RESTful services Flashcards

Question

What does the DELETE verb do?

Answer 1

Deletes a resource identified by a URI | Ends the life cycle of the resource

Answer 2

Retrieves the metadata of a resource identified by the URI

Answer 3

$client = curl_init($url);

Answer 4

curl_close($client);

Answer 5

Yes - it will automatically follow redirects, rather than returning the redirect message itself.

Answer 6

allow_url_fopen directive must be turned on in the php.ini file

Answer 7

HTTP_Request2 - which is a PEAR package. PEAR packages are plain PHP, so as long as I can install a PHP file on the sever, it can be used.

Answer 8

bool curl_setopt(resource $ch, int $option, mixed $value)

Answer 9

When set to true, it tells curl to return the data via the call to curl_exec (i.e. as a string return value)

Answer 10

SimpleXMLElement simplexml_load_file();

Answer 11

SimpleXMLElement simplexml_load_string();

Answer 12

string http_build_query();

Answer 13

``` $url = "http://caino:supercool@www.example.com"; $file = file_get_contents($url); ```

Answer 14

curl_setopt($c, CURLOPT_USERPWD, 'caino:superhaxor'); (Same can be done by using CURLOPT_HTTPHEADER option and using a base64 encoded string to write the header with password and username in it).

Answer 15

``` $options = array('max_redirects' => 1); $context = stream_context_create(array('http' => $options)); $file = file_get_contents($url, false, $context); ```

Answer 16

stream_context_create()

Answer 17

A set of parameters and wrapper specific options which modify or enhance the behavior of a stream.

Answer 18

When CURLOPT_FOLLOWLOCATION is enabled | curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);

Answer 19

curl_setopt($c, CURLOPT_FOLLOWLOCATION, true); | curl_setopt($c, CURLOPT_MAXREDIRS, 4);

Answer 20

$fh = fopen("local-copy-of-html-file.html", "w") or die($php_errormsg); $c = curl_init("http://example.com/filelocation.html"); curl_setopt($c, CURLOPT_FILE, $fh); curl_exec($c); curl_close($c);

Answer 21

curl_setopt($c, CURLOPT_WRITEFUNCTION, array($pageSaver, write)); ``` // Where $pageSaver is an object, and write is the method // it will pass on the curl object and the page data ```

Answer 22

A resource

Answer 23

URI - (Universal Resource Location) - Location | URN - (Universal Resource Name) - Name

Answer 24

Not necessarily, although it can be.

Answer 25

URN's are intended to be unique in both space and time - they should identify a resource in such a way that there is no ambiguity.

Answer 26

URL's can be URI's, but a URI doesn't necessarily have to be a URL. This is because they have different potential syntax.

Answer 27

urn:: Where nid is the namespace identifier, and nss is the namespace specific string. Example: urn:isbn:03432234235

Answer 28

/version/resource/key

Answer 29

No - we don't know what the HTTP method is, therefore we cannot process the request.

Answer 30

It doesn't modify the resource (GET is a good example)

Answer 31

Calling an idempotent method many times is equivalent to calling it once.

Answer 32

POST, DELETE and PUT

Answer 33

GET, PUT, DELETE

Answer 34

HTTP status codes

Answer 35

The 200's.

Answer 36

Yes - this is quite normal, i.e. it could be JSON, or XML, or HTML and PDF

Answer 37

$_SERVER['REQUEST_METHOD']

Answer 38

405 - Method not allowed

Answer 39

Yes - they point to different resources. Technically URL's are case sensitive. (But most web servers will try to make the server behave like they are case insensitive, so in all likelihood will arrive at the same resource).

Answer 40

One method is to do a redirect after successfully completing a post / or delete (or whatever safe method). This will redirect to a GET page. The GET may simply retrieve the result of the last unsafe command (i.e. a list of users, or confirmation number)

Answer 41

POST / REDIRECT / GET or PRG.

Answer 42

Users can bookmark the url with the query string embeded within it (which could be a search, or whatever). Because GET is both safe and idempotent, there is no issue with the user refreshing the page.

Answer 43

[method][url][http version] [headers] [body]

Answer 44

1.1 (with 2.0 on the horizon)

Answer 45

Accept-Language: fr-FR

Answer 46

obey the standards for that header

Answer 47

When a user clicks a link - the client can send a link to the referring page in this header

Answer 48

Contains information about the user agent / software making the request. Can often be used to determine which browser is making the request.

Answer 49

Describes the media types the user-agent is willing to accept, used for content negotiation.

