Problem

How do you design services that have a high degree of interoperability well into the future?

Solution

The best way to ensure a high level of long term interoperability between services is to establish stable rules for exchanging information. On the web, the best way to do that is to select and document support for one or more open source media type formats for data exchange. A good source for long-term, stable media types is the Internet Assigned Numbers Authority a.k.a. IANA. Viable candidate media types for long-term support of RWMs are unstructured media types like XML and JSON as well as structured media types such as HTML, Collection+JSON, UBER, HAL, and Siren. See Appendix C for a list of viable media types at the time of this book’s release.

Discussion

When you create services, you should document which registered media types (RMTs) your service can support. It is recommended that your service support more than one RMT and that you allow service consumers to both discover which RMTs your service supports and how they can indicate their preference when exchanging messages (see design negotiation).

Additional recommendations for candidate media types are 1) they should support hypermedia within the message (see Recipe 2.5) and, 2) they should support custom extensions (e.g. your ability to safely add new features to the format without breaking any existing applications). This last point will come in handy when you are stuck supporting a format that has fallen out of favor and you need to make some modifications to extend the life of your service.

It is also possible to create your own media type format for your services. That can work if a) your universe of service API consumers is relatively limited (e.g. within your own company), b) your universe of service API consumers is crazy large (e.g. Google, Facebook, Amazon, etc.), or c) your services are the leader in a vertical (e.g. document management, financial services, health care, etc.). If your efforts do not fall into one of these categories, I recommend you DO NOT author your own media type.

Related Recipes

• Recipe 2.2

• design negotiation

Problem

How do you design machine-to-machine interactions that can support modifications to in-production services that do not break existing service consumers?

Solution

To support non-breaking changes to existing services you should use structured media types (SMTs) to pass information back and forth. SMTs make it possible to emit a stable, non-breaking message even when the contents of that message (e.g. the properties of a record, list of actions, etc.) has changed. The key is to design interactions with the message shared between machines maintains the same structure even when the data conveyed by that message changes.

A structured media type SMT provides a strongly-typed format that does not change based on the data being expressed. This is in opposition to unstructured message formats likeXML and JSON. See the example for details.

It is a good idea to use well-known media types in your interactions. Media types registered through the Internet Assigned Numbers Authority (IANA) are good candidates. For example, HTML is a good example of an SMT. Other viable general use SMT formats are Collection+JSON and UBER. See Appendix C for a longer list of media types to consider.

Example

A structured media type SMT provides a strongly-typed format that does not change based on the data being expressed. Here’s an example of a simple message expressed as HTML

<ul name="Person">
  <li name="givenName">Marti</li>
  <li name="familyName">Contardi</li>
</ul>
 ...
<ul name="Person">
  <li name="givenName">Marti</li>
  <li name="familyName">Contardi</li>
  <li name="emailAddress">[email protected]</li>
</ul>

The structure of the above message can be expressed (in an overly simplified way) as “One or more li elements enclosed by a single ul element.” Note that adding more content (for example, an email address) does not change the structure of the message (you could use the same message validator), just the contents.

Contrast the above example with the following JSON objects:

{"Person" : {
  "givenName": "Marti",
  "familyName": "Contardi"
  }
}
 ...
{"Person" : {
  "givenName": "Marti",
  "familyName": "Contardi",
  "emailAddress": "[email protected]",
  }
}

The JSON structure can be expressed as “A JSON object with two keys (givenName and familyName). Adding an email address to the message would result in a change in the structure of the JSON message (e.g. requires a new JSON Schema document) as well as a change in content.

Discussion

The important element in this recipe is to keep the content of the message loosely-coupled from the structure. That allows message consumer applications to more easily and consistently validate incoming messages — even when the contents of those messages changes over time.

Another way to think about this solution is to assume that the first task of message consumer applications is to make sure the message is well-formed — that it complies with the basic rules of how a message must be constructed. It is, however, a different task to make sure the message is valid — that the message content follows established rules for what information needs to appear within the messages (e.g. “all Person messages MUST include a givenName, familyName, and emailAddress property”).

