria"
}
Response
201 Created
Content-Type: application/json+userdb
{
"user": {
"id": 3,
"name": "Karl",
"country": "Austria",
"links": [
{
"href": "/user/3",
"rel": "self",
"method": "GET"
},
{
"href": "/user/3",
"rel": "edit",
"method": "PUT"
},
{
"href": "/user/3",
"rel": "delete",
"method": "DELETE"
}
]
},
"links": {
"href": "/user",
"rel": "list",
"method": "GET"
}
}
We also know that we can change existing data:
Request
PUT /user/1
Accept: application/json+userdb
Content-Type: application/json+userdb
{
"name": "Emil",
"country": "Bhutan"
}
Response
200 OK
Content-Type: application/json+userdb
{
"user": {
"id": 1,
"name": "Emil",
"country": "Bhutan",
"links": [
{
"href": "/user/1",
"rel": "self",
"method": "GET"
},
{
"href": "/user/1",
"rel": "edit",
"method": "PUT"
},
{
"href": "/user/1",
"rel": "delete",
"method": "DELETE"
}
]
},
"links": {
"href": "/user",
"rel": "list",
"method": "GET"
}
}
Notice that we are using different HTTP verbs (GET
, PUT
, POST
, DELETE
etc.) to manipulate these resources, and that the only knowledge we presume on the client's part is our media definition.
Further reading:
(This answer has been the subject of a fair amount of criticism for missing the point. For the most part, that has been a fair critique. What I originally described was more in line with how REST was usually implemented a few years ago when I first wrote this, rather than its true meaning. I've revised the answer to better represent the real meaning.)
Best Answer
REST should be used if it is very important for you to minimize the coupling between client and server components in a distributed application.
This may be the case if your server is going to be used by many different clients that you do not have control over. It may also be the case if you want to be able to update the server regularly without needing to update the client software.
I can assure you that achieving this low level of coupling is not easy to do. It is critical to follow all of the constraints of REST to succeed. Maintaining a purely stateless connection is difficult. Picking the right media-types and squeezing your data into the formats is tricky. Creating your own media types can be even harder.
Adapting rich server behaviour into the uniform HTTP interface can be confusing and at times appears pedantic in comparison to the relatively straightforward RPC approach.
Despite the difficulties, the benefits are that you have a service that a client developer should be able to easily understand due to the consistent use of the HTTP protocol. The service should be easily discoverable due to hypermedia and the client should be extremely resilient to changes on the server.
The benefits of hypermedia and the avoidance of session state makes load balancing simple and service partitioning feasible. The strict conformance to HTTP rules make the availability of tools like debuggers and caching proxies wonderful thing.
Update
I think REST has become fashionable because people attempting to do SOA type projects have found that using the SOAP stack they are not realizing the benefits that were promised. People keep turning back to the web as an example of simple integration methodologies. Unfortunately, I think people underestimate the amount of planning and foresight that went into creating the web and they oversimplify what needs to be done to allow the kind of serendipitous reuse that does occur on the web.
You say that you have never seen REST in practice, but that cannot possibly be true if you ever use a web browser. The web browser is a REST client.
These may sound like inane questions, but if you know the answer, then you can start to see what REST is all about. Look at StackOverflow for more benefits of REST. When I am looking at a question, I can bookmark that page or send the url to a friend and he can see the same information. He doesn't have to navigate through the site to find that question.
StackOverflow uses a variety of OpenId services for authentication, gravatar.com for avatar images, google-analytics and Quantserve for analytical information. This kind of multi-company integration is the type of thing the SOAP world only dreams of. One of the best examples is the fact that the jQuery libraries that are used to drive the StackOverflow UI are retrieved from Google's Content Delivery Network. The fact that SO could direct the client (i.e. your web browser) to download code from a third-party site to improve performance is testament to the low coupling between web client and server.
These are examples of a REST architecture at work.
Now some web sites / applications do break the rules of REST and then the browser does not work as expected.
REST is everywhere. It is the part of the web that makes it work well. If you want to build distributed applications that can scale like the web, be resilient to change like the web and promote re-use as the web has done, then follow the same rules they did when building web browsers.