Answer 50

Contains cookie information

Answer 51

Will contain a date of when the user-agent last retrieved (and cached) the resource. The server only has to return the entire resource if it has been modified since that time.

Answer 52

By commas usually i.e. Accept-Encoding: gzip,deflate,sdhc

Answer 53

That the client will ultimately accept any data - and will determine itself how to deal with it.

Answer 54

[version][status][reason] [headers] [body]

Answer 55

The 0-100's.

Answer 56

302 - Moved temporarily. The client should continue to use the original URL to obtain the resource

Answer 57

400 (bad request)

Answer 58

403 (forbidden)

Answer 59

503 (Service Unavailable)

Answer 60

200 OK. The HTTP response and the clients requirements may be different. The HTTP connection occurred and completed successfully, so it should return 200. However, the response will contain information within it that indicates there was an error. NOTE: This is generally the case for web applications and not for web API's and web Services.

Answer 61

the HTTP spec than web applications. This is evidenced in how they use HTTP codes - rather than returning 200 OK for a failed attempt to create a user, a web service/api may return 400 (bad request) with information in the body as to what went wrong. This is because the web service is likely returning XML / JSON not intended for direct human interpretation.

Answer 62

a MIME type

Answer 63

A header which is related to caching / performance optimization. It is an identifier that will change when the underlying resource changes. Therefore comparing ETags is an efficient way of determining when a cached resource has become stale.

Answer 64

That the connection to the server may not be persistent. Typical with inexpensive hosts like goDaddy.

Answer 65

the client - and the client may require some configuration to use it.

Answer 66

the host - and is invisible to the client.

Answer 67

Cache-control | Expires (although this is deprecated, still used)

Answer 68

public - public proxy can cache it private - only users browser can cache it no-cache - no one can cache it no-store - no caching, and also should store the data as it has sensitive information max-age - gives a time to expire

Answer 69

You can store state in hidden fields to be sent with the next request - good for short lived state tracking, like form filling progress. You can store state on the server - PHP sessions.

Answer 70

When cookies are not available, the server may write an identifier into the url (cookieless session essentially).

Answer 71

Prevents JavaScript from modifying cookie data - useful to prevent XSS attacks.

Answer 72

Because cookies can be used to identify users, there could be security risks related to caching a cookie - therefore they should not be cached. So any response with a Set-Cookie header should not be cached (at the very least, not the headers).

Answer 73

Everything after the host name in the url, and all request and response traffic (including headers and body).

Answer 74

representation of the resource

Answer 75

it's own url

Answer 76

application state

Answer 77

Acronym for - Hypermedia As The Engine Of Application State | Basically refers to 'which page you are on'

Answer 78

media type (or MIME type)

Answer 79

application/json

Answer 80

No - JSON is served using "application/json" - this indicates that it's a collection+json, which is a standard for publishing searchable list of resources over the web.

Answer 81

It must be a JSON object, and have an element called 'collection'. { "collection": { "items": [{}, {}, {}]}} The items within the item field must also be objects.

Answer 82

The address used to retrieve a representation of the document.

Answer 83

The template section

Answer 84

A resources state

Answer 85

Client negotiation - i.e. the client uses the HTTP headers to distinguish amongst representations. The second is to give the resource multiple urls, one for each representation.

Answer 86

The object was deleted, and the server has nothing more to say about it.

Answer 87

The object was deleted, but the server wants to give you further information about it.

Answer 88

The server has accepted the request for delete - but it will do it later.

Answer 89

It could not delete the object because it doesn't exist. This is an error.

Answer 90

Post to append - i.e. sending a request to a resource creates a new resource under it Overloaded post (where post is used for things other than it's intended purpose)

Answer 91

The same as PUT and DELETE - 200 ok, 204 (no content) is fine.

Answer 92

It requests a list of http methods the API supports from the server, it contains the "allow" header - which contains the list of options.

Answer 93

HEAD request is only supposed to have the headers returned, without the body.

Answer 94

HTML specs only allow get and post actions in a HTML form.

Answer 95

No - it's encoded in the URL.

Answer 96

A GET request

Answer 97

A GET request for one specific URL, which happens automatically in the background.

Answer 98

A POST request to one specific URL, with a custom entity body constructed by the client. The request is only made if the user triggers the control.

Answer 99

A GET request to a custom URL constructed by the client. The request is only made if the user triggers the control.

Answer 100

embedded within, or as a layer above, the presentation information.

