tags:

views:

236

answers:

5
+7  Q: 

REST best-practice for overlong URIs

I have REST services which should receive really long queries via GET. Say for example I want to query a service with many geographical coordinates to find out something about all this coordinates.

1) My first thought was to use long URIs and increase the max URI length of the servlet container.

It would look like this: 

GET http://some.test/myresource?query={really big JSON object}

But it seems that URIs longer than 2 KB are not reliable due to old proxy servers (is that right?).

2) My workaround is to create a temporary resource via POST first and use the URI of this resource as parameter in the actual GET request. That would look like this:

POST http://some.test/temp
Request Body: {really big JSON object}

201 Created Location: http://some.test/temp/12309871

GET http://some.test/myresource?query=http://some.test/temp/12309871

3) Use body of GET request. I've read the answers to the question whether it is a good idea to use the body of a GET request for the query, and the consensus is: no. Even Roy Fielding says that this is a bad idea.

4) Another approach could be to interpret POST as "create query result resource" and delete this resource after the request. But I consider that to be not RESTful and to be a bad idea.

Is there a better way to handle big queries with GET requests?

+4  A: 

I thought that the whole point in REST was to work on "documents" (or something alike). The URI part of a request is there to identify uniquely the resource to work on. The body part in contrast is there for the "contents" part of the document.

Hence, use the "body" part of the request.

Also note that the semantics of a "GET" request isn't supposed to be used for "PUTTING" or "POSTING" documents (comment in relation to your "query" example above which seems to "create" an object).

In any case, as you have pointed out, the URI part is limited (for good reason I am sure).

If you are concerned with caching, then the use of ETag/Last-Modified fields (in conjunction with "conditional GET" helps for this purpose.

jldupont  2010-01-15 11:03:17
This is all within the rules, but there are some serious disadvantages in using the body of a GET request. Some are explained in this SO post: http://stackoverflow.com/questions/978061/
Daniel Vassallo  2010-01-15 11:27:23
If you are referring to caching for lowering transfer cost: you should anyhow use the Etag/Last-modified header fields which serve this purpose. "Conditional GET" helps for this purpose.
jldupont  2010-01-15 11:39:42
what is it today with the "drive-by down-votes without comment" ???
jldupont  2010-01-15 19:32:18
A: 

Can't you just send the big JSON data with the GET request body, instead of creating the temp resource?

Although it's not 100% kosher, i've found it works nicely with firefox and IE and IMO, the querystring is inelegant and usually exposes implementation details that don't belong in the URI. Just make sure to add a cache buster querystring parameter if you need up-to-date data because the server will ignore the data when determining whether it can return a cached response.

See here for a discussion of pros and cons of stuffing data in the GET request body.

axel_c  2010-01-15 11:06:38
Thanks for the link to the discussion. Seems like GET + request body is not a good idea.
deamon  2010-01-15 11:24:17
+4  A: 

If you are using a GET request to send large objects, you are not using REST correctly.

  • GET should be used for retrieving resources (via some sort of unique identifier)
  • POST should be used for creating resources (with the contents in the body)
  • PUT should be used for updating a resource (with the contents in the body)
  • DELETE should be used for deleting a resource

If you follow these guidelines you will never have to have overly long URIs.

Some best practice REST guidelines are here: http://www.xml.com/pub/a/2004/08/11/rest.html

DanSingerman  2010-01-15 11:12:59
You might need to specify parameters for the way in which a resource is retrieved via GET (for example, 'include empty fields' or 'compress data' or 'open for editing')The question here is, how to pass those parameters, not what http verb to use.
axel_c  2010-01-15 11:16:31
Specifying parameters is fine, but you have a badly designed REST service if you need ~2KB worth of parameters!
DanSingerman  2010-01-15 11:21:48
@DanSingerman: Agreed :)
axel_c  2010-01-15 11:22:39
I agree with you, but what is with list resources and params that filter this list? In my case these filter conditions can be really big and I don't know how to avoid them. I cannot work with short identifiers without filters.
deamon  2010-01-15 11:27:50
I would seriously think about the design of your service. If you really really need >2 Kb of parameters, then I think what you are doing is fairly sensible - i.e. treating your params object as a different type of resource, which you create and then use against the resources in question here.
DanSingerman  2010-01-15 11:42:36
Treat the params object as a resource is what I do with the temporary resource approach. I've added an example at the beginning to explain why I need such big query objects.
deamon  2010-01-15 14:51:16
POST is absolutely not for updating a resource. It can be used as such, but it's not what it means. It means "hey you resource I'm posting to, take what I give you and do something with it, i'll wait for a response". Nothing else.
serialseb  2010-01-17 01:59:59
+1  A: 

Here is a slight variation on your second option. Create yourself a processor resource called QueryMaker. POST your parameters to it and let it redirect you to a temporary query resource that will return your results.

POST /QueryMaker
Body: Big Json representation of parameters

303: See Other
Location: http://example.org/TemporaryQueries/123213
Darrel Miller  2010-01-15 14:01:00
A: 

The biggest limitation of URL lengths on the open Web is actually IE, which constraints them to 2083 characters.

Some proxies (e.g., all but the most recent versions of Squid) will limit them to about 4k, although this is moving towards 8k slowly.

Your #2 workaround is a good approach, depending on your use case.

Sending bodies on GETs may be allowed by some implementations, and disallowed by others, so it's a bad idea for interoperability as well as theoretical reasons. Most importantly, how will a cache know what to use as a key?

Mark Nottingham  2010-04-15 02:53:11

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.