Tag Archives: rest

02 Jul
2009

Status Codes for Web Services

This the last entry in a mini series on points to consider when designing and building web services. So far there have been posts on error feedback for web services, auth mechanisms for web services, saving state in web services and using version parameters with web services.

Unlike the other posts in this series, this one is quite specific to one type of service – REST – since it deals with status codes, specifically HTTP ones. The ideas are transferrable however and other types of service can return statuses in a similar way.

There’s a few key things to think about when returning status codes. In earlier posts in this series these was discussion of using existing application framework to serve pages and changing the output mechanism accordingly. Usually a web page will return a status 200 for OK or also 302 for found, so this is fine when things are working normally. But when things aren’t going quite so well, its useful to give alternative feedback that can be easily picked up by a client application.

When things go wrong there are a couple of different schools of thought of how the service should respond. One is that if, for example, the user supplies data which fails validation, the service could provide the OK response and a message to the user to let them know what needs validating – exactly as we’d return information messages to a user filling in a form. To be considered restful however, the service should more correctly return one of the “400” status codes, which means that the client made an error. Interesting and useful codes* in this series are:

  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed
  • 406 Not Acceptable
  • 408 Request Timeout
  • 417 Expectation Failed
  • 418 I’m a teapot

* I didn’t say they were both useful and interesting

Using descriptive status codes allows the client to get the headline of the problem without having to parse a whole request to find out whether it is good or not. HTTP already has this feature built-in, and so we make use of it (HTTP is pretty cool really, makes a great protocol for services!).

Where an error occurs on the server side – it is usual to return a 500 error or another in the 500 series. This lets the client know there is a problem outside of their control; it is useful to include information about whether the client should retry and when. Having a defined protocol for retries helps avoid the situation where a system comes back up only to fall over again with all the traffic from people retrying every minute (or other interval) – this is a real concern for systems that are under heavy load.

Status codes are like a headline to the calling entity about what happened, and are a valuable tool in the web service toolkit. For bonus points, leave me a comment and tell me which is your favourite status code :)

18 May
2009

Error Feedback for Web Services

I have been thinking, writing and speaking a little bit about web services recently, starting with a few thoughts on authorisation mechanisms for services. Today we’ll look at another really important aspect of authoring web services, and one feature that will definitely get used – error handling and feedback! Having clear and robust error handling in your service will help those trying to consume it immeasurably. Nothing is more annoying that impenetrable errors, unclear responses, or a service which accepts your input but then turns out not to have done what you expected. And I say that from experience.

Stacks of Errors

What’s more annoying than getting an error from a web service? Getting another error from the service every time you fix the first one!

Most services have a few steps of checking incoming variables. Checking that the user has supplied all required fields, and that all incoming fields are of the required format, and that the data they refer to does actually exist – there’s a lot going on here. Too many systems take fright at the first sight of an error, and return straight to the user like a child reporting a sibling’s misdeeds to a parent. I mean something along these lines:

if(!isset($_POST['username'])) {
  return 'username is missing!';
}
if(!isset($_POST['password'])) {
  return 'password is missing!';
}
foreach($_POST as $key => $value) {
  $expected_fields = array(
    "username",
    "password"
  );
  if(!in_array($key,$expected_fields)) {
    return "unexpected field ".$key;
  }
}

What’s more useful is if the user can have a better overall view of everything that is going wrong, since often they might be caused by the same misunderstanding or perhaps be related to one another. So I’m considering code that looks more like this:

$messages = array();
$can_proceed = true;

if(!isset($_POST['username'])) {
  $messages[] = 'username is missing!';
  $can_proceed = false;
}
if(!isset($_POST['password'])) {
  $messages[] = 'password is missing!';
  $can_proceed = false;
}
foreach($_POST as $key => $value) {
  $expected_fields = array(
    "username",
    "password"
  );
  if(!in_array($key,$expected_fields)) {
    $messages[] = "unexpected field ".$key;
    $can_proceed = false;
  }
}

if(!$can_proceed) {
  return $messages;
}

The nice thing about something like this is you’ll see a series of messages where there are problems – so when you mis-spell a field name, you’ll see the “missing field” message for a field you know you are sending, but you’ll also see the “unexpected field” message and hopefully that will make it easier to spot what’s gone amiss.

