Posted: 4 Min ReadProduct Insights

REST Architecture

Basics, benefits and real-world applications

If you’ve ever made an online purchase, logged into a site using your social media credentials, synced files across multiple devices or used the internet anytime since the year 2005, you’ve likely benefited from REST architecture working behind the scenes. Terms like "RESTful API," "REST" and "REST API" might sound like technical jargon, but these concepts are the backbone of how everyday applications talk to each other. 

REST (Representational State Transfer) enables seamless data exchange to power everything from eCommerce checkouts to integrated project management tools. But what exactly is REST? How does it facilitate integration between diverse systems so smoothly, and why is it considered the gold standard for APIs? This blog will clarify these questions.

Before we get too far down the road, let's define some key terms and acronyms:

REpresentational State Transfer (REST): An architectural style for application communication.

Application programing interface (API): A defined collection of methods allowing applications to communicate with each other.

RESTful: When an API conforms to REST principles and implements its guidelines.

Web services (WS): Entities and applications communicating with each other over the web.

REST 101: Background and Basics

In 2000, Roy Fielding first introduced REST to the world. Since 2005, its popularity has continued to climb, making it the most common approach for developing web-based APIs. But don’t mistake it for a protocol or rigid set of rules—REST is an architectural style that provides guidelines for how a client and a server can exchange resource data seamlessly.

A handful of basic REST API architecture principles ensure simplicity and scalability:

  1. Uniform Interface: Ensures consistent interaction.
  2. Client-Server: Maintains a separation between the client and server.
  3. Stateless: Each request contains all necessary information, with the client maintaining session state.
  4. Cacheable: Responses indicate whether the client can reuse the data.
  5. Layered System: Supports system architecture layers.
  6. Code on Demand (optional): Allows the client to download and execute code, such as scripts.

In practice, a client sends a REST request related to a resource (typically in JSON format, but XML or other languages are also supported). The server responds with data related to the specific resource. 

Consider a scenario where the server is the United Kingdom’s Driver and Vehicle Licensing Agency (DVLA), which maintains information about all registered vehicles in the UK. A client sends a request to retrieve information about a specific vehicle identified by its license plate number. The request body might look like this:

The server's response could include details about the vehicle:

The response may also include headers relevant to the data, such as Cache-Control.

Why REST Is the Go-To API Standard

What makes the de facto approach for web services, surpassing SOAP (simple object access protocol) and other traditional methods? It all comes down to its simplicity and ease of implementation. REST streamlines data exchange using familiar HTTP methods like PUT, POST, GET and DELETE, making it accessible to developers.

One of the key reasons REST architectures stand out is its client-server guideline, which separates the client and server components. Both the client and server can be developed independently, with the REST API ensuring uninterrupted communication and data exchange. For client developers, this separation is a huge win as it enables faster development cycles and cleaner codebases. 

REST's scalability is another reason for its widespread adoption. Because of its stateless nature, each request/response pair is executed independently, without relying on previous communications. Additionally, by implementing the cacheable principle, responses can be cached, allowing quicker processing when the same data is needed again.

But REST’s true boon comes from its versatility. It’s everywhere, letting you log into a website using Facebook credentials or paying for purchases with PayPal or AmazonPay. Whenever you encounter two apps seamlessly talking to each other, there’s a good chance REST APIs are running the show.

REST and IGA Use Case: Endpoint Management

In the Identity and Governance Administration (IGA) world, provisioning and managing identities in the cloud can get complicated fast. Many organizations still maintain on-premises endpoints while increasingly using cloud-based endpoints like Azure and ServiceNow, each with its own unique requirements. Symantec IGA simplifies this complexity with built-in provisioning capabilities for these common endpoints. Additionally, customers often use various custom endpoints that require managing identities, such as users, groups and roles.

To simplify and automate connectivity to such endpoints, Broadcom's Symantec IGA solution includes a tool called Connector Xpress 2.0. This tool creates custom connectors to endpoints with a published REST API. Once deployed, the connector allows managing accounts and resources on the endpoint, integrating it into the global IGA solution. Watch the demo to see how it works.

For the complete documentation about Connector Xpress 2.0 please refer to the official product documentation.  For even more information about REST, explore these resources:

https://restfulapi.net/ 

https://www.redhat.com/en/topics/api/what-is-a-rest-api 

Symantec Enterprise Blogs
You might also enjoy
3 Min Read

Data Protection Made Simple

Now available: Symantec DLP 16.1

Symantec Enterprise Blogs
You might also enjoy
5 Min Read

Securing Your Foundation

Why you need host-based access control

About the Author

Rinat Richie

Client Services Consultant

Rinat has over 25 years of experience as an IT Security Professional, specializing in Security, Networks, and Identity and Access Management, and has been with Broadcom for over 20 years (includes time at CA and Netegrity).

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.