API 2.0 - Design

Streams vs. Resources

In the design below, all parts of ESME are modeled as resources, in keeping with a RESTful approach. Our streaming resources (also thought of as delta-queue resources) are collections that are only additive. We have defined a general streaming interface that strives to be RESTful while prioritizing the performance benefits of streams.

References - Dev mailing list thread - http://www.mail-archive.com/esme-dev@incubator.apache.org/msg00976.html

Resource/Object/Stream Hierarchy

The above is based on a rough object hierarchy as follows:

• ESME API instance (api/)
  • Session (api2/session)
  • Users (api2/users)
    • Specific User (api2/users/USERID)
      • User's tokens (api2/users/USERID/tokens)
  • Messages posted by logged in user (api2/user/messages) (1)
  • Users followed by logged in user (api2/user/followees)
  • Users following logged in user (api2/user/followers)
  • Trackers belonging to logged in user (api2/user/tracks)
    • Messages from a track (api2/user/tracks/TRACKID/messages) (1)
  • Actions belonging to logged in user (api2/user/actions)
  • Messages (api2/messages) (1)
  • Tags (api2/tags)
    • Messages posted to a tag (api2/tags/TAG/messages) (1)
  • Conversations (api2/conversations)
    • Messages posted to a conversation (api2/conversations/CONVERSATIONID/messages) (1)
  • Pools (api2/pools)
    • Users associated with a pool (api2/pools/POOLID/users)
    • Messages posted to a pool (api2/pools/POOLID/messages) (1)
  • Searches ?? (1)
  • Trends ??

(1) Stream interface

Each of these bullets represents a set of objects. The resource representing an individual object lives at api/objects/OBJECTID. For example, api/conversations/1. As much as is reasonable, one would expect to be able to GET (read), POST (create), PUT (update/amend), or DELETE (delete) any individual member of each of these object sets. Going through each of these objects to ask what it would mean to create, read, update, or delete that object may reveal holes in the existing API, some of which I have filled in above.

Methods, Resources, and Descriptions

Bold means the resource and method is implemented in the current /api2/ endpoint.

One point to note is that some HTTP clients do not currently support the "PUT" or "DELETE" methods, so these may have to be simulated through POST methods with an extra parameter. I think that because of the close mapping to resource verbs, is worth using these methods in the specification and defining the simulation method for the entire API separately.

Streams

There are a lot of ways we can model streams and I'm very interested in input here. Options for interfacing to streams that I have seen:

• XMPP - http://xmpp.org/
• AMQP - http://jira.amqp.org/confluence/display/AMQP/Advanced+Message+Queuing+Protocol
• HTTP
  • Polling (bad)
  • Comet/long-polling - Bayeux - http://svn.cometd.com/trunk/bayeux/bayeux.html
  • Reverse HTTP - http://www.reversehttp.net/
  • PubSubHubBub? - possibly via Reverse HTTP - http://www.reversehttp.net/demos/endpoint.html

Authorization and roles

Certain API methods are only available to certain roles, as defined in property files. If an API method has a notation in the "Admin only?" column, this means that the user attempting to interact with that API method must have the proper role assigned in the relevant property file.

For example, take a look at the test.default.props file in the /server/resources/props directory.

Or, for example, create a prod.default.props file in the "server/resources/props" directory. In this file, add the line "role.myuser=integration-admin", where
"myuser" is the username that you want to have super-powers.
("integration-admin" is what we're calling the role.)

ESME HTTP Comet/long-polling implementation for streams

In general, for any resource URL that indicates streaming is implemented above, we will implement an HTTP-based streaming interface. This interface might better be referred to as a "delta" interface. The URL will behave as follows (we use api2/user/messages as an example):

Response codes follow normal HTTP meanings:

Once this interface is implemented where planned for a URL, the "Yes" above in the "Streaming?" column will be bolded.

Streams/Message-queues in ESME and in general

Formats

Request formats

Format specification

If there is a request body, format should be specified using the Content-Type HTTP header.

Formats to be supported

• XML ?
• JSON ?
• Multi-part Form-encoded ?
• Form-encoded

Response formats

Format specification

Format could be specified using the HTTP Accept header - http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

Another option (though not as robust) would be to append the format to the resource request url. For example /api/users/USERID.json

Formats to be supported

• XML ?
• JSON ?
• ...

Authorization

Currently the ESME REST API uses tokens as the authorization mechanism. A token is used to establish a session and then the session is used to persist the authorization of the API client across the length of the session.

There are a couple of problems with this, though we don't have a better approach at the moment:

1. Sessions are not natively supported in a lot of API programming environments, especially environments that do not have a persistent data-store available to the application.
2. The current API design appears encourage that the token sent to establish the session be sent in the clear over an unencrypted connection.

Clients

Daniel Koller has created an initial client for the Streaming api. The client is currently attached to a Jira item