Wednesday, May 28, 2008

The Dark Side of REST?

My organization is considering a move from a SOAP based SOA to a RESTful SOA. To be sure there are advantages and disadvantages to both, but I just encountered a problem with REST that I hadn't really pondered before.

I have used RESTful APIs before, but only to play with. I have messed with the Google Docs API using both REST (from Java and J2ME) and the Java libraries and done some other playing around. But I have never used a RESTful API in anger before. I have never really used one to solve a problem.

Well, I just did. And I found the experience unexpectedly enlightening.

The problem is a typical one for a geek like me. I recently got a book, Hamburger America, that has detailed reviews of 100 or so of the best hamburger places in America. Being a GPS owning geek and foodie I of course wanted to turn that into a custom POI file for my GPS so that I would always know when a truly great hamburger might be nearby.

I wanted to make sure I had a workable process before I spent a bunch of time typing in 100 addresses. So I grabbed the addresses of a bunch of highly rated burger places in the NE from the Phantom Gourmet and sent them to a couple of batch geocaching sites.

Alas, for whatever reason I got zilch. The stupid batch web geocaching apps don't do much in the way of user friendly error reporting. But they all use the Yahoo Maps API, so I figured I would simply write a little app myself if I thought it could be done in under 15 minutes.

10 minutes later I had a working Java Swing app that does batch conversions of addresses to latitude/longitude. That says a lot about the simplicity and power of REST, doesn't it? (It also says a lot about how easy it is to use Netbeans 6, but that's another post).

But the code I wrote was awful. Really horrid stuff. I hard coded everything that I shouldn't and I did the parsing without XML libraries using really basic String matching. It was easy and fast and it works great, but the tiniest change to the library and the whole thing will fall over.

Anyway, if you haven't guessed, the observation I made was this: it is extremely easy, to the point of being by far the path of least resistance, to write bad client code for a RESTful service. It is much easier to write bad code against a RESTful API than against a SOAP API (because the SOAP library, which is all but required, will do the heavy lifting for you).

We have our share of bad code lying about - we don't really need to be encouraging anyone to write more of the stuff. What can we do to prevent or discourage bad coding practices for RESTful APIs?


No comments: