SlideShare ist ein Scribd-Unternehmen logo

Rest is bad

Als PPTX, PDF herunterladen
Kfir Bloch
Kfir Bloch

5 minutes ignite talk. Rest based API is the worst choice that you can do with your Microservices ecosystem.

Ingenieurwesen
1 von 22
REST is Bad Kfir Bloch Head of Backend Engineering @Wix.com github.com/kfiron@kfirondevkfirb@wix.com
Restful API between Microservices is the worst choice you can make.
POST http://sms-server/messages { "from": "054-555-6666", "to": "055-222-333", "message": "hi, what's up Rony" } Response Status code 200 { “id”: “55666322123”, “success”: true } SMS Server
GET http://sms-server/messages/0545556666 [ { ”id:" “55666322123”, "to:" "055-222-3333", "message": "hi, what's up Rony" }, { ”id:" “44666322345”, "to:" "055-111-4444", "message": "I am sleeping" } ]
But that’s not enough, is it?
POST http://sms-server/messages Accept: “json” / “xml” { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll want to ask for a payload type Smelly! Mix between API protocol and semantics
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll need security Hash calculate is a difficult, complex integration
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and sometimes tenant identification
POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and language
POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Sometimes you have parameters
POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en Cache-Control: max-age=0 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and cache control
and rate-limiting support Status: 403 Forbidden X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1377013266 Connection: keep-alive
POST http://sms-server/messages?page=1 Accept-Language: en Authorization: xxkgkkgslslls;ffgg/ Timestamp: 324884545454 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Status: 403 Forbidden Cache-Control: max-age=0 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 and you end up with something like this Verbose! It’s difficult to document a broken API
Adding more requests, another protocol integration?
Continuous Integration is painful. We want to break CI whenever the protocol changes.
Should we run all servers to test this thing?
How your code will look like String url = "http://sms-server/messages?page=1"; HttpClient client = new DefaultHttpClient(); HttpGet request = new HttpGet(url); // add request header request.addHeader(”Authorization", calculateHash(request)); request.addHeader(”Accept", “json”); HttpResponse response = client.execute(request); BufferedReader rd = new BufferedReader( new InputStreamReader(response.getEntity().getContent())); StringBuffer result = new StringBuffer(); String line = ""; while ((line = rd.readLine()) != null) { result.append(line); } Verbose!
So we hide the pain into a function public class SMSService { public SMSResponse sendSMS(Message message); public SMSMessages messagesForUser(UUID user); }
RPC is a proper solution Hide network complexity and focus on the API semantic Calling a function and implementing a function is simple
We do RPC since the 70’s CORBA RMI Spring-Remoting JSON-RPC XML-RPC SOAP Thrift Protobuf Avro Akka-Remoting Lagom Grpc
Why RPC is good for you It’s easy to use It covers cross cutting concerns Dependency with IDL as source of truth – breaks in CI It has proper error handling Proper documentation
Thank You github.com/kfiron@kfirondevkfirb@wix.com

Empfohlen

Elastic stack
Elastic stackElastic stack
Elastic stackMinsoo Jun
 
Composing re-useable ETL on Hadoop
Composing re-useable ETL on HadoopComposing re-useable ETL on Hadoop
Composing re-useable ETL on HadoopPaul Lam
 
Server architecture
Server architectureServer architecture
Server architectureMasters Academy
 
Webinar slides "Building Real-Time Collaborative Web Applications"
Webinar slides "Building Real-Time Collaborative Web Applications"Webinar slides "Building Real-Time Collaborative Web Applications"
Webinar slides "Building Real-Time Collaborative Web Applications"Sachin Katariya
 
Moving from HTTP to HTTPS
Moving from HTTP to HTTPSMoving from HTTP to HTTPS
Moving from HTTP to HTTPSBlake Crosby
 
Varnish Cache and Django (Falcon, Flask etc)
Varnish Cache and Django (Falcon, Flask etc)Varnish Cache and Django (Falcon, Flask etc)
Varnish Cache and Django (Falcon, Flask etc)Данил Иванов
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Building Websocket Applications with GlassFish and Grizzly
Building Websocket Applications with GlassFish and GrizzlyBuilding Websocket Applications with GlassFish and Grizzly
Building Websocket Applications with GlassFish and GrizzlyJustin Lee
 

