Start reading The REST API Design Handbook on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here or start reading now with a free Kindle Reading App.

Deliver to your Kindle or other device


Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Sorry, this item is not available in
Image not available for
Image not available

The REST API Design Handbook [Kindle Edition]

George Reese , Christian Reilly

Kindle Price: £4.79 includes VAT* & free wireless delivery via Amazon Whispernet
* Unlike print books, digital books are subject to VAT.

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your e-mail address or mobile phone number.

Kindle Daily Deal
Kindle Daily Deal: Up to 70% off
Each day we unveil a new book deal at a specially discounted price--for that day only. Learn more about the Kindle Daily Deal or sign up for the Kindle Daily Deal Newsletter to receive free e-mail notifications about each day's deal.

Book Description

Designing and implementing web services APIs has become a common part of every software engineer's job. The RESTful approach to web services design is rapidly become the approach of choice. Unfortunately, too few people have truly solid REST API design skills, and discussions of REST can become bogged down in dry theory.

The REST API Design Handbook is a simple, practical guide to aid software engineers and software architects create lasting, scalable APIs based on REST architectural principles. The book provides a sound foundation in discussing the constraints that define a REST API. It quickly goes beyond that into the practical aspects of implementing such an API in the real world.

Written by cloud computing expert George Reese, The REST API Design Handbook reflects hands on work in consuming many different third party APIs as well the development of REST-based web services APIs. It addresses all of the debates the commonly arise while creating these APIs. Subjects covered include:

* REST architectural constraints
* Using HTTP methods and response codes in an API
* Authenticating RESTful API calls
* Versioning
* Asynchronous Operations
* Pagination and Streaming
* Polling and Push Notifications
* Rate Limiting

Customers Who Bought This Item Also Bought

Page of Start over
This shopping feature will continue to load items. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.

Product details

  • Format: Kindle Edition
  • File Size: 342 KB
  • Print Length: 90 pages
  • Simultaneous Device Usage: Unlimited
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • ASIN: B00890OBFI
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Enhanced Typesetting: Enabled
  • Amazon Bestsellers Rank: #276,809 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

More About the Author

Discover books, learn about writers, and more.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on (beta) 3.9 out of 5 stars  59 reviews
45 of 48 people found the following review helpful
1.0 out of 5 stars Mediocre on REST itself, dangerously wrong on crypto and security 29 Jun. 2013
By Marshall Pierce - Published on
Format:Kindle Edition
The author has tried hard to make a useful reference on REST API design, and while certain parts of the book are acceptable, overall he has failed to provide a book that I would recommend to others as a guide. It is worth reading, but more as an opportunity for critique than as a source of gospel truth.

I'll start with the major issues and then proceed to smaller ones.

The author's coverage of security and how to use cryptographic primitives to handle request security is WRONG AND DANGEROUSLY INSECURE. Do not follow his advice on how to use SHA256 or anything else crypto-related; based on his suggestions he is not qualified to give advice on these topics. If you want to keep your API traffic secure, use TLS (properly configured -- see for deployment best practices and a handy validator). If you cannot use TLS for some extremely good reason, you need to read "Cryptography Engineering: Design Principles and Practical Applications" (Ferguson, Schneier, Kohno) as an introductory text on designing cryptographic protocols. If that book hasn't persuaded you to simply use TLS and benefit from the hard work of experienced cryptographers, then it will at least give you a reading list of further advanced texts to refer to when designing your own protocol (which almost certainly won't be as good as TLS 1.2).

His coverage of authentication is correct in that it suggests using a finite-lifespan token. However, the fact that it does not cover OAuth 1 or 2 is bizarre for a book published in mid-2012. This is a serious omission since OAuth 2 (or 1) is likely to be a good fit for many modern REST APIs.

His coverage of HTTP PUT is incorrect. Using PUT to update part of a resource is WRONG as per the spec. See RFC 2616 9.6 ([...] for the RFC's coverage of HTTP PUT and RFC 5789 ([...] for HTTP PATCH. HTTP PUT may only completely replace the resource stored at a given URL, so his explanation of how to perform partial updates with HTTP PUT is not following the HTTP spec.

He does not cover matrix params at all, which is a shame as they are a useful option for doing pagination. His header-based approach is fine, but matrix params are right there in the HTTP spec as means of pagination.

His assertion that XML is better for large data sets due to easier streaming parsing is dubious. His recommended solution for JSON streaming involves generating invalid JSON. Streaming JSON parsers are no different from streaming XML parsers, and either format can be parsed in a streaming fashion.