To ensure future compatibility, the first step is to make sure negotiation messages can remain well-formed even when the rules for what constitutes a valid messages changes over time.

Related Recipes

• Recipe 2.3

• Recipe 2.4

• Recipe 2.5

• design negotiation

Problem

How can you make sure your service’s data property names will be understood by other services — even services that you did not create?

Solution

To ensure your the data properties your service uses to exchange information are well-understood by a wide range of others services (even ones you did not create) you should employ well-documented, widely-known data property names as part of your external interface (API). These names should be ones already defined in published data vocabularies or, if they are not already published, you should publish your data vocabulary so that others creating similar services can find and use the same terms.

A good source of general-use published vocabularies for the web is the Schema.org web site. It has hundreds of well-defined terms that apply to a wide set of use cases and it continues to grow in a well-governed way. There are other well-governed vocabulary sources like Microformats.org and Dublin Core.

As of this writing there are some industry-specific public vocabularies to consider, too. Some examples are: PSD2 for payments, FIHR for health care, and ACORD for insurance.

When you release your service, you should also release a document that lists all the vocabulary terms consumed or emitted by your service along with links to proper definitions. See Recipe 2.4 for more on how to properly document and publish your vocabulary documents.

Example

Services with a well-managed vocabulary are more likely to be understood by others and, therefore more likely to gain wider adoption. When you have the option, you should use well-known terms in your service’s external API even when your own internal data storage system uses local or company-specific terms.

For example, here’s a Person record that reflect the terms used within a typical U.S. company:

{ "collection" : {
    "links": [
      {"rel": "self", "href": "http://api.example.org/persons"}
    ],
    "items" : [
      {
        "href": "http://api.example.org/persons/q1w2e3r4",
        "data" : [
          {"name": "fname", "value": "Dana"},
          {"name": "lname", "value": "Doe"},
          {"name": "ph", "value": "123-456-7890"}
        ]
      }
    ]
  }
}

And here’s the same record that has been updated to reflect terms available in the schema.org vocabulary:

{ "collection" : {
    "links": [
      {"rel": "self", "href": "http://api.example.org/persons"},
      {"rel": "profile", "href": "http://profiles.example.org/persons"}
    ],
    "items" : [
      {
        "href": "http://api.example.org/persons/q1w2e3r4",
        "data" : [
          {"name": "givenName", "value": "Dana"},
          {"name": "familyName", "value": "Doe"},
          {"name": "telephone", "value": "123-456-7890"}
        ]
      }
    ]
  }
}

Note the use of the profile link relation in the second example. See Recipe 2.4 for details.

Discussion

This recipe is based on the idea of making sure the data property terms are not tightly coupled to the message format. It is, essentially, the flip side of Recipe 2.2. Committing to well-known, loosely-coupled vocabularies is also an excellent way to protect your service from changes to any internal data models over time.

Constraining your external interfaces to use only well-known, well-documented property names is one of the best things you can do to ensure the interoperability of your service. This, along with publishing semantic profiles (see Recipe 2.4) makes up the backbone of large-scale information system management. However, this work is not at all easy. It requires attention to detail, careful documentation, and persistent support. The team that manages and enforces a community’s vocabulary is doing important and valuable work.

One of the challenges of this recipe is that it is quite likely that the public vocabulary for your services is not the same as the private vocabulary. That private set of names is usually tied to ages-old internal practices, possibly a single team’s own design aesthetics, or even decisions dictated by commercial off the shelf (COTS) software purchased a long time ago. To solve this problem, services need to implement what is called an “anti-corruption layer” ¹⁸. There is no need to modify the existing data storage model or services.

It is important to document and share your service vocabulary. A good practice is to publish a list of all the “magic strings” (see “Richardson’s Magic Strings”) in a single place along with a short description and, whenever possible, a reference (in the form of a URL) to the source of the description. I use the Application-Level Profile Semantics (ALPS) format for this (see Recipe 2.4).

