Listen to Episode 7 of the Product Management Leaders Podcast to uncover strategies and tactics for building world-class products.
A REST API is a simple, standardized method of communication between web clients and servers. The main building blocks of the REST API are the request and the response. Learn about the REST API and how to issue requests and receive response data.
A REST API is a web service that uses the REST architectural style to exchange data between clients and servers. REST stands for ‘Representational State Transfer and web services that adhere to the REST style must satisfy a set of constraints:
- Client-server architecture. Separation of user interface and data storage components
- Stateless. The client maintains the state information and each request contains the data needed for the server to respond
- Cacheable communications protocol. Clients and intermediaries may cache responses to improve scalability and performance
- Layered system. Proxies and other intermediaries may transparently assist the server with processing a client request to improve scalability
- Uniform interface. For web services, a URI describes the resource and HTTP methods describe the request
When you browse a social media website, the web server would probably use a REST API to request data from a database server. Then, the website formats the data and feeds it to you.
Apps that use the REST API set of rules to communicate are also called RESTful web services.
How it Works
RESTful web services are standardized. A client requests server resources using HTTP methods – usually, GET, POST, PUT and DELETE.
- GET. Extracts data from a server
- POST. Creates new data on a server
- PUT. Updates existing data on a server
- DELETE. Deletes resources from a server
The server response could be JSON, images, HTML, or audio files stored at a given URL.
In REST, URLs are called resources, while the data sent to you is a response.
The Request Anatomy
Each request consists of four elements – the resource, method, headers and data body. To comply with a request, you need to perform the following steps:
- Choose your method. Determine which type of request – GET, POST, PUT or DELETE – you send to the server
- Identify your header. Like in usual letters, request headers provide valuable information about the request body, authentication or security. You can group headers by their context or how proxies handle
- Determine the message data. The message body contains the information you want to send to the server. This option can be used in POST, PUT and DELETE requests
Securing REST APIs
REST APIs have no built-in security features or encryption. Here are some tips to ensure data privacy and integrity:
- Don’t include unnecessary data such as user names in URLs
- Hash all passwords
- Secure your REST APIs by using HTTPS
- Add timestamps to requests