2. REST as Lightweight Web Services

As a programming approach, REST is a lightweight alternative to Web Services and RPC.

Much like Web Services, a REST service is:

  • Platform-independent (you don't care if the server is Unix, the client is a Mac, or anything else),
  • Language-independent (C# can talk to Java, etc.),
  • Standards-based (runs on top of HTTP), and
  • Can easily be used in the presence of firewalls.

Like Web Services, REST offers no built-in security features, encryption, session management, QoS guarantees, etc. But also as with Web Services, these can be added by building on top of HTTP:

  • For security, username/password tokens are often used.
  • For encryption, REST can be used on top of HTTPS (secure sockets).
  • ... etc.

One thing that is not part of a good REST design is cookies: The "ST" in "REST" stands for "State Transfer", and indeed, in a good REST design operations are self-contained, and each request carries with it (transfers) all the information (state) that the server needs in order to complete it.

9 comments:

Dr. M. Elkstein said...

In many cases, REST offers better performance than SOAP-based Web Services. The reasons for this are discussed later on.

samsonsu said...

Thanks for the great articles.

Question: most services require user to login before exploring further. If cookies are not recommended in REST, does it mean I have to go thru authentication on every single request (e.g., HTTP AUTH)?

In web design, usually you login once and the cookie will store your authenticated "token", so future requests are linked to your session.

Dr. M. Elkstein said...

Hi samsonsu,

Since this isn't the first time I was asked about this, I've added a new page with an answer to your question.

Broken Heart said...

In my opinion, this same thing can be achieved using servelt then can you please explain me the difference between servlet & restlet. Also let me know the advantage of restlets over servlets.

Thanks,
Jawahar

Sreejith said...

Dr.Elkstein,
Thanks for this nice article.

I have a doubt that as I have to use XForm in my project; can I use REST as a web service to obviate the need for using servelets to access the Java classes ?

Dr. M. Elkstein said...

Jawahar: Restlets are just one way of implementing REST services. You can implement them just as easily using regular servlets. So, I won't try to list advantages of one over the other.

Sreejith: I'm not sure I understood your question, but if I understood it correctly, the answer is no.

Sreejith said...

Thanks for your answer.
I would like to elaborate my question. My requirement is that application should work on both offline and online mode. Hence I am using XForms to capture data. Whenever there is internet connectivity, the saved data should get uploaded. So what I am planning to do is, if the user is online throughout, REST web service will fetch the data. If the user is offline while saving, data will be saved in the form of XML on a local storage device and once get connected, the stored XML will be supplied to REST web service. Is it a possible solution?

Kokil Thapa said...

Nice articel

vijay said...

HI,

thanks for the post. I am trying to connect to HP ALM using REST. however, i am getting no protocol error as ALM is on top of HTTPS. can you please tell me how to use REST for HTTPS?

thanks
Vijay