Nouns and Resources
What is the best way to start building RESTful applications? One of the common advice heard is, "nouns are your resources". You walk through your application, identify all the nouns, model them as resources, and try to rely on HTTP verbs to operate on those resources. Use POST to create a resource, PUT to replace (or even create, when the client can name the resource), DELETE to delete the resource, and GET to get the resource. However, the notion that nouns can be used to identify resources is simplistic.
First of all, nouns should not be interpreted as what exists in some backend or what the application deals with behind the scenes. Take, for example, a web service that can return driving directions between two places. What are the nouns here? Not obvious. There won’t be direction resources stored in some database. What the web service wants to expose are collections of "direction"s computed based on some data/feeds/indexes. Each "direction" can be modeled as a resource, representing a starting point, distance along a path/road, and an end point. Similarly, take a search engine. What it deals with in the backend of search indexes, but what it exposes are collections of "result"s, where each result contains a URI and some metadata. In this case, each result can be modeled as a resource. These may be extreme cases, but it is critical to note that nouns are not what are dealt with in the system, but what are exposed through URIs to clients. So, the best way to identify resources is to look from the clients’ point of view.
If the web service ends up getting nouns wrong, the web service may find the set of HTTP verbs too limiting. It is also one of the complaints about REST that the set of verbs in HTTP is too small for all the complex operations that need to happen on resources. Take, for example, an web service managing user’s permissions in a social application. The web service wants to allow each user to allow/disallow sharing some information about the user with another entity or user. At first, "allow" and "block" seem like operations on a user or entity resource associated with a user. But these two operations don’t map to HTTP verbs. In this example, the resource is incorrectly identified. The resource needs to be identified as an association between a user and another user or entity, and each user can have zero or more such resources (i.e. a collection). Each resource has two states, i.e., "allow" and "deny". Let’s call this resource a "permission". Once this resource is identified, it is easy to operate on it via HTTP. The client would use POST to allow/deny a user/entity, GET to get all permissions or a specific permission, DELETE to delete an existing permission and so on.
Another challenge with nouns is determining their granularity. In general, finely grained resources make it easy to operate upon using HTTP verbs, while coarse grained resources make it hard. While there is no one-size-fits-all approach to help determine the granularity, one possibility is to think in terms of path segments of URIs, using the path segments to represent containment of collections of resources within other resources, and/or associations between resources. Take, e.g., a "person" resource. The representation of the person may include the person’s address book. If the web service models this as a single resource, it would be hard to manipulate the address book. Instead, if this is modeled as a "person" resource containing a collection of "address" resources, these resources can be managed in a more efficient manner.
Nouns can provide a good starting point for identifying resources, but as the above examples show, without refinements, it is not difficult to get it wrong!
Subbu,
Agree to your point on how you could end up finding the http verbs too limiting. We have been building some restful services over the last 3 months with Rails and Active Resource and the first complaint I got was this.
One interesting case was for user authentication. Initially login was a method on the user class and seemed like it was not restfully invokable. On some more thinking we figured out that the missing resource was actually a Session. A session gets crud-ed whenever someone uses the application. So login now became create a session, storing something in the session updating it and logout as destroying a session.
One thing that still bothers me is when you need to deal with plural resources. The pain is not in conceiving such resource but applying the verbs to them. Typically I need such resource when I am trying a batch CRUD. I read yours and others thoughts on this and would love to know how in the meantime you are handling such use cases
“In this example, the resource is incorrectly identified”
this would mean that there is a right model and wrong model. which is right, models are not equal. the problem here is that the wrong model won’t work. which is wrong and means REST imposes too much constraints.
a typical real life case involves modeling fields you don’t know first hand and relying on stake holder’s vision and mental models. this is how almost all projects begin. in this case, having the wrong model work is a must. nobody takes 6 months to make sure the model is right before beginning to write code anymore.
I think REST will benefit from people getting it wrong and writing verbs in URLs. I think this is sane, and that you should let go.
(replacing my previous reply with a more elaborate one)
Not all models are equal, but if you are building web services that are consumed over HTTP, the chosen resource model is a key. When you have verbs in your URIs, it generally implies that the application is using HTTP verbs in ways not intended by RFC 2616. In fact, most POST-only or GET-only web services are using HTTP in incorrect ways, potentially confusing intermediaries such as caches and proxies. So, instead of emphasizing on RPC-style methods, by focusing on resource modeling, it is not tough or time consuming to come up with a model that can take advantage of HTTP well.
If you think this is insane, and that we should all let go, please give examples or use cases.
One misunderstanding of REST is the implicit association with language specific paradigms such as MVC. When you are talking about creating a RESTful application, it doesn’t mean that your URLs map directly to your model objects. It means that you have constructed the interface to your application RESTfully.
A RESTful application doesn’t suggest OO, functional or any other “kind” of programming. You may or may not have “model” objects. The implementation of a RESTful service or application should not have an impact on the design of its interface.
I think the focus on MVC has been incorrectly mixed with the helpfulness of conventions. The Rails conventions for mapping the URL to controllers is very helpful in many cases, but it does not define how all applications should be designed.
>> I think the focus on MVC has been incorrectly mixed with the helpfulness of conventions. The Rails conventions for mapping the URL to controllers is very helpful in many cases, but it does not define how all applications should be designed.
Can’t agree more. Action oriented frameworks and/or mindset encourage RCP-style action-oriented interfaces (http://www.subbu.org/weblogs/main/2007/12/why_is_bad_rest.html).