Search code examples
restapi-design

what's the real added value in REST routes?

AFAIU, RESTful API use http nomenclature to organize API.
From an exemple taken best practices you'll end up with:

http://api.college.com/students/3248234/courses/physics

What's the real advantage, from more naïve approach such as:

http://api.college.com/course_show?STUDENTID=3248234&COURSETYPE=physics
http://api.college.com/ratings_show?STUDENTID=3248234&COURSETYPE=physics

From my view point, first uri mixes stuffs: objects (students, courses) and their params (id for students, type for course). I fell it's a mess.
Moreover, we don't really know what's shown. It is the course taken by this student ? Or the rating our student achieved ? We can suspect that ratings would have been added at the end like .../courses/physics/ratings, but we can't be sure, since the last word is a parameters, not an object.

Second approach is more object oriented, like Course.show(**kwargs), and anyway has the advantage to separate function (or call it method) and parameters (or call it arguments).

Additional point, with this semantic, you can do CRUD but can be more detailed in your interface, like /course_delete or /course_suspend or /course_postpone

So two questions:
1- what's the real advantage of REST nomenclature on web API routing ? Isn't just hype ?
2- from security viewpoint, in my exemples, I suspect first url is less secure than second (flask had a problem with that if I remember well), is it correct ?

Solution

  • what's the real advantage of REST nomenclature on web API routing ? Isn't just hype ?

    REST doesn't care what spelling you use for your identifiers.

    URI Templates are a convenient way to generalize identifiers for different resources; this convenience is most frequently seen in mapping resource identifiers to implementations in the server, but are also sometimes seen as a means to describe a family of identifiers to a client that understands hypermedia representations.

    Judicious use of path segments when describing a hierarchy of resources, allows you to take advantage of the client's ability to resolve relative references.

    from security viewpoint, in my exemples, I suspect first url is less secure than second (flask had a problem with that if I remember well), is it correct ?

    No? Neither of them offers any security at all; they are just identifiers.