Introduction
REST stands for Representational State Transfer and API stands for Application Programming Interface. Let's break these two down individually.
REST is essentially the exchange of data between a client side interface (usually browsers) and a server side interface (servers). This interaction is what we're referring to when we talk about REST, nothing more, nothing less.
The most important letter in API is the I, interface. An interface is simply some outward facing means of communicating with something else. An API is some piece of software that we can use to avoid re-inventing the wheel every time we build our own software.
So to tie the two together. A REST API is an online interface that we can use to interact with data stores to build more robust applications.
What do they look like?
REST APIs are essentially just web applications that only return data (usually in the form of JSON) instead of doing something like returning HTML, CSS, and JS. So, even though they return different data, they perform incredibly similar to the web applications we are used to building. Let's see just how.
Behaviors in a typical REST API
Almost all REST APIs have these five basic interactions with the data they host:
- Create or add new resource
- Read all resources
- Read an individual resource
- Update/change a resource
- Delete a resource
Those letters should look familiar. These are the basic CRUD operations! There are certainly more than this. But these are by far the most frequently used.
How to Use a REST API
We interact with APIs using specific URIs or endpoints. Depending on the type of HTTP Request we make, the API responds differently. so for example, if we navigate to https://api.github.com/users/<your-github-username> (replacing "
What Else?
So when we pair these sorts of end points with different HTTP requests, we can fully interact with these interfaces. Here are examples with a fictional REST API:
| HTTP Verb | Endpoint | Result |
|---|---|---|
| GET | api.wcci.com/instructors | Returns all WCCI instructors |
| GET | api.wcci.com/instructors/1 | Returns instructor with ID of 1 |
| POST | api.wcci.com/instructors | Creates a new instructor |
| PUT | api.wcci.com/instructors/1 | Replaces instructor with ID of 1 with new instructor |
| PATCH | api.wcci.com/instructors/1 | Updates specific properties of instructor with ID of 1 |
| DELETE | api.wcci.com/instructors/1 | Deletes instructor with ID of 1 |
Security?
Wait... If these things let you manipulate data, doesn't that make them extremely vulnerable to nefarious activity? Yes and no. If left unsecured, then yes, a production REST API would be incredibly vulnerable. So most public APIs, GitHubs for example, will only let you read public information. So anything that a user makes private is not visible to people using the public API. You also cannot create, update, or delete anything. To perform these sorts of activities you have to be authenticated.
Now that's way out of scope for us, but keep in mind that if you are going to put an API into production, it should be extremely secure or you risk making all data in your DB available. The APIs that we will be making locally are safe though, since they'll just exist in our local environments.
Making APIs
In most frameworks, making a REST Controller instead of a Controller that returns a template or something similar is just to simply change the return type of the routing method and maybe add an annotation (Java & C#). Your instructor can show you how this works in your respective language.
Conclusion
REST APIs are an extremely powerful tool to have in your Web Dev toolbox. They allow you to pull data from multiple different sources as well as work with data sets that you would otherwise have to create yourself. Take care to practice building them as well as consuming them through your applications