Answer 101

All URL's are URI's, but all URI's are not necessarily URL's. For instance - a books ISBN is a URI - and would not make a very good URL as there is no associated protocol that would allow a computer to find it.

Answer 102

It is a HTTP header field that can be used to provide a URL to another resource. For instance, you could use it to provide the link to the next part of a multi-part document.

Answer 103

LINK / UNLINK

Answer 104

The method The target URL The HTTP headers The entity body

Answer 105

Because it doesn't define the HTTP method to be used - it requires additional information.

Answer 106

application/x-www-form-urlencoded

Answer 107

Use the enctype field on the form. i.e. enctype="text/plain"

Answer 108

The resulting GET request will result in an image being returned.

Answer 109

It supports not only GET, but PUT and DELETE. i.e. editing of the resource.

Answer 110

An outbound link - i.e. usually takes you off page. When activated, it usually replaces the current state with a new state.

Answer 111

Embedded link. These kind of links do not change the clients application state, they augment it.

Answer 112

transclusion

Answer 113

frameset script link

Answer 114

Because it does not support hypermedia - you should always use a media type that supports hypermedia

Answer 115

It is a string associated with a hypermedia control (like an xml tag named 'link') - it explains the change in application state (for safe requests) or resource state (for unsafe requests) that will happen if the client triggers the control.

Answer 116

IANA - Internet Assigned Numbers Authority

Answer 117

Generally in a media type.

Answer 118

Registered relation types, extension relation types.

Answer 119

You can use your domain - i.e. http://www.cainmartin.net/whatever - this could never have a conflict with someone elses extension, since you own the domain.

Answer 120

A human readable explanation of the extension.

Answer 121

No - they should not conflict.

Answer 122

Write down the application semantics in a human readable specification Register one or more IANA media types for the design.

Answer 123

They can search the IANA for a media type in the registry. They can read the human readable specification.

Answer 124

linking to them

Answer 125

item or entry, or member of the collection

Answer 126

The link should be rendered as an embedded image.

Answer 127

The image should be rendered as an outbound link.

Answer 128

Use the write template which is part of the collection format.

Answer 129

The standard says that you can add to the collection by sending a POST request to the collection (i.e. to it's href attribute).

Answer 130

Send a query / search template

Answer 131

The queries slot

Answer 132

application/atom+xml

Answer 133

Absolutely nothing - as the JSON standard does not specify anything about collections.

Answer 134

It is a new / flat standard, and the only way to determine how it works is to check the documentation.

Answer 135

HTTP POST, unless the collection is read only - a client can create a new entry by using POST.

Answer 136

Nothing, but in general PUT is used to update a resource and this based on the HTTP standard. This is also supported by Collection+JSON, AtomPub, and OData. PUT is how clients change the state of any HTTP resource.

Answer 137

None of the three big collection standards specify how a collection should respond to DELETE. Some applications implement DELETE by deleting the collection, others delete the collection and every resource listed as part of the collection. However, an individual ITEMs response to delete is the same as the HTTP standard - i.e. you delete it.

Answer 138

No - it just assumes you know about prev/next links (which are sent as part of the links)

Answer 139

You could use the IANA generic link relations (next/prev/first/last) - which are registered with IANA, and use them in the links field - with links that match.

Answer 140

That you will plug in your own open standard, such as OpenSearch if required.

Answer 141

An item in Collection+JSON does not have a fixed format, in that it could represent anything - however, AtomPub is designed around news feeds, and so it represents very clearly and quite rigidly a news item.

Answer 142

AtomPub is quite extensible, and allows for additional application semantics to be added.

Answer 143

Yes - it works quite well, as it has a very flexible structure, and application semantics can be added to the format via class, rel attributes (among others).

Answer 144

There is no documentation on what those semantics mean - the user would have to find documentation on them.

Answer 145

Use a microformat

Answer 146

A web-based approach to publishing formats that can be used to add extra semantics to existing standards (HTML)

Answer 147

Take an existing format - i.e. vCard, or Maze+HTML and then convert it to html.

Answer 148

Microdata is a refinement of the Microformat idea for HTML5

Answer 149

``` itemprop, itemscope, itemtype, itemid, itemref ```

Answer 150

It is a boolean property that indicates that the tag it is attached too contains microdata.

Answer 151

It is a microdata attribute that is used to tell the client where to go to find out what the microdata means.

Answer 152

At the top of the microdata section of the document - usually alongside the itemscope attribute. ```

Title

```

Answer 153

Microdata cannot define the contents of the rel attribute - it can only define the values of the itemprop elements.