Error format

Its tempting to return error information in a completely different format, after all it is quite different from the request that probably would have been returned from a correct request. Some web service protocols dictate how errors should be sent – SOAP has the soap-error response, for example. But for something where we have more control, such as an RPC style or REST service, we can choose. Usually I think its appropriate to return an appropriate status code (for REST) or wrapper (for RPC) and then include the error information in the same format as the response would have been. This is mostly for ease of consuming the response, saving clients from having to parse an additional format!

Approaching Errors

Having malformed input to services is inevitable – through misunderstandings, typos, and of course rubbish input by users. Making sure that all these eventualities are gracefully caught and information returned to the user means that the user stands a much better chance of being able to interact successfully. If only the success case works, but the service either doesn’t respond, returns nonsense (or worse, misleading information!), or appears to work but actually hasn’t, your users won’t hang out for long to work out why.

I’ve covered some really basic ideas here but I’m sure there are plenty of other nice ways to help guide users – feel free to add comments for the features you implement in your systems to help users when things aren’t going quite right!

By giving more information to users, it becomes much easier for them to develop against your service quickly and easily – and its not much more to add on the service side.

15 Sep
2008

Using curl and PHP to talk to a REST service

Having recently written articles about curl and about writing a PHP REST server, I thought I’d complete the circle and put here a few notes on using PHP’s curl wrapper as a Rest client. Also I had to look some of this up when I needed to actually do it so next time I need only look in one place!

If you don’t know about PHP, Rest, or curl, then I recommend you do a little reading around each of those subjects before reading this as its unlikely to make much sense – I’m not including background on these topics as there are better resources elsewhere.

I’ve written about using curl before from the command line, but this example uses PHP’s curl to access the service. This is just a simple example, but hopefully if you are doing something along these lines you can adapt for your needs.

In the example, we set the URL we’d like to call and initialise the curl object to point to that. Then we create an array of post data, and configure curl to use POST to make the request and to use our data array.

       $service_url = 'http://example.com/rest/user/';
       $curl = curl_init($service_url);
       $curl_post_data = array(
            "user_id" => 42,
            "emailaddress" => '[email protected]',
            );
       curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
       curl_setopt($curl, CURLOPT_POST, true);
       curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
       $curl_response = curl_exec($curl);
       curl_close($curl);

       $xml = new SimpleXMLElement($curl_response);

We execute the request and capture the response. Health warning: by default curl will echo the response (for reasons that aren’t clear to me), if you want to parse it then you will need to use the CURLOPT_RETURNTRANSFER flag to have curl return the response rather than a boolean indication of success – this fooled me completely for a while, I have no idea why it works this way. As you can see I’ve parsed the resulting XML and my script can then continue with the data it acquired. Depending what you need to do next, you can manipulate the SimpleXMLElement object as you need to.

If you’re working with PHP and services, then hopefully this will get you started, if you have any questions or comments, then please add them below!

05 Sep
2008

PHP Rest Server (part 3 of 3)

Edit: I have a newer series of articles on this topic. You can start reading here :)

This is part 3 of my article about writing a restful service server. If you haven’t already, you might like to read part 1 (covering the core library and grabbing the information we need from the incoming request) and part 2 (covering the service handler itself) before reading this section. This part covers the Response object that I used to return the data to the user in the correct format.

