The REST architecture

The REST architecture is strongly based on the HTTP protocol but does not require any specific kind of data format, and so it can transmit data in several formats such as plain text, JSON, Extensible Markup Language (XML), or binary (encoded as Base64).

Many web resources describe what the REST architectural paradigm is. One such can be found at https://en.wikipedia.org/wiki/Representational_state_transfer.

However, the concept of the REST architecture is quite simple. It is the purest extension of the ideas behind the World Wide Web (WWW) project.

The WWW project was born in 1989 as a global library of hypertexts. A hypertext is a document that contains links to other documents so that, by clicking repeatedly on the links, you can see many documents by using only your mouse. Such documents are scattered over the internet and are identified by a unique description, the Uniform Resource Locator (URL). The protocol to share such documents is HTTP, and the documents are written in HyperText Markup Language (HTML). A document can embed images, referenced by URL addresses too.

The HTTP protocol allows you to download pages to your document viewer (the web browser), but also to upload new documents to be shared with other people. You can also replace existing documents with a new version, or delete existing documents.

If the concept of a document or file is replaced by that of named data, or a resource, you get the concept of REST. Any interaction with a RESTful server is a manipulation of a piece of data, referencing it by its name. Of course, such data can be a disk file, but it can also be a set of records in a database that is identified by a query, or even a variable kept in memory.

A peculiar aspect of RESTful servers is the absence of server-side client sessions. As with any hypertext server, RESTful servers do not store the fact that a client has logged in. If there is some data associated with a session, such as the current user or the previously visited pages, that data belongs only to the client side. As a consequence, any time the client needs access to privileged services, or to user-specific data, the request must contain the credentials of the user.

To improve performance, the server can store session information in a cache, but that should be transparent. The server (except for its performance) should behave as if it doesn't keep any session information.