Below is an example ALPS vocabulary document:

{ "alps" : {
   "descriptor": [
     {"id": "givenName", "def": "https://schema.org/givenName",
      "title": "Given name. In the U.S., the first name of a Person.",
      "tag": "ontology"},
     {"id": "familyName", "def": "https://schema.org/givenName"
      "title": "Family name. In the U.S., the last name of a Person.",
      "tag": "ontology"},
     {"id": "telephone", "def": "https://schema.org/telephone",
      "title": "The telephone number.",
      "tag": "ontology"
     },
     {"id": "country", "def": "http://microformats.org/wiki/hcard#country-name",
      "title": "Name of the country associated with this person.",
      "tag": "ontology"
     }
   ]
  }
}

When creating RWM vocabularies, it is a good practice to identify a single preferred source for definitions of terms along with one or more “backup” sources. For example, your vocabulary governance document guidance could read like the following:

“Whenever possible, use terms from Schema.org first. If no acceptable terms can be found, look next to Microformats.org and then to Dublin Core for possible terms. Finally, if you cannot find acceptable terms in any of those locations, create a new term in the company-wide vocabulary repository at [some-url].”

Sample Vocabulary Author Guidance

Some additional notes:

Mixing Terms

It is perfectly acceptable to mix vocabulary references in a single set of terms. You can see in the example above that I included three terms from Schema.org and one term from Microformats.org.

Limit Synonyms

Just as in real life, there can be multiple terms that mean the same thing. For example tel (from Microformats) and telephone (from Schema.org). Whenever possible, limit the use of synonyms by adopting a single term for all external uses.

Publishing Vocabularies

See Recipe 2.4 on how to publish this document and retrieve it on the web.

Related Recipes

• Recipe 2.2

• Recipe 2.4

• TK some recipes from CH05 (data)?

The Problem

How can you provide a detailed description of all the possible data properties, objects, and actions supported by your services in a way that is usable both at design time and at run-time?

The Solution

To make sure it is possible for developers to quickly and accurately understand the data exchanges and actions supported by your service you can publish a semantic profile document (SPD). SPDs contain a complete list of all the data properties, objects, and actions a service supports. Semantic profiles, however, are NOT API definition documents like OpenAPI, WSDL, AsyncAPI, and others. See Appendix C in the appendix for a longer list of API definition formats.

SPDs typically include all three elements of Information Architecture: 1) ontology, 2) taxonomy, and 3) choreography.

Two common SPD formats are Dublin Core Application Profiles (DCAP) and Application-Level Profile Semantics (ALPS). Since I am a co-author on ALPS, all the examples, I’ll show here are using the ALPS format. See Appendix C in the appendix for a longer list.

Example

Below is an example of a valid ALPS semantic profile document. Notice that all the elements of Morville’s information architecture (ontology, taxonomy, & choreography) are represented in this example.

{ "$schema": "https://alps-io.github.io/schemas/alps.json",
  "alps" : {
  "title": "Person Semantic Profile Document",
  "doc": {"value": "Simple SPD example for http://b.mamund.com/rwmbook[RWMBook]."},
  "descriptor": [
    {"id": "href", "def": "https://schema.org/url", "tag": "ontology"},
    {"id": "identifier", "def": "https://schema.org/identifier","tag": "ontology"},
    {"id": "givenName", "def": "https://schema.org/givenName","tag": "ontology"},
    {"id": "familyName", "def": "https://schema.org/familyName","tag": "ontology"},
    {"id": "telephone", "def": "https://schema.org/telephone","tag": "ontology"},

    {"id": "Person", "tag": "taxonomy",
      "descriptor": [
        {"href": "#href"},
        {"href": "#identifier"},
        {"href": "#givenName"},
        {"href": "#familyName"},
        {"href": "#telephone"}
      ]
    },
    {"id": "Home", "tag": "taxonomy",
      "descriptor": [
        {"href": "#goList"},
        {"href": "#goHome"}
      ]
    },

