Web services are software systems designed to support interoperable machine-to-machine interaction over a network.
Questions tagged [web-services]
607 questions
117
votes
4 answers
Should cookies be used in a RESTful API?
I'm specifically interested in how users perform authorized / authenticated operations on a web API.
Are authentication cookies compatible with the REST philosophy, and why?
Brandon Linton
- 1,755
116
votes
17 answers
Why should 'boneheaded' exceptions not be caught, especially in server code?
I am confused because in quite a few places I've already read that the so-called 'boneheaded' exceptions (ones that result from bugs in code) are not supposed to be caught. Instead, they must be allowed to crash the application:
Vexing exceptions,…
gaazkam
- 4,529
88
votes
3 answers
Difference between Web API and Web Service?
I have heard a lot about Web Services and Web APIs, is there any difference between them or are they the same?
Harish Kurup
- 1,269
79
votes
6 answers
Why is it so bad to read data from a database "owned" by a different microservice
I have recently read this excellent article on the microservice architecture: http://www.infoq.com/articles/microservices-intro
It states that when you load a web page on Amazon, then 100+ microservices cooperate to serve that page.
That article…
David
- 4,449
72
votes
7 answers
How essential is it to make a service layer?
I started building an app in 3 layers (DAL, BL, UI) [it mainly handles CRM, some sales reports and inventory].
A colleague told me that I must move to service layer pattern, that developers came to service pattern from their experience and it is the…
BornToCode
- 1,273
65
votes
10 answers
When would you use a long, string ID instead of a simple integer?
I'd like to use Youtube as an example: they use IDs in the form of PEckzwggd78.
Why don't they use simple integers?
Or imgur.com - they also use IDs such as 9b6tMZS for images and galleries. Not sequential integers.
Why don't they use integers…
Rakori
- 797
64
votes
3 answers
What is the present-day significance of SOAP
Last I encountered a SOAP based service was during my internship in a financial firm in 2013. That was the time when I started my career in IT. I remember having some study material about SOAP in one of my engineering course. Outside of that, I…
Abhas Tandon
- 733
53
votes
9 answers
Should you guard against unexpected values from external APIs?
Lets say you are coding a function that takes input from an external API MyAPI.
That external API MyAPI has a contract that states it will return a string or a number.
Is it recommended to guard against things like null, undefined, boolean, etc.…
Adam Thompson
- 1,253
47
votes
2 answers
Suggested HTTP REST status code for 'request limit reached'
I'm putting together a spec for a REST service, part of which will incorporate the ability to throttle users service-wide and on groups of, or on individual, resources. Equally, time-outs for these would be configurable per…
Andras Zoltan
- 901
44
votes
4 answers
REST - Tradeoffs between content negotiation via Accept header versus extensions
I'm working through designing a RESTful API. We know we want to return JSON and XML for any given resource. I had been thinking we would do something like this:
GET /api/something?param1=value1
Accept: application/xml (or…
Brandon Linton
- 1,755
43
votes
5 answers
Why not use SQL instead of GraphQL?
Recently I learned about GraphQL which claims to be superior to RESTful. However, I started wondering why don't we simply put SQL statements into an HTTP GET request.
For example, in GraphQL I would write
{
Movie(id: "cixos5gtq0ogi0126tvekxo27")…
nalzok
- 579
38
votes
4 answers
Best practices for execution of untrusted code
I have a project where I need to allow users to run arbitrary, untrusted python code (a bit like this) against my server. I'm fairly new to python and I'd like to avoid making any mistakes that introduce security holes or other vulnerabilities into…
p.s.w.g
- 4,215
37
votes
3 answers
When are RPC-ish approaches more appropriate than REST?
After watching this talk on REST, Reuse and Serendipity by Steve Vinoski, I wonder if there are business cases in greenfield projects for (XML-)RPC-ish setups, that REST could not solve in a better way.
A few RPC-Problems he mentions:
Focus on…
miku
- 1,508
36
votes
4 answers
Should MVC/REST return a 403 or 404 for resources belonging to other users?
When working with a resource-based site (such as an MVC application or REST service), we have two main options when a client tries to GET a resource that they don't have access to:
403, which says that the client is unauthorized; or
404, which says…
Aaronaught
- 44,523
32
votes
3 answers
Should I return a 204 or a 404 response when a resource is not found?
I am developing a simple RESTful service for tournaments and schedules. When a tournament is created through a POST request containing a JSON body, the tournament is inserted in a BiMap, declared as follows in a DAO implementation:
private…
dabadaba
- 2,266