ee REST API REST STANDS FOR REPRESENTATIONAL STATE TRANSFER REST APIS OPERATE ON A SIMPLE REQUEST/RESPONSE SYSTEM REQUEST ‘ oo f 0° RESPONSE C=! CLIENT CAN MAKE A REQUEST : SERVER RETURNS A RESPONSE WITH AN USING HTTP METHODS: HTTP STATUS CODE THESE METHODS ARE: GET, POST, PUT, PATCH, DELETE, HEAD, TRACE, OPTIONS, CONNECT HTTP REQUEST CONTAINS HTTP RESPONSE CONTAINS POPULAR HTTP STATUS CODE: EX, 200, 202, 403, 404, 500 ETC REQUEST METHOD HTTPHEADERS BODY STATUS CODE HTTP HEADERS RESPONSE BODY % REST APL CONSTRAINTS CLIENT-SERVER ARCHITECTURE =” \Y, UNIFORM INTERFACE © NO THIRD PARTY INTERPRETATION ~~ { © FOLLOW A COMMON PROTOCOL LAYERING © MULTIPLE INTERMEDIARIES BETWEEN GLIENT AND SERVER CACHE ABILITY STATELESSNESS ‘@ RESPONSE CAN BE CACHEABLE @ THERE 1S NO STATE. CLIENT AND SERVER ARE COMPLETELY SEPARATEDHTTP HEADERS CLIENT AND SERVER CAN PASS THE EXTRA BIT OF INFORMATION WITH THE REQUEST AND RESPONSE USING HTTP HEADERS: DIVIDED INTO FOUR PARTS REQUEST HEADERS — RESPONSE HEADERS: CLIENT TO SERVER © SERVER 70 CLIENT REPRESENTATION HEADERS — PAYLOAD HEADERS: eo INFORMATION ABOUT THE BODY , INFORMATION ABOUT OF THE RESOURCE THE PAYLOAD DATA WIDELY USED HTTP HEADERS: Accept TYPE OF DATA CLIENT CAN UNDERSTAND Accept-Encoding WHICH ENCODING METHOD CLIENT CAN UNDERSTAND Authorization USED TO PASS CREDENTIALS $0 THAT SERVER CAN AUTHENTICATE Accept-Language CLIENT I$ EXPECTING THE RESPONSE IN THE MENTIONED LANGUAGE Content-Type SPECIFIES THE MEDIA TYPE OF THE RESOURCE Host SPECIFIES THE DOMAIN NAME Access-Control-Allow-Origin WHICH ORIGIN IS ALLOWED TO ACCESS THE RESOURCES Access-Control-Allow-Methods WHICH METHODS ARE ALLOWED TO ACCESS THE CROSS-ORIGIN RESOURCESHTTP STATUS CODES 2 _/ cane \ - cmp LJ \_ RESPONSE we SERVER ALWAYS RETURNS HTTP STATUS CODE WITH THE RESPONSE SUCCESSFUL RESPONSES REDIRECTION MESSAGES 200 0K EVERYTHING IS FINE 301 MOVED PERMANENTLY THE RESOURCE HAS BEEN MOVED PERMANENTLY 201 CREATED TO THE NEW URL NEW RESOURCE WAS CREATED ty & 400 BAD REQUEST 401 UNAUTHORIZED & INVALID SYNTAX CREDENTIALS ARE INCORRECT 403 FORBIDDEN YOU DON’T HAVE PERMISSION TO ACCESS THE RESOURCES 404 NOT FOUND 427700 MANY REQUESTS INVALID URL USER HAS SENT T00 MANY REQUESTS IN A GIVEN AMOUNT OF TIME SERVER ERROR 500 INTERNAL SERVER ERROR SERVER DOES NOT KNOW HOW TO HANDLE THE UNEXPECTED SITUATIONHTTP Request Methods GET /apis uboraittin the server often. chang) uepuer meet H request method is used t nly then ry part of the PUT ) een " data orvesponce, (PATCH DELETE ) DELETE request method A to del that the ovigin server delete thea _Hesest Control {ATP Headere_ ORIGIN IT’S AGROSS-ORIGIN REQUEST. \ LET ME ADD THE ORIGIN HEADER TO TELL THE SERVER WHERE THE REQUEST IS COMING FROM, ACCESS-CONTROL-REQUEST-METHOD © LET ME ASK THE SERVER. I WANT TO MAKE A CROSS-ORIGIN: oe joy POST REQUEST. 0° THIS IS A PREFLIGHT REQUEST TO LET THE SERVER KNOW WHICH METHOD WILL BE USED IN THE MAIN REQUEST THIS IS THE RESPONSE TO THE PREFLIGHT REQUEST INDICATING THAT MAIN REQUEST CAN BE MADE USING CREDENTIALS. els: Ps A.COM ORIGIN IS: ALLOWED TO ACCESS 3” RESOURCES FROM O° B.COM POST METHOD IS \ ALLOWED TO ACCESS CROSS-ORIGIN RESOURCES. THIS IS THE RESPONSE TO THE PREFLIGHT REQUEST.GET /posts cache \~ Gone) _ ache-Control: max-age=1000 er 200 Seconds \ \ cai \ Ss