Answer 154

HTML links only support GET - but changing application state is not a SAFE action.

Answer 155

You can use a FORM - with a POST method.

Answer 156

The button that triggers a HTML FORM does not support REL attributes - so we have no way of presenting application semantics to indicate what the link is for. (But they do support itemprop and class - so there is a way around this!)

Answer 157

When thinking of resources, we would document the API endpoints / urls - as hypermedia we would think about state transitions, i.e. a switch is a resource, in a hypermedia API we would concentrate on what you can do with the switch, not about the switch itself.

Answer 158

The available hypermedia controls can describe all of HTTPs' methods. Forms in HTML can only build entity-bodies in two different formats - x-www-form-urlencoded (for basic key/value pairs) or multipart/form-data for key-value pairs plus file uploads). HTML4 does not distinguish between numbers and strings (unlike json) HTML4 does not define a way to deal with dates (unlike json)

Answer 159

Some of them - but not all. HTML5 defines a time tag You can use HTML5's meter tag to define a number (sometimes) HTML5 has some new attributes for embedding links - but none are very useful for API's. HTML5 STILL can't trigger PUT or DELETE http actions.

Answer 160

HAL - Hypertext Application Language

Answer 161

Links and Resources

Answer 162

That the contents is a HTTP resource

Answer 163

HAL links are completely generic hypermedia control. HTML implies certain HTTP verbs based on link type (i.e. is a GET request). HAL has only one hypermedia control - but it can control anything (i.e. PUT, GET, DELETE). It can trigger ANY http request at all.

Answer 164

There is no machine readable information that indicates how a hypermedia control should be used - i.e. you have to include human readable documentation to indicate what the REL attribute should be doing? HAL has no way of conveying protocol-semantics in a machine readable way.

Answer 165

It uses the REL attribute - but there are no defined reserved keywords.

Answer 166

Siren is a general hypermedia format using JSON. It is designed to represent abstract groupings it calls entities. An entity may be a HTTP resource with it's own URL, but it does not have to be.

Answer 167

Siren has an 'actions' component that allows the explicit declaration of the method that should be used with that resource. I.e. "method": "POST"

Answer 168

"messages". The server shouldn't have to guess what a HTTP request means, and the client shouldn't have to guess what a response means.

Answer 169

It's a type of link relation that represents a profile - a way of telling a client about the application semantics.

Answer 170

This is a response header that indicates that there is additional semantics on top of the json. This is indicated by the 'profile' relation.

Answer 171

Yes - but only if the standard allows it. For example, the following is illegal: application/json;profile="http://example.com/profile" According to RFC4288 - you can only add the profile parameter on any random type - it has to support it, and JSON makes no mention of supporting the profile parameter. (NOTE: application/collection+json DOES allow profile paramter).

Answer 172

Collection+JSON, JSON-LD, HAL, XHTML (but not HTML)

Answer 173

Use the link header instead.

Answer 174

itemtype < div itemscope itemtype="http://schema.org/Person">

Answer 175

Provides an application semantics on top of the HTML5 microdata layer.

Answer 176

Human readable prose that explains the use of the API.

Answer 177

The profile only needs to include information about the application semantics, as the protocol semantics are already known.

Answer 178

HTTP requests

Answer 179

things in the real world

Answer 180

ahead of time, in a profile document, or in the definition of a custom media type (the only exception are those link relations taken from IANA).

Answer 181

If someone puts that link into a web browser, it should lead to an explanation of that link relation.

Answer 182

Yes - for instance a 'flip' relation, could indicate a switch is to be flipped - using a POST request. This would probably result in a change of state, and is therefore unsafe. It is however, completely valid.

Answer 183

It is a magic string that is used to identify a field in a way that relates back to a microformat or profile. i.e. < span class="fn">Jenny < span itemprop="name">Jenny { "name": "Jenny" } All three of these are different ways to identify a name - fn is the hCard microformat way to describe a name for CSS. The microformat Person method is demonstrated second, followed by JSON twitter format.

