Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [web-services]

Web services are software systems designed to support interoperable machine-to-machine interaction over a network.

604 questions
115
votes
17 answers

Why should 'boneheaded' exceptions not be caught, especially in server code?

I am confused because in quite a few places I've already read that the so-called 'boneheaded' exceptions (ones that result from bugs in code) are not supposed to be caught. Instead, they must be allowed to crash the application: Vexing exceptions,…
gaazkam
  • 3,517
  • 3
  • 19
  • 35
109
votes
3 answers

Should cookies be used in a RESTful API?

I'm specifically interested in how users perform authorized / authenticated operations on a web API. Are authentication cookies compatible with the REST philosophy, and why?
Brandon Linton
  • 1,665
  • 3
  • 14
  • 9
88
votes
3 answers

Difference between Web API and Web Service?

I have heard a lot about Web Services and Web APIs, is there any difference between them or are they the same?
Harish Kurup
  • 1,279
  • 2
  • 12
  • 11
76
votes
6 answers

Why is it so bad to read data from a database "owned" by a different microservice

I have recently read this excellent article on the microservice architecture: http://www.infoq.com/articles/microservices-intro It states that when you load a web page on Amazon, then 100+ microservices cooperate to serve that page. That article…
David
  • 4,449
  • 6
  • 35
  • 48
72
votes
7 answers

How essential is it to make a service layer?

I started building an app in 3 layers (DAL, BL, UI) [it mainly handles CRM, some sales reports and inventory]. A colleague told me that I must move to service layer pattern, that developers came to service pattern from their experience and it is the…
BornToCode
  • 1,273
  • 2
  • 13
  • 16
64
votes
10 answers

When would you use a long, string ID instead of a simple integer?

I'd like to use Youtube as an example: they use IDs in the form of PEckzwggd78. Why don't they use simple integers? Or imgur.com - they also use IDs such as 9b6tMZS for images and galleries. Not sequential integers. Why don't they use integers…
Rakori
  • 787
  • 1
  • 5
  • 7
63
votes
3 answers

What is the present-day significance of SOAP

Last I encountered a SOAP based service was during my internship in a financial firm in 2013. That was the time when I started my career in IT. I remember having some study material about SOAP in one of my engineering course. Outside of that, I…
Abhas Tandon
  • 723
  • 1
  • 5
  • 8
53
votes
9 answers

Should you guard against unexpected values from external APIs?

Lets say you are coding a function that takes input from an external API MyAPI. That external API MyAPI has a contract that states it will return a string or a number. Is it recommended to guard against things like null, undefined, boolean, etc.…
Adam Thompson
  • 1,243
  • 1
  • 9
  • 14
47
votes
2 answers

Suggested HTTP REST status code for 'request limit reached'

I'm putting together a spec for a REST service, part of which will incorporate the ability to throttle users service-wide and on groups of, or on individual, resources. Equally, time-outs for these would be configurable per…
Andras Zoltan
  • 901
  • 2
  • 7
  • 15
43
votes
4 answers

REST - Tradeoffs between content negotiation via Accept header versus extensions

I'm working through designing a RESTful API. We know we want to return JSON and XML for any given resource. I had been thinking we would do something like this: GET /api/something?param1=value1 Accept: application/xml (or…
Brandon Linton
  • 1,665
  • 3
  • 14
  • 9
40
votes
5 answers

Why not use SQL instead of GraphQL?

Recently I learned about GraphQL which claims to be superior to RESTful. However, I started wondering why don't we simply put SQL statements into an HTTP GET request. For example, in GraphQL I would write { Movie(id: "cixos5gtq0ogi0126tvekxo27")…
nalzok
  • 549
  • 1
  • 4
  • 11
37
votes
4 answers

Should MVC/REST return a 403 or 404 for resources belonging to other users?

When working with a resource-based site (such as an MVC application or REST service), we have two main options when a client tries to GET a resource that they don't have access to: 403, which says that the client is unauthorized; or 404, which says…
Aaronaught
  • 44,005
  • 10
  • 92
  • 126
37
votes
3 answers

When are RPC-ish approaches more appropriate than REST?

After watching this talk on REST, Reuse and Serendipity by Steve Vinoski, I wonder if there are business cases in greenfield projects for (XML-)RPC-ish setups, that REST could not solve in a better way. A few RPC-Problems he mentions: Focus on…
miku
  • 1,508
  • 4
  • 18
  • 26
36
votes
4 answers

Best practices for execution of untrusted code

I have a project where I need to allow users to run arbitrary, untrusted python code (a bit like this) against my server. I'm fairly new to python and I'd like to avoid making any mistakes that introduce security holes or other vulnerabilities into…
p.s.w.g
  • 4,135
  • 4
  • 28
  • 40
32
votes
7 answers

What are the deciding factors in choosing to expose a web service as a SOAP or REST service?

As far as I can see consuming SOAP requires a SOAP stack, so it is harder for your clients to consume i.e. they need to ensure that they have a SOAP stack in place that formats the POST data and the headers correctly and then gives you back some…
user23157
1
2 3
40 41