XML Response Object

Exactly what output you want from your service completely depends on the specification and what you are actually trying to do. I wrote a really simple response wrapper that responds with an outline tag containing a status, and then either the content or some error details. Here’s my response class:

class Response {

    public function output() {
        header('Content-type: text/xml');
        echo '';
        echo "\n";
        echo '';
        echo "\n";

        foreach($this as $prop_key => $prop_value) {
            if(!is_array($prop_value)) {
                echo '<'.$prop_key.'>';
                echo $prop_value;
                echo '';
                echo "\n";
            } else {
                echo '<'.$prop_key.'>';
                echo "\n";
                foreach($prop_value as $array_key => $array_value) {
                    echo '<'.$array_key.'>';
                    echo $array_value;
                    echo '';
                    echo "\n";
                }
                echo '';
                echo "\n";
            }
        }
        echo "\n";
    }
}

This could be more elegant and thorough, but its kind of an outline of what I did. Firstly set the content header, then the main tag. Then it loops through all the properties set against the response object and just writes them out as XML. Its very limited but at least its short enough to read easily! There is also an error response that gets called and returns the error type and message, setting the response status to “error” rather than “ok”.

REST Service in PHP

So there you have the ingredients for a REST server in PHP. I’m sure this isn’t the only way to solve this problem, but this is how I did it and I hope it helps someone. If you’ve got any questions, feel free to comment below – and if you do use this for a project, I’d love to hear from you :)

03 Sep
2008

PHP Rest Server (part 2 of 3)

Edit: I have a newer series of articles on this topic. You can start reading here :)

This is part 2 of my rest service writing article. In part 1 we saw the library which holds the functionality we will be using, and we also handled the incoming request and captured all the data we’ll be using.

The REST Service

This is not really tricky but we’re pulling together lots of ideas at this point. So we have already got the incoming request data, and we’ve intialised an object with that data. We have a reference to the object which contains all the functionality we want. And we need to work out which of the library functions we should call, and then transform that data into a good format to return to the user. Let’s start with the handle() function:

    public function handle() {
        $urlParts = parse_url($this->url);
        // substring from 1 to avoid leading slash
        $this->_pathParts = split('/', substr($urlParts['path'], 1));

        // glue the first part of the path to the upper case request method to make a unique function name, e.g. usersGET
        $method = $this->_pathParts[0] . strtoupper($this->method);

        try {
            // now call the method in this class that wraps the one we actually want
            $this->$method();
            $this->response->output();
            return true;
        } catch (Service_Exception_Abstract $e) {
            $this->response->errorOutput($e);
        } catch (Exception $e) {
            die('An Unexpected Error Has Occurred');
        }
        return false;
    }

The rest of this class contains the functions, such as userGET, which call the real worker functions from the library class we originally created. The functions in this section look something like this, and they throw exceptions if anything goes wrong – you can see these being caught in the handle() method posted above:

    protected function userGET() {
        $this->response->user = $this->library->getUserDetails($this->getVars['user_id']);
        return true;
    }

I also use a magic __call() method to return sensible error messages if a user tries to call something that doesn’t exist (this was particularly helpful in development where not everything was there from the start!).

You can see here I’m using setting properties on the response object, but you could also just XML-ify and echo the output here if you wanted to. By using the response object however I am abstracting the XML transformation stuff and moving it to somewhere else so that it can be tested independently and even replaced as needed.

I’ll write about the response class and how that works in the third installment.

01 Sep
2008

PHP Rest Server (part 1 of 3)

I recently had reason to write a REST server in PHP, which was very interesting. There aren’t a whole lot of resources on this topic around so I thought I’d write an outline of what I did. There is quite a lot to it so I’m publishing in multiple sections – this is part 1, which covers the central functionality and handling the incoming request.

Wrapping an Existing Class

The main functionality of the service was written in a class that had no awareness that it was a service – this is a similar approach to the one I described when I wrote about the PHP Soap Server – start with a normal functioning class and write some unit tests for it. The example I’m using today looks like this (my real version actually connects to the database and stuff but this is a nice mock of passing in a number and getting back an array):

class Library {
    public function getUserDetails($user_id) {
        $details = array(
            "user_id" => $user_id,
            "name" => 'Joe Bloggs',
            "email" => '[email protected]');
        return $details;
    }
}

In the soap article, you can see that wrapping a class takes just a few lines – for REST more code is required, but the idea is completely the same. In actual fact we started out with this as a soap service but then it was switched to rest – I only had to re-write the wrapper stuff and not any of the core functionality. Using the wrapper approach would also allow services to be published in multiple ways with the same underlying codebase.

