THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
This page is meant to start as a conceptual design for a 2nd generation REST API for ESME. The idea is to learn from the discussions around and use of the original REST API.
REST API Design
Streams vs. Resources
In the design below, all parts of ESME are modeled as resources, in keeping with a RESTful approach. For things like message streams, this is not an optimal way to model these entities. I'd like to maintain the ability to interface with the full ESME API in a RESTful manner, while also encouraging the use of more optimal interface approaches when this makes sense.
The existing entities called out as resources below that should be available in some manner as streams are:
- Messages (user-specific) api/users/USERID/messages
- Messages api/messages
- Tags (api/tags)
- Conversations (api/conversations)
- Pools (api/pools)
- Searches ??
References -
Dev mailing list thread - http://www.mail-archive.com/esme-dev@incubator.apache.org/msg00976.html
Methods, Resources, and Descriptions
Resource |
Method |
Description/Payload schema/Response schema |
|---|---|---|
api/sessions |
GET,POST |
|
api/sessions/SESSIONID |
DELETE |
|
api/users |
GET |
|
api/users/USERID/messages |
GET |
should support/encourage a stream-based interface |
api/users/USERID/followees |
GET |
|
api/users/USERID/followers |
GET |
|
api/users/USERID/followees/USERID |
POST,DELETE |
or POST api/users/USERID/followees?user=USERID2 |
api/users/USERID/tracks |
GET,POST |
|
api/users/USERID/tracks/TRACKID |
DELETE |
|
api/users/USERID/actions |
GET,POST |
|
api/users/USERID/actions/ACTIONID |
PUT,DELETE |
|
api/messages/MESSAGEID |
GET,PUT?,DELETE? |
|
api/messages |
POST |
|
api/tags |
GET |
Return all of the tags, or user-specific tags (GET api/tags/USERID?) and let the front-end decide what to do with it. |
api/tags/TAGID |
GET |
Gets the information about a particular tag |
api/conversations/CONVERSATIONID |
GET |
One point to note is that many HTTP clients do not currently support the "PUT" or "DELETE" methods, so these may have to be simulated through POST methods with an extra parameter. I think that because of the close mapping to resource verbs, is worth using these methods in the specification and defining the simulation method for the entire API separately.
Streams
There are a lot of ways we can model streams and I'm very interested in input here, as this is not an area that I am familiar with (though I hope to learn quickly from some of the experts on the project). Options for interfacing to streams that I have seen:
- XMPP - http://xmpp.org/
- AMQP - http://jira.amqp.org/confluence/display/AMQP/Advanced+Message+Queuing+Protocol
- HTTP
- Polling (bad)
- Comet/long-polling - Bayeux - http://svn.cometd.com/trunk/bayeux/bayeux.html
- Reverse HTTP - http://www.reversehttp.net/
Resource/Object/Stream Hierarchy
The above is based on a rough object hierarchy as follows:
- ESME API instance (api/)
- Sessions (api/sessions)
- Users (api/users)
- Messages posted by a user (api/users/USERID/messages) (1)
- Users followed by a user (api/users/USERID/followees)
- Users following a user (api/users/USERID/followers)
- Trackers belonging to a user (api/users/USERID/tracks)
- Actions belonging to a user (api/users/USERID/actions)
- Messages (api/messages) (1)
- Tags (api/tags) (1)
- Conversations (api/conversations) (1)
- Pools (api/pools) (1)
- ?
- Searches ?? (1)
- Trends ??
(1) Stream interface should be available and use should be encouraged
Each of these bullets represents a set of objects. The resource representing an individual object lives at api/objects/OBJECTID. For example, api/sessions/SESSIONID. As much as is reasonable, one would expect to be able to GET (read), POST (create), PUT (update/amend), or DELETE (delete) any individual member of each of these object sets. Going through each of these objects to ask what it would mean to create, read, update, or delete that object may reveal holes in the existing API, some of which I have filled in above.
Formats
Request formats
Format specification
If there is a request body, format should be specified using the Content-Type HTTP header.
Formats to be supported
- XML ?
- JSON ?
- Multi-part Form-encoded ?
- Form-encoded
Response formats
Format specification
Format could be specified using the HTTP Accept header - http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
Another option (though not as robust) would be to append the format to the resource request url. For example /api/users/USERID.json
Formats to be supported
- XML ?
- JSON ?
- ...
Authorization
Currently the ESME REST API uses tokens as the authorization mechanism. A token is used to establish a session and then the session is used to persist the authorization of the API client across the length of the session.
There are a couple of problems with this, though we don't have a better approach at the moment:
- Sessions are not natively supported in a lot of API programming environments, especially environments that do not have a persistent data-store available to the application.
- The current API design appears encourage that the token sent to establish the session be sent in the clear over an unencrypted connection.
Points for discussion, resolution, further work
- Is the use of HTTP sessions necessary? Is it desirable?
- Request signing methods?
- Payload and response schemas must be defined
- Should API contain admin functions?
- Webhooks (http://blog.webhooks.org/)
- ESME has webhooks as part of its actions framework, but we may want to document their existence as part of the API, and possibly improve the functionality if there are use cases (http://incubator.apache.org/esme/actions.html)
- What is a conversation?
- Authorization approach (see above)