    {"id": "List", "tag": "taxonomy",
      "descriptor": [
        {"href": "#Person"},
        {"href": "#goFilter"},
        {"href": "#goItem"},
        {"href": "#doCreate"},
        {"href": "#goList"},
        {"href": "#goHome"}
      ]
    },
    {"id": "Item", "tag": "taxonomy",
      "descriptor": [
        {"href": "#Person"},
        {"href": "#goFilter"},
        {"href": "#goItem"},
        {"href": "#doUpdate"},
        {"href": "#doRemove"},
        {"href": "#goList"},
        {"href": "#goHome"}
      ]
    },
    {"id": "goHome", "type": "safe", "tag": "choreography", "rt": "#Home"},
    {"id": "goList", "type": "safe", "tag": "choreography", "rt": "#List"},
    {"id": "goFilter", "type": "safe", "tag": "choreography", "rt": "#List"},
    {"id": "goItem", "type": "safe", "tag": "choreography", "rt": "#Item"},
    {"id": "doCreate", "type": "unsafe", "tag": "choreography", "rt": "#Item"},
    {"id": "doUpdate", "type": "idempotent", "tag": "choreography", "rt": "#Item"},
    {"id": "doRemove", "type": "idempotent", "tag": "choreography", "rt": "#Item"}
  ]
  }
}

Diagram

Here’s a workflow diagram (the choreography) for the person-alps.json file shown above.

You can find the complete ALPS rendering (ALPS file, diagram, and documentation) of this semantic profile in the book’s associated github repository (TK).

Discussion

Adopting semantic profile documents (SPDs) as an important part of creating usable RWMs. However, this approach is relatively new and is not yet widely used. Even though ALPS and DCAP have been around for about ten years, there are not a lot of tools and only limited written guidance on semantic profiles. Still, my own experience with ALPS leads me to think you’ll be seeing more on semantic profiles (even if it is in some future form other than ALPS and DCAP).

An SPD is a kind of machine-readable interface documentation. However, semantic profiles are not the same thing as API definition files like WSDL, OpenAPI, AsyncAPI and others. SPDs are designed to communicate general elements of the interface (base-level properties, aggregate objects, and actions). SPDs do not contain implementation-level details such as MQTT topics, HTTP resources, protocol methods, return codes, etc. These details are left to those tasked with writing the actual code that runs behind the interface described by semantic profiles.

Some other considerations when using semantic profiles:

Aim for wide (re)use

The value of a single semantic profile increases with the number of services using that profile. That means you should create profiles that are easily used by others (see Appendix A). It’s a good practice to keep semantic profiles more general than specific. The more specific you make your profile, the smaller the audience for that profile.

Don’t use semantic profiles as API definitions

Semantic profiles are descriptions, not definitions. Many of the details you need to include in an interface definition do not belong in a semantic profiles. For example, don’t include URLs or URL patterns in semantic profiles. Instead put then in the API definition file (e.g. OpenAPI, etc.).

Use semantic profiles to describe your information architecture

It is a good practice to tag your semantic profile elements to indicate which ones are describing the ontology, which are taxonomy, and which are choreography (see “Example”).

Share semantic profiles in all responses

It is a good idea to return the URI of your semantic profile with each protocol response. See Chapter 3 and Chapter 4 for details on how to do this.

Limit changes to published semantic profiles

Since clients and or services may create a logical dependency on your published semantic profile, it is a good practice to NOT make any breaking changes to the SPD once it is released. If you need to make changes, it is better to create a new profile document at a new URI (e.g. api.example.org/profiles/personV2) and to leave the existing profile (the one without the changes) online, too.