Incoming Requests – Intialising the Wrapper

First of all I wrote a .htaccess file to direct all requests to the one controller file – so that all the different URLs would be handled in the same way.

As the requests came into here, I grabbed the data I needed and initialised the service class, something like this:

$service = new Rest_Service();
// instantiate the main functional class and pass to service
$library = new Library();
$service->setLibrary($library);
// create a response object and pass to service
$response = new Response();
$service->setResponse($response);

// set up some useful variables
$service->url = $_SERVER['REQUEST_URI'];
$service->method = $_SERVER['REQUEST_METHOD'];
$service->getArgs = $_GET;
$service->postArgs = $_POST;
parse_str(file_get_contents('php://input'), $service->putArgs);
parse_str(file_get_contents('php://input'), $service->deleteArgs);

$service->handle();

The variables are all read here and passed in to help decouple the systems – doing it this way allows us to initialise the Service with different incoming variables and/or a different library which can be really useful when testing, as it allows isolation of individual components. The syntax for getting the put and delete data is an interesting one, I wrote about this already in my post on accessing incoming PUT data from PHP, there are some helpful comments on that post as well.

To be continued … later parts will cover the service itself and the response format used.

30 Jul
2008

Accessing Incoming PUT Data from PHP

Recently I started writing a REST service. I began in the usual way, writing a php script, calling it with a GET request, accessing the variables using the PHP superglobal variable $_GET. I wrote code to handle a POST request and used the variables I found in $_POST. Then I tried to write a PUT request.

PHP doesn’t have a built-in way to do this, and at first I was a little confused as to how I could reach this information. It turns out that this can be read from the incoming stream to PHP, php://input.

file_get_contents("php://input");

The above line provided me with a query string similar to what you might see on the URL with a GET request. key/value pairs separated by question marks. I was rescued from attempting to parse this monster with a regex by someone pointing out to me that parse_str() is intended for this purpose (seriously, I write a lot of PHP, I don’t know how I miss these things but its always fun when I do “discover” them) – it takes a query string and parses out the variables. Look out for a major health warning on str_parse() – by default it will create all the variables all over your local scope!! Pass in the second parameter though and it will put them in there as an associatvive array instead – I’d strongly recommend this approach and I’ve used it here with my $post_vars variable.

parse_str(file_get_contents("php://input"),$post_vars);

This loads the variable $post_vars with the associative array of variables just like you’d expect to see from a GET request.

Simple Example

Its a bit of a contrived example but it shows use of the REQUEST_METHOD setting from the $_SERVER variable to figure out when we need to grab the post vars. Firstly, here’s the script:

if($_SERVER['REQUEST_METHOD'] == 'GET') {
    echo "this is a get request\n";
    echo $_GET['fruit']." is the fruit\n";
    echo "I want ".$_GET['quantity']." of them\n\n";
} elseif($_SERVER['REQUEST_METHOD'] == 'PUT') {
    echo "this is a put request\n";
    parse_str(file_get_contents("php://input"),$post_vars);
    echo $post_vars['fruit']." is the fruit\n";
    echo "I want ".$post_vars['quantity']." of them\n\n";
}

And here’s what happened when I request the same script using two different HTTP verbs. I’m using cURL to show the example simply because I think it shows it best.

Via GET:

curl "http://localhost/rest_fruit.php?quantity=2&fruit=plum"
this is a get request
plum is the fruit
I want 2 of them

Via PUT:

curl -X PUT http://localhost/rest_fruit.php -d fruit=orange -d quantity=4
this is a put request
orange is the fruit
I want 4 of them

Purists will tell me that I shouldn’t be returning data from a PUT request, and they’d be right! But this does show how to access the incoming variables and detect which verb was being used. If you’re going to write a REST service then the correct naming of resources and the correct response to each resource being accessed in various ways is really important, but its a story I’ll save for another day. If you use this, or perhaps you access the variables another way, then do post a comment – there aren’t a lot of resources available on this topic for PHP.