I have other minor quibbles that I won't get into but they're just differences of opinion. The issues I've described above are basic factual errors or omissions.
23 of 25 people found the following review helpful
3.0 out of 5 stars A good introductory read, despite minor liberties with rfc 2616 13 Jun. 2012
By maxbirkoff - Published on
Format:Kindle Edition|Verified Purchase
This is a reasonable read for someone who doesn't know what REST is all about. Reese does a good job writing about the general nature of REST. Unfortunately there is some opinion mixed-in with fact, which makes it difficult for an inexperienced reader to tell fact from opinion.

The whole document has a somewhat informal tone; it reads like I'm listening to Reese talk to a friend. At times I find that makes for an easier read, and at times I find the lack of formality a little... grating.

Reese does not seem to like the idea of POST updating a resource, despite RFC 2616 reading "The actual function performed by the POST method is determined by the server and is usually dependent on the Request-URI." I don't honestly understand how Reese can argue for PUT updating a resource; RFC 2616 seems to me to imply that PUT will put a whole new version of an existing resource.

I wish Reese had spent a little more time talking about the effect of intermediate HTTP caches on API design; in particular POST and PUT invalidating intermediate caches for subsequent GETs is an important concept, as it forces the API designer to model consistent resources supported by separate verbs.
7 of 7 people found the following review helpful
3.0 out of 5 stars Not Bad, Not Great 23 April 2013
By Amazon Customer - Published on
Format:Kindle Edition|Verified Purchase
Although it's labeled a handbook, it comes off more as a set (a fairly nice set) of anecdotal experiences organized into a set of useful suggestions. The topic is definitely in need of addressing, and I do like books written by practitioners, as opposed to theorists. It's unfortunate that more professionals don't take the opportunity to put down their experiences in this fashion.

The style of the prose is very conversational, and feels like you're listening to a lecture as opposed to reading a handbook. However, I found the sentence structures sometimes awkward and difficult to follow unless you understand the context of the writers mind at any given moment. If you are prepared with enough prerequisite knowledge, you can glean a fair amount of wisdom from its pages.

The example API at the end was a bit disappointing. There really wasn't a lot of meat there in terms of sample requests and responses. Overall, I'd appreciate more solid examples.

Still, for the price, I did find the clearly hard fought, front line knowledge valuable. Because it isn't an arduous slog of a read, you can get the benefit out of it in a single afternoon. Some of it applies not only to REST APIs, but any API. Though I probably will refer back to it in the future if the need arises, I will also be on the hunt for a more definitive guide to REST practices.
13 of 15 people found the following review helpful
2.0 out of 5 stars Unfulfilling 25 April 2013
By Amazon Customer - Published on
Format:Kindle Edition|Verified Purchase
I'm an experienced programmer, but not with REST APIs. I was looking for a meaningful introduction, which would allow me to start designing APIs in a RESTful way. I'm still looking.

The book has very few examples, and they are so simple, that they don't give any insight of how to solve real problems. I wouldn't know that in a REST API it's expected to create or modify object by PUTing or POSTing their representation as obtained with GET. Because all the examples demonstrate only GET. All 3 of them!

The author states the difference between SOAP and REST, but doesn't provide any help on should you use REST and how to implement an inherently transactional API.

It's full of "DONT'S", but doesn't provide you with alternatives. For example, it says something like "don't introduce non-standard HTTP response codes". Fine. Now, how do I specify, that something isn't working properly, if none of the HTTP status codes seems to match? The book doesn't say.

In short, this book is "Mostly pointless".
5 of 6 people found the following review helpful
3.0 out of 5 stars Informative, but not sure if it can be termed as a handbook. 4 Nov. 2012
By R. Pokkyarath - Published on
Format:Kindle Edition|Verified Purchase
Based of his implementation experience at enStratus, the author has brought his own perspective on the conventions to be followed and where to draw a line between pragmatism and dogmatism. So I don't have any regrets on the 5 bucks I spent.

However, the book could have been a bit more comprehensive given that there are a number of good and free REST implementation resources out there (Les Hazlewood's 1 1/2 hr presentation available at youtube -or- Apigee's API guides). There are quite a few areas that the author didn't cover, Resource/Entity Expansions, for example. Not sure why Event notification should get more real estate than some of the other relevant topics. Also, it would've been nicer if the example and the problem domain for 'Rest in Action' (Chap 6) had more depth to it.
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category