But at the same time, we should bend a knee and respect JSON for how wonderful it made the journey so far

+Joonha Chu If I understand this correctly, what is at core stated in the lecture is the familiar difference between protocols and APIs. He mentions it at the start but could emphasized it more throughout. Differences in protocol versioning often doesn't obstruct each other, and can live side by side through the same "entry point", e.g. HTML and HTTP. The interesting thing is that developers doesn't at start get the benefits of protocols versus APIs. Even if the protocols often are serial, they often loosen up any language dependencies, or system dependencies, but also of versioning. They also can abstract the communication in ways APIs often do not. REST often is used in a way that leans towards APIs -- but isn't fully as it also rely on HTTP, a protocol, so it becomes a mixed approach.

+Kevin Fleischer what I thought he said was you can ignore the data, he says just don't reject the request based upon it containing malformed data

This is not a solution. How does the communication partner know that his request is ignored or not? I believe liberal APIs/protocols are a thing for human communications. But IT systems should stick to the interface definition. That way, everybody can expect certain outcomes.

+Kevin Fleischer they k own which fields are accepted by the api, maybe return a notice of dropped fields?

It is not about ignoring the actual request. If the server cannot process the request it shouldn't just fail silently. It is about ignoring stuff in the request that the server doesn't care about. For example I want to update say the price of an apple on the server. I put the new price onto the server, but I send a whole lot of irrelevant meta-data. Instead of the server saying "I don't know what this meta data is" and then failing, the server says "I have no idea what this crap is, but you sent a valid price so I'm going to update the price"

Being liberal in the API does not necessarily mean to "accept everything". IMHO it just means that you should only reject stuff that you cannot possibly transform into your standard domain object. At no point there should be garbage in your DB because of this. If you cannot transform it into whatever your database model dictates: throw an error. But be liberal there and try to accept as much as possible. At least this is how I interpreted this and so far it works.... :D

Tux Solbakk totally agree

While Stefan mentioned that adding version information for pure data objects is okay'ish the actual identity of the person isn't changed by the internal model change. I'd avoid therefore to change the actual URI of the person by adding version information to it. How would a client be informed about the different versions of the resource? Ideally a client only sees one URI for the person and receives a representation it can handle. Such capabilities are usually agreed upon via content-type negotiation. A client supporting version 1 media type will receive the old representation format while clients supporting the new media type will receive the new representation format. This, however, is also not ideal to start with as you might have to define a completely new media type just for splitting up a name. Furthermore this media type is probably to specific for wide use and new clients might not be aware of different versions without consulting an out-of-band documentation. You could introduce media-type minting by adding parameter to the media-type like "application/vnd.person+json;version=2" or the like to indicate that your client is capable of handling v2 response formats of persons while in the absence of a version parameter a response for v1 would automatically be generated. This unfortunately only works for selected media-types that are usually proprietary and often not standardized. If a client now wants to retrieve a different, probably standardized representation there is no way for a client to hint a server about whether a v1 or v2 representation it wants to receive without relying on a pragmatic but non-ideal approach like including version numbers in the URI, as this semantically separates the same person into multiple distinct identities. The underlying issue here in general is, that a client already assumes that a resource has a specific type and thus expects certain fields to be present. In the absence of expected fields such clients will break. Typed resources therefore violate the REST architectural design philosophy. According to Postel's Law a client should be as tolerant to input but as strict to output as possible. I.e. a client using a HTML representation usually doesn't care about the respective elements in the document as it simply will render what is defined according to the semantics defined in the HTML spec. But it couldn't care less whether it renders v1 or v2 of the person resource. The architectural design of REST doesn't coop all that well with the object oriented design most programming language utilize IMO. While technically it isn't hard to parse arbitrary content and get the data into an OO application, mapping it to an object of certain type usually goes hand in hand with assuming that the data follows a certain object model and therefore the resource itself return data of that type. The static nature of classes that build the template for objects in OO programming languages is to rigid to handle dynamic changes done to the data easily. REST and HATEOAS are specifically designed to support evolution over time though if breaking changes are introduced, Fielding claims that it is probably best to expose the service at a totally new host address rather than carrying around version numbers within the URI and therefore make the version part of the API, that might also affect other resources that aren't affected by the change. Last but not least Fielding noted that: "Versioning is used in ways that are informative rather than contractual"

What if you put an optional attribute in the request params/body which would help you understand which version of the api they want? It can default to 1 so that your existing clients don't need to change. I'm not sure if this is ideal but it definitely takes away the pain of having to change the existing clients.