Empfohlen

Elastic stack
Elastic stackElastic stack
Elastic stackMinsoo Jun
 
Composing re-useable ETL on Hadoop
Composing re-useable ETL on HadoopComposing re-useable ETL on Hadoop
Composing re-useable ETL on HadoopPaul Lam
 
Server architecture
Server architectureServer architecture
Server architectureMasters Academy
 
Webinar slides "Building Real-Time Collaborative Web Applications"
Webinar slides "Building Real-Time Collaborative Web Applications"Webinar slides "Building Real-Time Collaborative Web Applications"
Webinar slides "Building Real-Time Collaborative Web Applications"Sachin Katariya
 
Moving from HTTP to HTTPS
Moving from HTTP to HTTPSMoving from HTTP to HTTPS
Moving from HTTP to HTTPSBlake Crosby
 
Varnish Cache and Django (Falcon, Flask etc)
Varnish Cache and Django (Falcon, Flask etc)Varnish Cache and Django (Falcon, Flask etc)
Varnish Cache and Django (Falcon, Flask etc)Данил Иванов
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Building Websocket Applications with GlassFish and Grizzly
Building Websocket Applications with GlassFish and GrizzlyBuilding Websocket Applications with GlassFish and Grizzly
Building Websocket Applications with GlassFish and GrizzlyJustin Lee
 
Web service introduction
Web service introductionWeb service introduction
Web service introductionSagara Gunathunga
 
[OpenTRS-001] ooops
[OpenTRS-001] ooops[OpenTRS-001] ooops
[OpenTRS-001] ooopsTheori
 
URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
Altitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeAltitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeFastly
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHPWataru OKAMOTO
 
Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...Droidcon Eastern Europe
 
Altitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopAltitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopFastly
 
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...PROIDEA
 
Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016DreamLab
 
Cross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSCross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSMichael Neale
 
COMET in Plone
COMET in PloneCOMET in Plone
COMET in PloneChristian Scholz
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsFelipe Prado
 
HTTP
HTTPHTTP
HTTPjangezkhan
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 
Ajax basics
Ajax basicsAjax basics
Ajax basicsHernán Garzón de la Roza
 
REST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend FrameworkREST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend FrameworkChris Weldon
 
HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증박 민규
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Zoompf
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
 
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backVladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backDefconRussia
 
Going realtime with Socket.IO
Going realtime with Socket.IOGoing realtime with Socket.IO
Going realtime with Socket.IOChristian Joudrey
 

Weitere ähnliche Inhalte

Was ist angesagt?

[OpenTRS-001] ooops
[OpenTRS-001] ooops[OpenTRS-001] ooops
[OpenTRS-001] ooopsTheori
 
Altitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeAltitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeFastly
 
Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...Droidcon Eastern Europe
 
Altitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopAltitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopFastly
 
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...PROIDEA
 
Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016DreamLab
 
Cross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSCross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSMichael Neale
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsFelipe Prado
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 
REST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend FrameworkREST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend FrameworkChris Weldon
 
HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증박 민규
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Zoompf
 

Was ist angesagt? (18)

Web service introduction
Web service introductionWeb service introduction
Web service introduction
 
[OpenTRS-001] ooops
[OpenTRS-001] ooops[OpenTRS-001] ooops
[OpenTRS-001] ooops
 
URL to HTML
URL to HTMLURL to HTML
URL to HTML
 
Altitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeAltitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the Edge
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHP
 
Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...Preparing your web services for Android and your Android app for web services...
Preparing your web services for Android and your Android app for web services...
 
Altitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopAltitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly Workshop
 
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
Atmosphere 2016 - Albert Lacki, Jaroslaw Bloch - Real user monitoring at scal...
 
Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016Real User Monitoring at Scale @ Atmosphere Conference 2016
Real User Monitoring at Scale @ Atmosphere Conference 2016
 
Cross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSCross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORS
 
COMET in Plone
COMET in PloneCOMET in Plone
COMET in Plone
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
 
HTTP
HTTPHTTP
HTTP
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
 
Ajax basics
Ajax basicsAjax basics
Ajax basics
 
REST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend FrameworkREST Easy - Building RESTful Services in Zend Framework
REST Easy - Building RESTful Services in Zend Framework
 
HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증HTTP 완벽가이드- 13 다이제스트 인증
HTTP 완벽가이드- 13 다이제스트 인증
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)
 

Ähnlich wie Rest is bad

iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
 
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backVladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backDefconRussia
 
Going realtime with Socket.IO
Going realtime with Socket.IOGoing realtime with Socket.IO
Going realtime with Socket.IOChristian Joudrey
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
 
Messaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQMessaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQdejanb
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsWSO2
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
HTML5 WebSocket: The New Network Stack for the Web
HTML5 WebSocket: The New Network Stack for the WebHTML5 WebSocket: The New Network Stack for the Web
HTML5 WebSocket: The New Network Stack for the WebPeter Lubbers
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Introduction to Vert.x
Introduction to Vert.xIntroduction to Vert.x
Introduction to Vert.xYiguang Hu
 
About REST. Архитектурные семинары Softengi
About REST. Архитектурные семинары SoftengiAbout REST. Архитектурные семинары Softengi
About REST. Архитектурные семинары SoftengiSoftengi
 
Apache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestApache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestMyles Braithwaite
 
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...CA API Management
 

Ähnlich wie Rest is bad (20)

iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
 
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backVladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
 
Going realtime with Socket.IO
Going realtime with Socket.IOGoing realtime with Socket.IO
Going realtime with Socket.IO
 
Websocket
WebsocketWebsocket
Websocket
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
 
Messaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQMessaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQ
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
HTML5 WebSocket: The New Network Stack for the Web
HTML5 WebSocket: The New Network Stack for the WebHTML5 WebSocket: The New Network Stack for the Web
HTML5 WebSocket: The New Network Stack for the Web
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 
Introduction to Vert.x
Introduction to Vert.xIntroduction to Vert.x
Introduction to Vert.x
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
About REST. Архитектурные семинары Softengi
About REST. Архитектурные семинары SoftengiAbout REST. Архитектурные семинары Softengi
About REST. Архитектурные семинары Softengi
 
WebSockets in JEE 7
WebSockets in JEE 7WebSockets in JEE 7
WebSockets in JEE 7
 
Apache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestApache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux Fest
 
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
 

Mehr von Kfir Bloch

Increasing velocity via serless semantics
Increasing velocity via serless semanticsIncreasing velocity via serless semantics
Increasing velocity via serless semanticsKfir Bloch
 
The secrets of building a team that can do everything
The secrets of building a team that can do everythingThe secrets of building a team that can do everything
The secrets of building a team that can do everythingKfir Bloch
 
A sweet taste of clean code and software design
A sweet taste of clean code and software designA sweet taste of clean code and software design
A sweet taste of clean code and software designKfir Bloch
 
TDD For Mortals
TDD For MortalsTDD For Mortals
TDD For MortalsKfir Bloch
 
Design pattern-refactor-functional
Design pattern-refactor-functionalDesign pattern-refactor-functional
Design pattern-refactor-functionalKfir Bloch
 
Refactoring Design Patterns the Functional Way (in Scala)
Refactoring Design Patterns the Functional Way (in Scala)Refactoring Design Patterns the Functional Way (in Scala)
Refactoring Design Patterns the Functional Way (in Scala)Kfir Bloch
 
Scala from the Trenches - Java One 2016
Scala from the Trenches - Java One 2016Scala from the Trenches - Java One 2016
Scala from the Trenches - Java One 2016Kfir Bloch
 
Scala from the Trenches
Scala from the Trenches Scala from the Trenches
Scala from the Trenches Kfir Bloch
 
The art of decomposing monoliths
The art of decomposing monolithsThe art of decomposing monoliths
The art of decomposing monolithsKfir Bloch
 

Mehr von Kfir Bloch (9)

Increasing velocity via serless semantics
Increasing velocity via serless semanticsIncreasing velocity via serless semantics
Increasing velocity via serless semantics
 
The secrets of building a team that can do everything
The secrets of building a team that can do everythingThe secrets of building a team that can do everything
The secrets of building a team that can do everything
 
A sweet taste of clean code and software design
A sweet taste of clean code and software designA sweet taste of clean code and software design
A sweet taste of clean code and software design
 
