Summary
MotivLabs engineers work with a variety of code and software.
The Coding Standards on this page represent how MotivLabs engineers code the services and software we write.
MotivLabs engineers work with a variety of code and software.
The Coding Standards on this page represent how MotivLabs engineers code the services and software we write.
REST API’s should be designed for resources, which can be entities or services, etc., therefore, when possible, resource URIs should be based on nouns (the resource) and not verbs (the operations on the resource). For example, instead of /createUser use /users
In general, it helps to use plural nouns for URIs that reference collections. For example, /customers is the path to the customers collection, and /customers/5 is the path to the customer with ID equal to 5. The path of the endpoints that deal with nested resources should be done by appending the nested resource as the name of the path that comes after the parent resource. For example, if a user has posts and we want to retrieve a specific post by user, API can be defined as GET /users/123/posts/1 which will retrieve Post with id 1 by user with id 123.
Finally, it might not be possible to map every operation implemented by a web API to a specific resource. You can handle such non-resource scenarios through HTTP requests that invoke a function and return the results as an HTTP response message. Processing functions that don't modify data on the server but do perform some calculations can be abstracted by resources returning results for GET requests, for example GET /directions?from=Seattle&to=Portland can be used for a direction finder function or GET /validate?ccnum=1234567890123456 can be used to validate a credit card. On the other hand, actions that modify state or data on the server can be implemented by APIs that use POST, for example POST /alerts/245743/resend can be used to allow a client to resend an alert to a user.
The primary HTTP methods are POST, GET, PUT, and DELETE. These correspond to create, read, update, and delete (or CRUD) operations, respectively.
Retrieves a representation of the resource at the specified URI. The body of the response message contains the details of the requested resource. Sending an HTTP GET request to an endpoint that represents a collection retrieves a list of items in the collection. An HTTP GET request to one the collection items URI returns the details of that item. For example GET /customers returns the collection of customers, and GET /customers/5 returns the details for the customer with ID equal to 5. GET requests over collection resources can potentially return a large number of items. To limit the amount of data returned by any single request, the API can support query strings that specify the maximum number of items to retrieve and a starting offset into the collection. For example you can use GET /orders?limit=25&offset=50
Creates a new resource at the specified URI. The body of the request message provides the details of the new resource. POST request is applied over a collection, for example /customers , so the new resource is added to the collection. To create a resource using the full URI for the new resource, for example /customers/5 , you should use PUT method instead (in case the API supports that the client can specify the new resource ID). POST can also be used to trigger operations that don't actually create resources but that cannot be mapped to other core HTTP methods, for example it can be used to trigger a new job.
Either creates or replaces the resource at the specified URI. The body of the request message specifies the resource to be created or updated. If a resource with this URI already exists, it is replaced. Otherwise a new resource is created, if the server supports doing so (a server might support updates but not creation via PUT).
PUT requests are most frequently applied to resources that are individual items, such as a specific customer, rather than collections. Some API can support bulk HTTP PUT operations that can batch updates to multiple resources in a collection. The PUT request should specify the URI of the collection, and the request body should specify the details of the resources to be modified.
The following table summarizes the above description of HTTP methods. Note that not all of these requests might be implemented: it depends on the specific scenario.
The following table summarizes the above description of HTTP methods. Note that not all of these requests might be implemented: it depends on the specific scenario.
Resource | GET | POST | PUT | DELETE |
---|---|---|---|---|
/customers | Retrieves all customers | Creates a new customer | Bulk update of customers (if implemented) | Removes all customers (if implemented) |
/customers/1 | Retrieves the details for customer 1 | Not allowed | Updates customer 1 (or creates it if it's supported) | Removes customer 1 |
There additional HTTP methods that can be supported by APIs if required. The PATCH method performs a partial update of a resource. The request body specifies the set of changes to apply to the resource (PATCH is like PUT, but allows for fine-grained changes to resource state).
The HEAD method can be used to retrieve only the headers of the response, without the representation of the resource itself (the API returns an empty body). Clients can use this method to check whether a resource exists or to read its metadata.
The OPTIONS method can be used to discover which HTTP methods a resource responds to. The response includes an Allow header that includes the allowed HTTP methods for the resource.
HTTP status codes are divided into the following five categories:
1xx: Informational | These response codes are used only in negotiations between an HTTP client and server. |
2xx: Success | Indicates that the client’s request was accepted successfully. |
3xx: Redirection | Indicates that the client must take some additional action in order to complete their request. |
4xx: Client Error | 4xx: Client Error – The requested operation failed, due to a problem with the HTTP request (for example the request was malformed or invalid). |
5xx: Server Error | The requested operation failed, due to a problem on the server side. |
200 OK
It indicates that the REST API successfully carried out whatever action the client requested and that no more specific code in the 2xx series is appropriate.