You have browsers and HTML as the de-facto reference implementation, then you have a web-based mail archiver (called mod_mbox) as well as the version control system subversion that where designed and implemented according to the constraints outlined by the REST architecture (Further reading: static.googleusercontent.com/media/research.google.com/en//pubs/archive/46310.pdf) that however showed that the constraints defined by the REST architecture are not sufficient enough for larger projects. As such certain extension to REST, such as CREST, REST+P, REST+E, A+REST, R+REST, REST+D and finally ARRESTED, were proposed.

What contract do you usually have while serfing a particular Web site? Is your browser expecting that a certain Web page is returning some details of a car in a certain structure unique to cars? No, not really. According to Fielding: "Versioning is used in ways that are informative rather than contractual." (www.infoq.com/articles/roy-fielding-on-versioning) The actual issue here is that your clients are already dependent on the API and what it returns. They expect certain elements to appear as certain attributes or fields within the response and thus consider a resource to have a certain typed, which violates the REST architectural principles. Media-types should define the possible (admissible) elements as well as the semantics of certain elements in a message of that type and how the message has to be processed. The complicated part here is definitely the mapping from a resource's state to a concrete representation format. Depending on the media type used this could involve a bunch of transformations, additions and cleanups. Proprietary and non standardized media types contain the risk that they either are not specified (enough), are to restrictive or that they are likely to change rapidly. In contrast the'd also allow for customization and stakeholder related behaviors such as flexible parameter support that'd allow to specify a version parameter or similar stuff that take an effect on processing a document of that kind. The contract between client and server is actually based on the agreed representation format and thus the content type exchanged. A client informs a server about his capabilities and a server returns a representation that is understood by the client. Though a media-type should not be something specific like a car-details message, as it probably would not see widely used by multiple clients, but be as generic as possible to be widely adoptable, i.e. something like a products description or something even more dynamic. That this does not map all to well to OO designs is not the problem of REST but the incapability of OO languages to adopt to changes in their class models on the fly. While it is technically possible to maintain the received data in generic data trees such as maps, collections or dictionaries (or whatever they are called in your OOP language of your choice), usually the data is mapped to concrete business objects assuming that the data already follows a certain domain model, which usually leads to failure if something unexpected appears in that data. The OOP vs. REST problems are similar to comparing SQL tables to MongoDB collections. The former one has a rigid (table) structure not allowing for adding or removing fields easily and supporting nested entries while the latter one shines on such features though might end up with more wasted space and maybe slower response times due to less efficient indices. Fielding mentioned that if you introduce a breaking change it might be better to deploy the new version of the service to a new host and consider both version as different applications. That way old clients still have the old server to talk to while new clients contact the new server.

​@@Kessra 1. Imagine Car model is given for you. You have the next properties: id, name, color; some time after if was decided to change name of property name to model; how program could self-adapt for that? it's possible only if: 1.1 -> you add property mapping as another resource; 1.2 -> you have some super smart AI that adapts for that with some chance; 2. REST specification is kind of "dream" of auto-generatable & self-adaptable client applications. Basically, when this guy shown an example with {"rel":"search" .... } and so on, there wasn't declared that the request should be a GET request. How the hell application guessed that it's GET? Why not POST? The same with his example about order status transitions. I suspect they are done using PUT or PATCH, but for client to be able to generate link or form an HTTP method should be provided in the response. The same with validation. What if query parameter accepts only integers from 1 to 10. It also should be expressed in the response and UI should be automatically adapted for that. Also what about more custom validation rules? Or imagine Car model having "imageUrl" property. How UI should understand, that "imageUrl" is an image and it should be displayed as image. We probably should put it into our receipt then somehow. Overall i think it might be possible to implement something like that with some special conventions and frameworks (that's what Google Forms are implemented) , but again - how to integrate it with UI/UX logic and design (try to really customize UI/UX of Google Forms without manual development). Imaging GitHub API (which is completely RESTful) will be displayed as such faceless HTML page from his example. It would be very hard to navigate through 100+ actions. In reality it's easier to just integrate client & server manually than support such flexibility. Giving such detailed "receipts" in API response it's almost the same effort than just implement full-featured client app :) Auto-generated UI might be an "option" for some cases (as in Google Forms), but for 99.9% of cases it's overkill. Basically, the more i'm trying to understand REST & RESTful - the more i understand, that nobody understand anything and just provide their interpretations. The API specification is not for machines, it's for developers. So it basically should be clear for developers, how to integrate with your service.

No, it's because REST is not a concept that has much value outside academic circles. It describes the design principles behind the World Wide Web as a distributed application, not the API you built that happens to use HTTP as a transport layer. The majority of so-called "REST APIs" are not RESTful at all.