ansaurus

Question

RESTful idempotence

Answer 1

+1 A:

I'm not sure I have a direct answer to your question, but I see a few issues that may lead to answers.

Your first operation is a GET, but it is not a safe operation as it is "creating" a new transaction Id. I would suggest POST is a more appropriate verb to use.

You mention that you are concerned about performance issues that would be perceived by the user caused by two round trips. Is this because your user is going to create 500 objects at once, or because you are on a network with massive latency problems?

If two round trips are not a reasonable expense for creating an object in response to a user request, then I would suggest HTTP is not the right protocol for your scenario. If however, your user needs to create large amounts of objects at once, then we can probably find a better way of exposing resources to enable that.

Darrel Miller 2010-06-02 03:42:28

Yup, you're right, it should be a POST, I changed it.Your response may be highlighting my inexperience with this architecture. I previously have built this application using ASP.NET and it is very, very slow.

DutrowLLC 2010-06-02 03:52:14

@DutrowLLC I am quite confident that your app is not slow because you are making two round trips when the user creates an object.

Darrel Miller 2010-06-05 03:40:32

Yes, ASP.NET was poorly suited to the project and seemed to have very high overhead that slowed everything down. Additionally, I used Entity Framework which can also be very inefficient.

DutrowLLC 2010-06-05 04:36:49

Answer 2

+1 A:

You are using the wrong HTTP verb for your create operation. RFC 2616 specifies the semantic of the operations for POST and PUT.

Paragraph 9.5:

POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line

Paragraph 9.6

PUT method requests that the enclosed entity be stored under the supplied Request-URI.

There are subtle details of that behavior, for example PUT can be used to create new resource at the specified URL, if one does not already exist. However, POST should never put the new entity at the request URL and PUT should always put any new entity at the request URL. This relationship to the request URL defines POST as CREATE and PUT as UPDATE.

As per that semantic, if you want to use PUT to create a new person, it should be created in /CREATE_PERSON/{transaction_id}. In other words, the transaction ID returned by your first request should be the person key used to fetch that record later. You shouldn't make PUT request to a URL that is not going to be the final location of that record.

Better yet, though, you can do this as an atomic operation by using a POST to /CREATE_PERSON. This allows you with a single request to create the new person record and in the response to get the new ID (which should also be referred in the HTTP Location header as well).

Meanwhile, the REST guidelines specify that verbs should not be part of the resource URL. Thus, the URL to create new person should be the same as the location to get the list of all persons - /PERSONS (I prefer the plural form :-)).

Thus, your REST API becomes:

to get all persons - GET /PERSONS
to get single person - GET /PERSONS/{id}
to create new person - POST /PERSONS with the body containing the data for the new record
to update existing person or create new person with well-known id - PUT /PERSONS/{id} with the body containing the data for the updated record.
to delete existing person - DELETE /PERSONS/{id}

Note: I personally prefer not using PUT for creating records for two reasons, unless I need to create a sub record that has the same id as an already existing record from a different data set (also known as 'the poor man's foreign key' :-)).

Update: You are right that POST is not idempotent and that is as per HTTP spec. POST will always return a new resource. In your example above that new resource will be the transaction context.

However, my point is that you want the PUT to be used to create a new resource (a person record) and according to the HTTP spec, that new resource itself should be located at the URL. In particular, where your approach breaks is that the URL you use with the PUT is a representation of the transactional context that was created by the POST, not a representation of the new resource itself. In other words, the person record is a side effect of updating the transaction record, not the immediate result of it (the updated transaction record).

Of course, with this approach the PUT request will be idempotent, since once the person record is created and the transaction is 'finalized', subsequent PUT requests will do nothing. But now you have a different problem - to actually update that person record, you will need to make a PUT request to a different URL - one that represents the person record, not the transaction in which it was created. So now you have two separate URLs your API clients have to know and make requests against to manipulate the same resource.

Or you could have a complete representation of the last resource state copied in the transaction record as well and have person record updates go through the transaction URL for updates as well. But at this point, the transaction URL is for intends and purposes the person record, which means it was created by the POST request in first place.