Make your semantic profiles accessible from a central location

To make it easy for people (and machines) find your semantic profiles, create a central online location where they can be easily found. This might be a set of actual profile documents or it might be a page that has pointers (URLs) to other places where each profile document is kept. This second option is good for cases where you are not the profile author and you still want to have some control over which profiles are commonly used.

Related Recipes

• See Chapter 2, Media Types

• See Chapter 2, Structured Types

• See Chapter 2, Hypermedia

• See Chapter 3, Profiles

• See Chapter 3, Hypermedia

• See Chapter 3, Representors

• TK Chapter 4 recipes

• TK Chapter 7 recipes

Problem

How can you extend the lifetime of services by building systems that support safe, non-breaking workflow changes as well as support short-term modifiability of existing services by customizing data exchanges at run-time?

Solution

The best way to support both short- and long-term modifiability for product services is to rely on inline hypermedia affordances to express the details of context-dependent data exchanges at run-time. That means you need to adopt message exchange formats that support embedded hypermedia (see Recipe 2.1 and Recipe 2.2).

Example

HTML offers a great example of embedded hypermedia controls to express data exchanges at run-time. Here’s an example:

<html>
  <head>
    <title>Create Person</title>
    <link rel="profile" href="http://api.example.org/profiles/person" />
    <style>
      input {display:block;}
    </style>
  </head>
  <body>
    <h1>Create Person</h1>
    <form name="doCreate" action="http://api.example.org/person/"
      method="post" enctype="application/x-www-form-urlencoded">
      <fieldset>
        <hidden name="identifier" value="q1w2e3r4" />
        <input name="givenName" placeholder="givenName" required/>
        <input name="familyName" placeholder="familyName" required/>
        <input name="telephone" placeholder="telephone" pattern="[0-9]{10}"/>
        <input type="submit" />
        <input type="reset" />
        <input type="button" value="Cancel" />
      </fieldset>
    </form>
  </body>
</html>

The form above indicates one default input (identifier) and three additional inputs, two of which are required (givenName, familyName) and one which MUST pass the pattern validator (telephone). The form also indicates three possible actions (submit, reset, and cancel) along with details on the URL, HTTP method, and body encoding metadata for the submit action. Even better, any HTML-compliant client (e.g. a Web browser) can support all these actions without the need for any custom programming code.

Here’s a simple example in Collection+JSON

{ "collection" :
  {
    "version" : "1.0",
    "href" : "http://api.example.org/person/",

    "links": [
      {"rel": "self", "href": "http://api.xample.org/person/doCreate"},
      {"rel": "reset", "href":"http://api.example.org/person/doCreate?reset"},
      {"rel": "cancel", "href":"http://api.example.org./person"}
    ],
    "template" : {
      "data" : [
        {"name" : "identifer", "value": "q1w2e3r4"},
        {"name" : "givenName", "value" : "", "required":true},
        {"name" : "familyName", "value" : "", "required":true},
        {"name" : "telephone", "value" : "", "regex":"[0-9]{10}"}
      ]
    }
  }
}

Again, a Cj-compliant client application would be able to enforce all the input rules described in the above hypermedia response without the need for any added programming.

And, in both cases, the meaning of the values of the input elements and metadata properties do not need to be understood by the API consumer — they just need to be enforced. That means the number of inputs could change over time, the destination URL of the HTTP POST can change, and even some of the rules can change and the API consumer application can still reliably enforce the constraints. For example, the validation rule for the telephone value can change (e.g. it might be context dependent based on where the application is running).

Discussion

Adopting embedded hypermedia messages is probably the most important step toward creating RESTful Web Microservices. There are a number of acceptable structured media types (see Appendix C) to choose from and supporting them with a parsing library is a one-type expense that pays off every time you use the library.

While embedded hypermedia is valuable, using it does come at some costs. First, it is a design-time constraint. Both API consumer and producers need to agree to use them. This is “the price of entry” when creating RWMs. While this is not different than “you must use HTML, CSS, and Javascript in responses to web browsers”, I still find many architects and developers who chafe at the idea of using hypermedia-rich responses. When you decide to build RWMs, you may need to help some people past this hurdle.