Answer 184

``` yes, as is name of the entities properties. "class": ["person"], "properties": { "name" : "Jenny" } ... } ```

Answer 185

object keys

Answer 186

Because they are only conventions, a client cannot rely on that being the same in other situations.

Answer 187

A microformat for explaining microformats.

Answer 188

Most modern API's are written using JSON or XML - microformats are a HTML feature, which is not often used these days.

Answer 189

The same format can describe the application semantics of many different document formats (i.e. JSON, SIREN, etc).

Answer 190

JSON for Linked Data - another API format

Answer 191

False - the point of an API is that users will use it as they see fit - it's not possible to know how everyone will use the API.

Answer 192

Profiles allow developers to write smart clients, Text embedded in a representation allows a human being to to use an application through a client that faithfully renders representations.

Answer 193

Provide a cache in front of the API / reverse proxy.

Answer 194

Cache-Control: max-age=N or Expires

Answer 195

It can be created very simply using curl or any other library - and is therefore prone to compromise.

Answer 196

``` $url = "http://www.example.com/get_pages"; $data = array("page" => 1, "numofpages" => 10); $url = $url . http_build_query($data); ```

Answer 197

When creating POST requests using stream functions (i.e. file_get_contents), you have to provide a context. Create an array of data providing context, and pass to the function - this will format the data in a way that the stream can understand. $options = array( "http" => array( "method" => "POST", "header" => "Content-Type: application/etc...", "content" => http_build_query($data) ) ); $page = file_get_contents($url, false, stream_context_create($options)); NOTE: http_build_query is working on an array, same format as if you were doing a GET request.

Answer 198

You can obtain it from "php://input" $_PUT = array(); if($_SERVER['REQUEST_METHOD'] == 'PUT') { parse_str(file_get_contents('php://input'), $_PUT); } NOTE: DO NOT FORGET THE SECOND argument to parse_str - otherwise they will be extracted as local variables. Danger William Robinson.

Answer 199

$_SERVER["REQUEST_METHOD"] == 'PUT'

Answer 200

Request - 'Set-Cookie' is sent with the response.

Answer 201

The Wireless Universal Resource File - a file that is used to match HTTP Request headers to the profile of the HTTP client (i.e. mobile / desktop etc.)

Answer 202

Typically when you need to determine the platform (perhaps for display purposes) - for API's it's better to just let the client request a format type via the request headers - and provide it.

Answer 203

Accept: i.e. Accept: text/html, application/xhtml+xml

Answer 204

Accept: text/html, application/xhtml+xml Each element is it's own entity, and the order that they are sent indicates the order of preference.

Answer 205

Content negotiation

Answer 206

It indicates the level of preference for that particular content type. It's default is one, sometimes you will see in a Accept-Language: en-GB, en-US;q=0.8

Answer 207

Arrange the username and password into format username:password. Base64 encode the result. Send the data in the header: Authorization: Base (the base 64 encoded string) Make sure you are using HTTPS

Answer 208

yes - but they must be prefixed with X-

Answer 209

1. Request arrives, without cookies 2. Response is made, with cookies 3. Next request arrives, with cookies 4. Response is made, with cookies (any updates, or not) 5. Repeat steps 2-3 ad infinitum

Answer 210

No - not until a reply is made containing the cookies to be written.

Answer 211

setcookie("visited", true);

Answer 212

curl_setopt($ch, CURLOPT_COOKIE, "visted=true");

Answer 213

No - it is possible to use cookies in an API - but PHP session cookies is not that normal. It is more typical of an API to stateless and self contained. But normally you wouldn't use cookies of any type - API's (RESTful ones anyway) typically have their state set by the client - and the API is just there to get it done. Using cookies makes this difficult.

Answer 214

It's lightweight, can be compressed well, doesn't take up much room so is good for 'over the wire' or mobile applications. Simple, well established format. Useful to use when information about the exact data format is not critical and the effort needed to decode it must stay light.

Answer 215

Nothing - they will appear on the other end exactly the same.

Answer 216

To prevent it from leaking publicly (it can be placed somewhere that can't be reached).

Answer 217

XML is very good for being able to pass detailed information, and also supports information about the type of data.

Answer 218

SimpleXML since it is well documented, however it can't do everything - so DOM is sometimes used. There are conversion functions available - so a mix of the two is common.

Answer 219

While complicated, these options have the advantage of not having to load the entire documenting in memory at once.

Answer 220

A Remote Procedure Call API. RPC may use a the url string to encode a method parameter in which to notify the application which procedure to call. (NOTE THIS IS DIFFERENT TO TRUE XML-RPC)

Answer 221

Similar to RPC - i.e. a Remote Call Procedure -but the information on what to call and how to do it is passed in the body as a POST request

Answer 222

Just use a class to wrap it - the class will respond to input and call the appropriate methods, based on URL parameters.

