LLMpediaThe first transparent, open encyclopedia generated by LLMs

REST (Representational State Transfer)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GraphQL Hop 4
Expansion Funnel Raw 83 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted83
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
REST (Representational State Transfer)
NameRepresentational State Transfer
DeveloperRoy Fielding
Introduced2000
InfluencedHTTP/1.1, Uniform Resource Identifier, SOAP, GraphQL, JSON:API

REST (Representational State Transfer) REST is an architectural style for distributed systems introduced in the doctoral dissertation of Roy Fielding. It describes a set of constraints for designing networked applications that emphasize scalability, loose coupling, and a uniform interface. REST has strongly influenced web technologies such as HTTP/1.1, Uniform Resource Identifier, and many application programming interfaces used by organizations including Amazon (company), Google, Facebook, Twitter.

Overview

REST originated in the context of work on HTTP/1.1 and the evolution of the World Wide Web within the Internet Engineering Task Force and W3C. The model frames interactions in terms of resources identified by Uniform Resource Identifiers, manipulated via a standardized set of operations, commonly deployed over Hypertext Transfer Protocol with representation formats such as JSON, XML, HTML. Major implementers and adopters include Amazon Web Services, Microsoft Azure, Google Cloud Platform, Twitter, Inc., GitHub, Spotify, Salesforce. Related standards and protocols that intersect with REST design include TLS, OAuth 2.0, OpenID Connect, CORS, and HTTP/2.

Principles and Constraints

REST is defined by architectural constraints described in Fielding’s dissertation: client–server separation, stateless interactions, cacheable responses, uniform interface, layered system, and optional code-on-demand. The uniform interface is realized via methods of Hypertext Transfer Protocol such as GET, POST, PUT, DELETE, PATCH, and via media types like application/json, text/html, application/xml. Statelessness simplifies scalability for platforms like Amazon Web Services and Google App Engine and interacts with identity systems such as OAuth 2.0 and SAML. Cache control directives influence intermediaries from Akamai Technologies to Cloudflare and integrate with standards from IETF and W3C.

Architecture and Components

A RESTful architecture decomposes a system into resources, clients, servers, and intermediaries (proxies, gateways, caches). Resource identifiers use Uniform Resource Identifiers and resource state is exchanged as representations encoded with formats such as JSON, XML, YAML, Protocol Buffers. Common components and tooling include API gateways from Kong (company), NGINX, Envoy (software), and service mesh projects like Istio, Linkerd. Design patterns include HATEOAS, pagination strategies used by GitHub, versioning approaches used by Twitter, rate limiting employed by Stripe, and hypermedia formats like HAL (Hypertext Application Language), JSON-LD, Siren (Hypermedia).

HTTP Usage and Best Practices

Practical REST implementations rely heavily on Hypertext Transfer Protocol semantics: correct use of status codes (200, 201, 204, 400, 401, 403, 404, 409, 422, 500), idempotent methods for safe retries, and cacheable responses for performance. Content negotiation between clients such as Mozilla Firefox, Google Chrome, curl and servers like Apache HTTP Server, NGINX uses Accept headers and media types. API design best practices are promulgated by organizations including OpenAPI Initiative, API Blueprint, Swagger (software), and corporate guides from Microsoft, Google, Netflix. Documentation and developer portals leverage tools like Swagger UI, Redoc, and platforms such as Postman and Stoplight.

Security and Performance Considerations

Security layers often combine transport security via TLS, authentication and authorization via OAuth 2.0, OpenID Connect, JSON Web Token, and protections against threats cataloged by MITRE and guidance from OWASP. Rate limiting, circuit breakers inspired by Netflix OSS, throttling, and caching strategies from Varnish and Cloudflare mitigate performance and availability risks. Monitoring and observability integrate with systems like Prometheus, Grafana, New Relic, and Datadog while fault isolation leverages patterns from Kubernetes and Docker (software). Compliance considerations may reference regulations such as General Data Protection Regulation and standards from ISO.

Criticism and Alternatives

Critics argue that many APIs labeled RESTful violate core constraints, leading to inconsistency and the so-called “RESTful” anti-patterns noted by authors and practitioners associated with Martin Fowler, Sam Newman, and Richardson Maturity Model. Alternatives and evolutions include GraphQL from Facebook, gRPC by Google, RPC frameworks such as Apache Thrift and Protocol Buffers, and hypermedia-driven approaches advocated by Roy Fielding and other web architects. Industry shifts toward stateful streaming APIs like WebSocket and event-driven architectures using Apache Kafka, Amazon Kinesis, or NATS offer different trade-offs for specific workloads.

Category:Web APIs