RESTful thinking considered harmful

Willem van Bergen
6 min readbeginner
--
View Original

Overview

The article critiques the common association between RESTful design and CRUD operations, particularly in the context of Rails applications. It argues that treating updates as simple CRUD operations can lead to poor design choices that do not accurately reflect the complexities of transactional processes.

What You'll Learn

1

Why linking CRUD actions to HTTP methods can be misleading

2

How to design transactions in a way that reflects business processes rather than RESTful principles

3

When to use PATCH versus POST for updates in a Rails application

Prerequisites & Requirements

  • Understanding of RESTful principles and CRUD operations
  • Familiarity with Rails framework(optional)

Key Questions Answered

What are the implications of using PATCH for updates in RESTful design?
Using PATCH for updates can simplify code but may obscure the true nature of business processes. It can lead to a design that does not differentiate between different types of transactions, potentially causing security and clarity issues.
How should transactions be modeled in a RESTful application?
Transactions should be modeled with distinct URIs for each action, such as using POST for payment and shipping actions. This approach clarifies the process and allows for better authorization and validation of each transaction.
Why is it important to separate transaction methods in the process model?
Separating transaction methods ensures that each transaction can specify exactly what data is updated, reducing the risk of unintended changes. This practice enhances security and aligns better with the application's business logic.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Key Actionable Insights

1
Design your API endpoints to reflect the business processes rather than adhering strictly to RESTful principles.
This approach allows for clearer transaction handling and better security, as different actions can have separate authorization requirements.
2
Avoid using generic update actions in your Rails controllers to prevent mass-assignment vulnerabilities.
By explicitly defining methods for each transaction, you can ensure that only the intended data is modified, thus enhancing security.
3
Consider implementing a state machine to manage complex processes within your application.
State machines can help in modeling the various states of a transaction, making it easier to manage and audit changes over time.

Common Pitfalls

1
Assuming that all updates can be handled with a single PATCH method can lead to oversimplification.
This mistake often arises from a desire to follow RESTful conventions, but it can obscure the unique requirements of different transactions.

Related Concepts

Restful Design
Crud Operations
Transactional Processes
State Machines