19. Creating RESTful Web Services Flashcards
What are RESTful Web Services?
Web services provide access to an application’s data, typically expressed in the JSON format.
Why are RESTful Web Services useful?
Web services are most often used to provide rich client-side applications with data.
How are RESTful Web Services used?
The combination of the URL and an HTTP method describes an operation that is handled by an action method defined by an ASP.NET Core controller.
Are there any pitfalls or limitations with RESTful Web Services?
There is no widespread agreement about how web services should be implemented, and care must be taken to produce just the data the client expects.
Are there any alternatives to RESTful Web Services?
There are a number of different approaches to providing clients with data, although RESTful web services are the most common.
What does REST stand for?
Representational State Transfer
What are 5 HTTP methods and operations?
GET, POST, PUT, PATCH, DELETE
What does the GET HTTP Method do?
This method is used to retrieve one or more data objects
What does the POST HTTP Method do?
This method is used to create a new object.
What does the PUT HTTP Method do?
This method is used to update an existing object.
What does the PATCH HTTP Method do?
his method is used to update part of an existing object.
What does the DELETE HTTP Method do?
This method is used to delete an object.
What does a Web Service define an API through?
A combination of URLs and HTTP methods such as GET and POST, which are also known as the HTTP verbs. The method specifies the type of operation, while the URL specifies the data object or objects that the operation applies to.
How do RESTful web services format the response data?
Most RESTful web services format the response data using the JavaScript Object Notation (JSON) format.
Name two alternatives to RESTful Web Services
GraphQL and gRPC
What is GraphQL and how does it work?
GraphQL is most closely associated with the React JavaScript framework, but it can be used more widely. Unlike REST web services, which provide specific queries through individual combinations of a URL and an HTTP method, GraphQL provides access to all an application’s data and lets clients query for just the data they require in the format they require. GraphQL can be complex to set up—and can require more sophisticated clients—but the result is a more flexible web service that puts the developers of the client in control of the data they consume. GraphQL isn’t supported directly by ASP.NET Core, but there are .NET implementations available. See https://graphql.org for more detail.
What is gRPC and how does it work?
A new alternative is gRPC, a full remote procedure call framework that focuses on speed and efficiency. At the time of writing, gRPC cannot be used in web browsers, such as by the Angular or React framework, because browsers don’t provide the fine-grained access that gRPC requires to formulate its HTTP requests.
What is the conventional URL prefix for web services?
URLs start with /api, which is the conventional URL prefix for web services.
What is over-binding?
When the client sets properties to object that were not supposed to be set by the client. Or if the client sets an unexpected value for a property. Also a well-known attack (grant users more access than they should have)
The Product data model class needs a ProductId property, but the model binding process doesn’t understand the significance of the property and adds any values that the client provides to the objects it creates, which causes the exception in the SaveProduct action method. This is known as over-binding, and it can cause serious problems when a client provides values that the developer wasn’t expecting. At best, the application will behave unexpectedly, but this technique has been used to subvert application security and grant users more access than they should have.
The safest way to prevent over-binding is to create separate data model classes that are used only for receiving data through the model binding process. Where the class defines only the properties that the application wants to receive from the client when storing a new object. The model binding process will then ignore and discard values for read-only properties.
How does the update action work?
The UpdateProduct action is similar to the SaveProduct action and uses model binding to receive a Product object from the request body.
How does the delete action work?
The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.