201 Created
A REST API responds with the 201 status code whenever a resource is created inside a collection. There may also be times when a new resource is created as a result of some controller action, in which case 201 would also be an appropriate response. Also, if the action cannot be carried out immediately, the server should respond with a 202 (Accepted) response instead.
202 Accepted
A 202 response indicates that the request has been accepted for processing, but the processing has not been completed. This is an appropriate response when a request triggers an asynchronous action.
204 No Content
The 204 status code is usually sent out in response to a PUT, POST, or DELETE request when the REST API declines to send back any status message or representation in the response message’s body. An API may also send 204 in conjunction with a GET request to indicate that the requested resource exists, but has no state representation to include in the body.
301 Moved Permanently
The 301 status code indicates that the requested resource has been changed permanently. The new URL is given by the Location header field in the response.
302 Found
The 302 status code is used to indicate that the URL of the requested resource has been changed temporarily. The new URL is given by the Location field in the response.
303 See Other
A 303 response indicates that the API sends the client the URI of a response resource, instead of sending a potentially unwanted response body. The response can be the URI of the temporary status message, or the URI to some already existing, more permanent, resource.
304 Not Modified
Indicates the client that the response has not been modified, so the client can continue to use the same cached version of the response. The client can use headers If-Modified-Since or If-None-Match to indicate that it has a cached version of the resource, and is only interested in a newer version (modified) of the resource.
400 Bad Request
400 is the generic client-side error status, used when no other 4xx error code is appropriate. Errors can be like malformed request syntax or invalid request message parameters. For example, if an API is expecting a body in a JSON format for a POST request, but the body of the request is malformed.
401 Unauthorized
A 401 error response indicates that the client tried to operate on a protected resource without providing the proper authorization. It may have provided the wrong credentials or none at all.
403 Forbidden
A 403 error response indicates that the client’s request is formed correctly, but the user does not have the necessary permissions for the resource.
404 Not Found
The 404 error status code indicates that the REST API can’t map the client’s URI to a resource.
405 Method Not Allowed
The API responds with a 405 error to indicate that the client tried to use an HTTP method that the resource does not allow. For instance, a read-only resource could support only GET and maybe HEAD.
406 Not Acceptable
The 406 error response indicates that the API is not able to generate any of the client’s preferred media types, as indicated by the Accept request header. For example, a client request for data formatted as application/xml will receive a 406 response if the API is only willing to format data as application/json.
415 Unsupported Media Type
The 415 error response indicates that the API is not able to process the client’s supplied media type, as indicated by the Content-Type request header. For example, a client request including data formatted as application/xml will receive a 415 response if the API is only willing to process data formatted as application/json.
500 Internal server error
500 is the generic REST API error response. Most REST APIs respond with this response status code whenever they execute some request handler code that raises an exception.
501 Not Implemented
The server either does not recognize the request method, or it cannot fulfill the request. Usually, this implies future availability (e.g., a new feature for a REST API).
502 Bad Gateway
The server got an invalid response while working as a proxy or a gateway to get a response needed to handle the request.
503 Service Unavailable
This indicates that something unexpected happened on the server side (it can be anything like server overload, some parts of the system failed, etc.), so the server is not ready to handle the request.
Message Body Format
For now, our REST APIs use JSON for non-binary data. In the future, if other format like XML is required, a REST API can use Content-Type header to specify a different format (for example Content-Type: application/xml) for the message body, and also a client request could include an Accept header that contains a list of media types the client will accept from the server in the response message (for example Accept: application/xml).
For error messages, our REST APIs can include some of the following fields in the response body:
message | a brief message describing the error condition |
error-id: | an identifier for the error |
description | a longer description with information on how to fix the error condition, if applicable |
Versioning enables a REST API to indicate the features and resources that it exposes, and a client application can submit requests that are directed to a specific version of a feature or resource. When a new version is released for a REST API, existing client applications should continue functioning unchanged while new client applications should be able take advantage of new features and resources for the new version. Our preferred approach for versioning is URI versioning: each time you modify the REST API, you add a version number to the URI for each resource. The previously existing URIs should continue to operate as before, returning resources that conform to their original schema. For example, GET /v2/customers/3 can be used to retrieve the customer with ID equal to 3, using the version v2 for the API.
We use Opentracing and Jaeger to trace our microservices. We also have a Jaeger module that assists in injecting and extracting span context through kafka and HTTP. Standards are as follows.
There are many examples throughout all the services and modules of how to use tracing. We maintain a jaeger module that should be used as it will help inject and extract span context.
The following steps are the general order that should be followed when working on a card