Selecting “the right” structured hypermedia media type can be turned into a battle pretty easily. There are multiple ones to pick from and some people fall into the trap of “you can only pick one of them.” In truth, you can use features designed into HTTP (see design negotiation) to help you support multiple response formats and select the best option at run-time. This is thirty-year-old tech so there are lots of examples and supporting code bits to help you handle this. You can even decide on a single format to start (usually HTML) and then add more types over time without breaking any existing applications.

Expressing domain state using hypermedia types can also be a challenge at times. Developers need to be able to convert internal object and model rules into valid hypermedia controls (forms, inputs, links, etc.). It is a kind of translation skill that must be acquired. There are some libraries that make this easier (see Appendix D) but you may also need to “roll your own solutions.”

The work of emitting and consuming hypermedia formats at run-time is a common task, too. See design negotiation for details on how to use HTTP to help with that. Also, writing API consumers that can navigate hypermedia responses takes some skill, too. Many of the recipes in Chapter 3 are devoted to this work.

Other things to consider when using embedded hypermedia formats:

Supporting context changes

You can modify the hypermedia details in a response based on the user context and/or server state. For example, a form might have five fields when an authenticated administrator logs in but only have three input fields for anonymous users.

Enabling service location changes

When you use hypermedia controls to describe potential actions, you can engage in Alan Kay’s “extreme late binding”. Hypermedia clients are designed to look for identifiers in the message (“where is the update-customer control?”) and to understand and act upon the metadata found in that hypermedia control. All of this can happen at run-time, not design- or build-time. That means that the metadata details of an action can be changed while the service is in production. For example, you can change the target URL of an action from a local endpoint within the current service to an external endpoint on another machine — all without breaking the client application.

Adapting to workflow changes

Changes in multi-step processes or workflows can also be enabled with hypermedia. Service responses can return one or more steps to complete and expect the client application to act on each one. There might be three steps in the initial release (create account, add associated company, add a new contact). Later, these three steps might be consolidated into two (create account , add associated company and contact). As long the client service consumer is following along with the supplied hypermedia instructions (instead of hard-wiring the steps into code), changes like this will not break the consumer application. See Chapter 7 for recipes on implementing hypermedia workflows.

Related Recipes

• See Chapter 2, Media Types

• See Chapter 2, Structured Types

• See Chapter 3, Media Types

• See Chapter 3, Hypermedia

• See Chapter 3, Clients Qualities

• TK Chapter 4 recipes?

• TK Chapter 7 recipes?

Problem

How do you design write actions over HTTP that remove the possibility of “double-posting” the data? How can you know whether it is safe to re-send a data-write the HTTP request if the client app never gets an HTTP response the first time?

Solution

All data-write actions should be sent using HTTP PUT, not HTTP POST. HTTP PUT actions can be easily engineered to prevent “double-posting” and ensure it is safe to retry the action when the server response never reaches the client application.

Example

Influenced by the database pattern of CRUD (create, read, update, delete), for many years the “create” action has been mapped to HTTP POST and the “update” action has been mapped to HTTP PUT. However, writing data to to a server with HTTP POST is a challenge since the action is not consistently repeatable. To say it another way, the POST option is not idempotent. However, by design, the HTTP PUT operation is idempotent — it assure the same results even when you repeat the action multiple times.

Below is a simple example showing the additive nature of non-idempotent writes and the replacement nature of idempotent writes:

/**********************************
 illustrating idempotency
 RWMBook 2021
***********************************/

// non-idempotent
console.log("non-idempotent");
var t = 10;
for(x=0;x<2;x++) {
  t = t+1; //add
  console.log(`try ${x} : value ${t}`)
}

// idempotent
console.log("idempotent");
var t = 10;
for(x=0;x<2;x++) {
  t = 11; // replace
  console.log(`try ${x} : value ${t}`)
}

The output should look like this:

mca@mamund-ws: node idempotent-example.js
non-idempotent
try 0 : value 11
try 1 : value 12
idempotent
try 0 : value 11
try 1 : value 11

Imagine the variable t in the above example is any message body representing an HTTP resource. HTTP PUT uses the message body to replace any existing server resource with the message body. HTTP POST uses the message body to add a new server resource.