Answer 223

Yes, XML-RPC is a very tight specification, whereas XML over RPC is simply any method that you use to send XML over an RPC style call. Same with JSON over RPC and JSON-RPC

Answer 224

Web Services Description Language A file that provides a machine readable definition of a web service, how to call it, what parameters it expects etc.

Answer 225

When you don't have to directly map a set of objects to a client. It can be very costly to send information about the objects back and forth - avoid in situations where a mobile has to use the API at all costs.

Answer 226

Yes - it's referred to as "non-wsdl mode"

Answer 227

Use SoapClient(); $client = new SoapClient('http://api.example.com/soap2/?wsdl&v=latest'); $countries = $client->getCountryList(); var_dump($countries);

Answer 228

No - while they can be, they are complicated. There are many tools for this - Eclipse has it, and there is a PHP tool called WSDLCreator

Answer 229

PHP is dynamically typed, but some languages are not. WSDL is intended to contain type information - so it's possible you will get some mismatches. This is why many servers will use very generic types such as strings.

Answer 230

SOAP is a protocol, while REST is more of s philosophy.

Answer 231

Rate limiting

Answer 232

If a user without permission requests a resource, but is given a status code that indicates the resource exists, but they don't have permission - they now know that the resource is there - a status should be sent that gives not more information than is required.

Answer 233

First you need to get the record using GET, then update it, then return it using PUT to it's original API. REST deals with the representation of records, so the whole record must be fetched.

Answer 234

Use the Last-Modified header or an ETag (ETag may not be totally appropriate?) - to determine when it was last modfied.

Answer 235

You could create a sub resource (or use PATCH). For example, you could create a URI that just references an email resource of the user. /user/42/email

Answer 236

Not all hardware supports the PATCH verb - so it may not be transmitted.

Answer 237

It removes the chance that the error is from the client. If the error goes away when using curl, then the client is probably at fault.

Answer 238

If the client is expecting JSON or XML, this could cause an issue.

Answer 239

This is specified by the error_log directive in php.ini

Answer 240

error_log("This is an error");

Answer 241

error_log("This is an error", 3, "log.txt"); NOTE: 3 means file 0 - PHP's system log 1 - Send by email to the address in the destination parameter 2 - no longer in use 3 - to a file 4 - Send message directly to SAPI message handler

Answer 242

REST apis should represent everything as a resource. But RESTful resources should not contain verbs - when an API uses functional features, this implies verbs.

Answer 243

Because it may not be clear as to how much data to send for each request. For example, in a blog system, do I only send a short digest of the blog body, or do I send all of it. Do I provide the user with flags they can set to specify how much of the data to send? Do I send the Author along with the body, what about the comments?

Answer 244

an empty array, or a single element array. Always return the same type - consistency

Answer 245

Use an exception handler - use PHP's set_exception_handler to specify a function that will deal with uncaught exceptions. Then make sure it knows how to render the error in the correct format (probably defined through the content negotiation stage).

Answer 246

The first will describe the location of the code (i.e. the controller) and the second will describe the method (action in MVC parlance) to call.

Answer 247

Dispatch or dispatching

Answer 248

A simple method that responds when requested to indicate that the API is alive and where you expect it to be.

Answer 249

You could accidentally send emails out to the list, or affect real data. Don't do it - use dummy data.

Answer 250

No - some actions will just be parameters to existing endpoints.

Answer 251

People using your API will know how many items are in your database - which may not be something you want to divulge.

Answer 252

This would indicate you want to delete all places, and it's an endpoint that should probably be avoided.

Answer 253

When you know the full URL and the result is going to be idempotent. i.e. PUT /images/1/image HTTP 1.1 Because we've specified the full URL (including id and image) - the act of uploading this multiple times will have the exact same result. This is idempotent.

Answer 254

In the case of 'user' /user/x will return a single user identified by x /user should return all users. You could use /users - but this is not necessarily scalable, you may also run across words that either don't have a plural form or have unusual plural forms creating design issues for the endpoints. (i.e. opportunity vs opportunities) It's probably best to stick with plural for all cases. /opportunities/1 - Get the opportunity with id 1 /opportunties - Get all opportunities

Answer 255

No - it is using a VERB in the url.

Answer 256

The HTTP method.

Answer 257

You could create a messages end point that accepts many messages: POST /messages HTTP 1.1

Answer 258

``` Through a controller. There should be one controller per type of resource. i.e. CategoriesController EventsController UsersController etc. ```

Answer 259

In general no - they create a lot of issues that may not be obvious immediately. Plus in a framework like Laravel, you could manually define the routes in routes.php and it becomes self documenting.