RESTful web services
Generated by GPT-5-miniExpansion Funnel Raw 128 → Dedup 0 → NER 0 → Enqueued 0
| RESTful web services | |
|---|---|
| Name | RESTful web services |
| Caption | Typical client–server interaction over HTTP |
| Developer | Roy Fielding |
| Released | 2000s |
| Genre | Web API, distributed computing |
RESTful web services are architectural approaches for designing networked applications that use representational state transfer principles to expose resources over the HTTP protocol. They emerged from architectural research and standards activity in the early 2000s and have influenced implementations across commercial, academic, and open-source organizations and institutions worldwide. Adoption spans enterprises, cloud providers, research labs, and projects pioneered by figures and groups in the software engineering and internet standards communities.
Overview
RESTful designs treat addressable entities as resources identified by URIs, enabling interactions via HTTP between clients and servers. The model emphasizes stateless interactions, uniform interfaces, and layered systems, concepts that trace to academic work and standards activity involving contributors associated with University of California, Irvine, Internet Engineering Task Force, World Wide Web Consortium, and individuals linked to the development of the Hypertext Transfer Protocol. Key adopters include major technology companies and projects such as Amazon (company), Google, Microsoft, IBM, Netflix, GitHub, Twitter, Facebook, Red Hat, Oracle Corporation, Apache Software Foundation, and Mozilla.
Architectural Principles
Core principles derive from the representational state transfer paradigm formulated by Roy Fielding during his doctoral work; these include statelessness, resource identification, and cacheable responses. Systems following these principles often reference layered constraints used by large-scale platforms like Amazon Web Services, Google Cloud Platform, Microsoft Azure, Heroku, and content distribution networks such as Akamai Technologies and Cloudflare. Design choices reflect trade-offs familiar to architects from projects at NASA, European Space Agency, CERN, and enterprise systems in Goldman Sachs, JPMorgan Chase, and Salesforce. The uniform interface constraint enables intermediaries including proxies and gateways developed by companies like F5 Networks and Cisco Systems to operate effectively.
HTTP Methods and Resource Modeling
HTTP verbs (methods) are mapped to CRUD-like operations in resource-oriented designs: GET, POST, PUT, PATCH, DELETE, and OPTIONS. Major adopters in industry and academia apply these mappings in systems at Netflix, Spotify, Airbnb, Uber Technologies, eBay, PayPal, Square (company), Stripe (company), Dropbox, Box, Inc., and government projects in United States Department of Defense modernization programs. Resource modeling often references canonical patterns discussed in literature from conferences hosted by ACM, IEEE, O’Reilly Media, and workshops at Stanford University, Massachusetts Institute of Technology, and Carnegie Mellon University.
Data Formats and Content Negotiation
Payload formats commonly include JSON, XML, and media types negotiated via HTTP Accept headers, practices standardized in documents and community efforts involving IETF working groups and contributors from W3C. Large platforms and projects—Facebook, LinkedIn, Instagram (service), YouTube, Reddit, Stack Overflow, GitLab, Bitbucket, Wikipedia, Wikimedia Foundation—publish API formats and versioning strategies that demonstrate content negotiation and serialization choices. Data schema and contract techniques draw on specifications and tools from OpenAPI Initiative, Swagger, GraphQL Foundation, and schema work influenced by research at National Institute of Standards and Technology and university consortia.
Security and Authentication
Security models employ TLS, OAuth, API keys, JWT tokens, and mutual authentication schemes. Industry and standards authorities such as OAuth Working Group, IETF OAuth Working Group, OpenID Foundation, Internet Security Research Group, and vendors like Okta, Auth0, Duo Security, Cisco Systems, and Palo Alto Networks provide libraries and guidance. High-assurance deployments at Bank of America, Citigroup, HSBC, European Central Bank, and critical infrastructure projects reference compliance standards and audits from bodies like ISO, NIST, PCI Security Standards Council, and regulatory frameworks influenced by institutions including European Commission and U.S. Department of Commerce.
Design Best Practices and Patterns
Design patterns include resource hierarchy, HATEOAS, pagination, rate limiting, versioning, idempotency, and error handling schemas following conventions applied by Google Cloud, Amazon API Gateway, Microsoft Graph, Stripe, Twitter API, GitHub API, LinkedIn API, PayPal API, Salesforce API, and community libraries from Spring (framework), Django Software Foundation, Express.js, Node.js Foundation, Hibernate (framework), Ruby on Rails, Laravel (web framework), and ASP.NET Core. Operational patterns incorporate observability, monitoring, and SLAs practiced by New Relic, Datadog, Splunk, Prometheus, and Grafana Labs.
Implementations and Tooling
Ecosystem tooling spans language-specific frameworks and API management products. Notable frameworks and projects include Spring Framework, Django, Flask (web framework), Ruby on Rails, Express.js, ASP.NET Core, Go (programming language), Node.js, Kotlin, Scala, Akka (toolkit), Play Framework, Quarkus, Micronaut, and client SDKs from Google, Microsoft, Amazon, IBM and community projects under Apache Software Foundation. API management and gateway vendors and open-source projects—Kong (software), Tyk (company), Istio, Envoy (software), NGINX, HAProxy, Kubernetes, OpenShift, Docker, HashiCorp—support deployment, scaling, and lifecycle management used by enterprises like Spotify, Netflix, Airbnb, Uber Technologies, Pinterest, and research infrastructures at European Organization for Nuclear Research.