All this is fine until you issue write operation (HTTP POST or PUT) and never get a server response. You can’t be sure of what happened. Did the request never reach the server, did the server do the update and fail to send a response? Did something else happen (e.g. error that results in a partial write)?

To avoid this conundrum, the best solution is to always use HTTP PUT to write data to another machine on the network.

**** REQUEST
PUT /person/q1w2e3 HTTP/2.0
Host: api.example.org
Content-Type: application/x-www-form-urlencoded
If-None-Match: *

givenName=Mace&familyName=Morris

**** RESPONSE
HTTP/2.0 201 CREATED
Content-Type: application/vnd.collection+json
ETag: "p0o9i8u7y6t5r4e3w2q1"
...

Note that, while not common, it is proper HTTP to have a PUT request result in a 201 CREATED response — if there is no resource at that address. But how do you tell the service that you are expecting to create a new resource instead of update an existing one? For that, you need to use the If-None-Match. In the example above, the If-None-Match: * header says “create a new resource at the supplied URL if there is no existing resource at this URL.”

If I wanted the service to treat the HTTP PUT as a replacement of an existing resource, I would use the following HTTP interaction:

**** REQUEST
PUT /person/q1w2e3 HTTP/2.0
Host: api.example.org
Content-Type: application/x-www-form-urlencoded
If-Match: "p0o9i8u7y6t5r4e3w2q1"

givenName=Mace&familyName=Morris

**** RESPONSE
HTTP/2.0 200 OK
Content-Type: application/vnd.collection+json
ETag: "o9i8u7y6t5r4e3w2q1p0"
...

Here, the HTTP request is marked with the If-Match: header that contains the Entity Tag (or ETag) that identifies the exact version of the resource at /person/q1w2e3 you wish to update. If the ETag at that URL doesn’t match the one in the request (e.g. if the resource doesn’t exist or has been updated by someone else lately), then the HTTP PUT will be rejected with a HTTP 412 Precondition Failed response instead.

Discussion

This use of the “PUT-Create” pattern is a way to simplify the challenge of knowing when it is OK to re-try an unsuccessful write operation over HTTP. It works because, by design, PUT can be re-tried without creating unwanted side-effects. POST — by design — doesn’t make that promise. There are have been a handful of attempts to make POST retry-able. Two examples are Bill de hÓra’s HTTPLR ¹⁹ and Mark Nottingham’s POE ²⁰. Neither gained wide adoption.

Using HTTP PUT to create new resources takes a bit more work up front — both for clients and servers. Primarily because it depends on proper use of the HTTP headers If-None-Match, If-Match, and ETag. In my experience, it is best to “bake” this recipe into code for both the server and the client applications. I typically have “cover methods” in my local code called createResource(…) and updateResource(…) (or something similar) that know how to craft a proper HTTP PUT request (including the right headers) and how to respond when things don’t go as planned. The convenience of these cover methods lowers the perceived added cost of using “PUT-Create” and ensures it is implemented consistently across client and server.

Another recipe that is wrapped up in this one is the ability for client applications to supply resource identifiers. When using POST, the service is usually expected to create a new resource identifier — typically a monotonic ID like /person/1, /person/2, and so forth. When using PUT, clients are expected to supply the resource identifier (think “Please upload the file my-todo-list.doc to my document storage”). See Chapter 3 and Chapter 4 for more on that.

Designing-in this support for idempotent writes with the “PUT-Create” pattern means both your client and server applications will be more reliable and consistent — even if the network connections you are using are not.

Related

• TK Chapter 3 ??

• TK Chapter 4 ??