TDD For Mortals
TDD For MortalsTDD For Mortals
TDD For Mortals
 
Design pattern-refactor-functional
Design pattern-refactor-functionalDesign pattern-refactor-functional
Design pattern-refactor-functional
 
Refactoring Design Patterns the Functional Way (in Scala)
Refactoring Design Patterns the Functional Way (in Scala)Refactoring Design Patterns the Functional Way (in Scala)
Refactoring Design Patterns the Functional Way (in Scala)
 
Scala from the Trenches - Java One 2016
Scala from the Trenches - Java One 2016Scala from the Trenches - Java One 2016
Scala from the Trenches - Java One 2016
 
Scala from the Trenches
Scala from the Trenches Scala from the Trenches
Scala from the Trenches
 
The art of decomposing monoliths
The art of decomposing monolithsThe art of decomposing monoliths
The art of decomposing monoliths
 

Kürzlich hochgeladen

HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 

Kürzlich hochgeladen (20)

Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 

Rest is bad

  • 1. REST is Bad Kfir Bloch Head of Backend Engineering @Wix.com github.com/kfiron@kfirondevkfirb@wix.com
  • 2. Restful API between Microservices is the worst choice you can make.
  • 3. POST http://sms-server/messages { "from": "054-555-6666", "to": "055-222-333", "message": "hi, what's up Rony" } Response Status code 200 { “id”: “55666322123”, “success”: true } SMS Server
  • 4. GET http://sms-server/messages/0545556666 [ { ”id:" “55666322123”, "to:" "055-222-3333", "message": "hi, what's up Rony" }, { ”id:" “44666322345”, "to:" "055-111-4444", "message": "I am sleeping" } ]
  • 5. But that’s not enough, is it?
  • 6. POST http://sms-server/messages Accept: “json” / “xml” { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll want to ask for a payload type Smelly! Mix between API protocol and semantics
  • 7. POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } You’ll need security Hash calculate is a difficult, complex integration
  • 8. POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and sometimes tenant identification
  • 9. POST http://sms-server/messages Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and language
  • 10. POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Sometimes you have parameters
  • 11. POST http://sms-server/messages?page=1 Accept: “json” / “xml” Authorization: AWSAKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCw/ Timestamp: 2677432356 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf Accept-Language: en Cache-Control: max-age=0 { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } and cache control
  • 12. and rate-limiting support Status: 403 Forbidden X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1377013266 Connection: keep-alive
  • 13. POST http://sms-server/messages?page=1 Accept-Language: en Authorization: xxkgkkgslslls;ffgg/ Timestamp: 324884545454 X-Tenant-ID: bc145c6c-c543-43e6-8d7d-f7012f7412cf { "from": "054-555-6666", "to:" "055-222-333", "message": "hi, what's up Rony" } Status: 403 Forbidden Cache-Control: max-age=0 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 0 and you end up with something like this Verbose! It’s difficult to document a broken API
  • 14. Adding more requests, another protocol integration?
  • 15. Continuous Integration is painful. We want to break CI whenever the protocol changes.
  • 16. Should we run all servers to test this thing?
  • 17. How your code will look like String url = "http://sms-server/messages?page=1"; HttpClient client = new DefaultHttpClient(); HttpGet request = new HttpGet(url); // add request header request.addHeader(”Authorization", calculateHash(request)); request.addHeader(”Accept", “json”); HttpResponse response = client.execute(request); BufferedReader rd = new BufferedReader( new InputStreamReader(response.getEntity().getContent())); StringBuffer result = new StringBuffer(); String line = ""; while ((line = rd.readLine()) != null) { result.append(line); } Verbose!
  • 18. So we hide the pain into a function public class SMSService { public SMSResponse sendSMS(Message message); public SMSMessages messagesForUser(UUID user); }
  • 19. RPC is a proper solution Hide network complexity and focus on the API semantic Calling a function and implementing a function is simple
  • 20. We do RPC since the 70’s CORBA RMI Spring-Remoting JSON-RPC XML-RPC SOAP Thrift Protobuf Avro Akka-Remoting Lagom Grpc
  • 21. Why RPC is good for you It’s easy to use It covers cross cutting concerns Dependency with IDL as source of truth – breaks in CI It has proper error handling Proper documentation