A preliminary understanding of RESTful (ii) ————— cognitive restful API

This is a creation in Article, where the information may have evolved or changed. **1**. The development and use of the request and Responserestful APIs is nothing more than a client sending requests to the server and the server reacting to the client (response). The client will give the Get method to send a request to the server to obtain resources, based on the put or patch method to send updated data to the server request, the service API settings should also be in accordance with the corresponding specifications to handle the corresponding request, this should now become the consensus of all RESTful API developers. Here, let's briefly talk about common response codes: When get, put, and patch requests are successful, return the corresponding data, and the status code 200, that is, success; when the post creation data succeeds, it returns the data that was created successfully, and the status Code 201, which is created ; When delete deletes data successfully, does not return the data, the status code returns 204. That is, no CONTENT; when get is not data, the status code returns 404, that is, not FOUND; At any time, if there is a problem with the request, such as verifying the request data when an error is found, to return the status Code 400, That is, bad request when the API request requires user authentication, if the authentication information in request is incorrect, to return the status code 401, that is not AUTHORIZED, when the API request needs to verify the user rights, if the current user does not have the appropriate permissions, to return the status code 403, That is forbidden finally, for request and response, do not ignore the Content-type in the HTTP header. In JSON, for example, if the API requires the client to send JSON data, the server can only get and parse the JSON data, but if the server supports the incoming of multiple types of data, if both JSON and Form-data are supported, It is necessary to obtain and parse the data separately for different types if the request is sent according to the Content-type in the header, and if the JSON data returned by the API in response to the client request needs to be added in the header content-type= Application/json. **2**. Serialization and deserialization of **serialization** and **deserialization** are serialization and deserialization, and RESTful APIs are used as vectors for data in a normalized format, with JSON or XML in common format. In the JSON format example, when the client sends a request to the server, or the server responds to the client's request, it transmits the JSON-formatted text to the client, but within the server, data processing is essentially not in JSON formatInstead of a native type of data, that is, the localized data (an instance of the class object, that is, an object). JSON is just a format for transmitting data over the network when the server communicates with the client, and both the server and the client are converting JSON to the native type and native type data into JSON format, where the native data is serialized as JSON. The conversion of JSON to native data is deserialized. Although the data types in some languages can be easily serialized and deserialized, for complex APIs, internal implementations always use object as the carrier of the data. Therefore, the implementation of the serialization and deserialization methods is the most important step in the development of restful APIs. **3**. Validationvalidation, or data validation, is another important part of developing robust restful APIs. Still using JSON for example, when the client sends get, post and patch requests to the server, it usually sends the relevant data in JSON format at the same time, and the server does the data verification before processing, which is the most reasonable and secure front-end interaction mode. When the data sent by the current end is incorrect or unreasonable, the server returns 400 errors and corresponding data errors directly to the client after being verified. ** ** Data type verification, such as the field data type int, then the value of the string to the error ** ** Data format check, if the string type is a mailbox or password, the assignment must satisfy the corresponding regular expression, is the correct input data ** ** Data logical Check, If the data contains two fields of birth date and age, you need to check the rigor between the two data, and the inconsistency returns the error message **4**. Authentication and permissionauthentication refers to the user authentication, permission refers to the authority mechanism, this two points makes RESTful API strong, flexible and security guarantee. The common authentication mechanism is basic auth and OAuth, unless the API is extremely simple and there is no potential security issue, otherwise the authentication mechanism is implemented and applied to the API. Basic Auth is very simple and many frameworks integrate the implementation of basic Auth, and you can write one yourself. Today, OAuth has become the standard for enterprise-class services, and its associated open source implementations are rich. A privilege mechanism is a further restriction on API requests, which can only be accessed by authenticated users who meet their permissions requirements. The implementation of the Authority mechanism relies on the business logic and the application scenario of the system, generally speaking, the common permission mechanism includes the global type and the object type, and the global permission mechanism mainly refers to giving the user permission or assigning the user the role or the user group, and then assigning the permissions to the role or role group.method to implement permission control. The object-specific permission mechanism mainly refers to the granularity of permission control on object, the user's access to, modification, deletion or other behavior of a particular object, and the permission control should be granted to the user on the object separately. Generally speaking, the overall control of permissions is easy to understand, the implementation is simple, there are many open source libraries to do the alternative, the object of the rights control is relatively complex, but there are many typical application scenarios, such as the multi-person blog system, the author of his own article editing rights is the object of the rights control, and its corresponding open source library also has 390 reads