Franci Penov 2010-06-02 03:56:28

You are correct that I should have used POST instead of GET.

DutrowLLC 2010-06-02 04:34:47

If you'd like for the resource name to sound more like a noun, you could rename it to CREATE_PERSON_TRANSACTION.The request: PUT CREATE_PERSON_TRANSACTION/{transaction_id} does not violate the rule that the resource must be saved at that URL because:GET CREATE_PERSON_TRANSACTION/{transaction_id} would return information on the transaction such as if the transaction is in progress or finished. It would not return a person.

DutrowLLC 2010-06-02 04:45:13

Using POST PERSONS/ to create a new person resource is not idempotent. Idempotent means that the request can be executed once or many times and the result would be the same. This is important because an idempotent request can be re-sent by the client if the client does not receive a response. The reason I posted this question was to get ideas on creating resources idempotently.

DutrowLLC 2010-06-02 04:48:33

@Franci I agree the resource names chosen are confusing, but I don't agree that the operations he is performing are a problem. Just change the names to POST /PersonIdentifiers PUT/Person/{Identifier} I see no problem creating an identifier as a separate step. As long as no two identical identifiers are ever created and there is no requirement that every identifier must actually be used to create a person then it seems fine to me.

Darrel Miller 2010-06-02 19:13:14

@Darrel - that's what I was trying to get him to do. However, he wants to create a separate transaction id with the POST request and create the person record with a PUT to a URL for transaction, and get back the actual person id.

Franci Penov 2010-06-02 20:32:00

@Franci Ok, I missed that PersonKey. Yeah, I agree that's wierd. The whole point of a uniform interface is that you do stuff that people expect, not just conform to the letter of the law.

Darrel Miller 2010-06-02 22:28:18

@Franci - I just saw your update. I think you are right, the approach that I propose is too messy. I'm considering just letting the client create a GUID as a key to the resource. That way to create or update a resource, they can just do PUT PERSON/{GUID}. Then GET PERSON/{GUID} to read it. Before, I hadn't considered the possibility that the client might have been able to dictate the resource key. Thanks a lot for your feedback on this issue.

DutrowLLC 2010-06-06 02:14:17

Answer 3

A:

Why don't you just use a simple POST, also including the payload on your first call. This way you save on extra call and don't have to spawn a transaction:


POST /persons

first_name=foo

response would be:


HTTP 201 CREATED
...
payload_containing_data_and_auto_generated_id

server-internally an id would be generated. for simplicity i would go for an artifial primary key (e.g. auto-increment id from database).

manuel aldana 2010-06-02 20:16:06

That is the right way to do it, but that POST request is not an idempotent request, which seems to bug the OP.

Franci Penov 2010-06-02 20:32:39

ah, i see... now the question is why does it need to be idempotent?

manuel aldana 2010-06-02 20:52:16

Answer 4

A:

I just came across this post: http://stackoverflow.com/questions/1705008/simple-proof-that-guid-is-not-unique

Although the question is universally ridiculed, some of the answers go into deeper explanation of GUIDs. It seems that a GUID is a number of 128^2 in size and that the odds of randomly generating two of the same numbers of this size so low as to be impossible for all practical purposes.

Perhaps the client could just generate its own transaction id the size of a GUID instead of querying the server for one. If anyone can discredit this, please let me know.

DutrowLLC 2010-06-05 01:39:40

It would be absolutely valid to create a GUID on the client and then do PUT /Person/{Guid} However, I really don't understand what this notion of a "transaction id" is for.

Darrel Miller 2010-06-05 03:38:59

Maybe a better term in this case would be "request_id." The idea is so the client can make the same request again if it does not receive a response from the server the first time and be confident of idempotence. The request would be idempotent because the server could look at the request_id and if it matched a request that was already made, it would send a response indicating the request was a duplicate instead of processing the request again and adding a duplicate person to the database.

DutrowLLC 2010-06-05 04:16:45

ansaurus

tags:

views:

answers:

RESTful idempotence

Edit::::::

related questions