为什么我应该优先选择基于HTTP RPC JSON-Messaging样式的HTTP REST和CQRS？

Question

Every time I read about how web service should communicate the first thing that comes up is:

Use REST , because it decouples client and server!

I would like to build a web service where each Query and Command is an Http-Endpoint. With REST I would have fewer endpoints, because of its nature of thinking of resources instead of operations (You typically have more operations than resources).

• Why do I have a stronger coupling by using RPC over REST ?
• What is the benefit of using REST over RPC Json-Messaging style?

Additional information: With messaging I mean synchronous messaging ( request / response )

Update: I think it would be also possible/better to only have one single Http endpoint that can handle a Query or Command depending on the given Http verb.

Answer 1

Before I get to the CQRS part, I'd like to spend a little time talking about the advantages and disadvantages of REST. I don't think it's possible to answer the question before we've established a common understanding of when and why to use REST.

REST

As with most other technology options, REST, too, isn't a silver bullet. It comes with advantages and disadvantages.

I like to use Richardson's Maturity Model, with Martin Fowler's additional level 0 , as a thinking tool.

Level 0

Martin Fowler also calls level 0 the swamp of POX , but I think that what really distinguishes this level is simply the use of RPC over HTTP. It doesn't have to be XML; it could be JSON instead.

The primary advantage at this level is interoperability. Most system can communicate via HTTP, and most programming platforms can handle XML or JSON.

The disadvantage is that systems are difficult to evolve independently of clients (see level 3).

One of the distinguishing traits of this style is that all communication goes through a single endpoint.

Level 1

At level 1, you start to treat various parts of your API as separate resources. Each resource is identified by a URL.

One advantage is that you can now start to use off-the-shelf software, such as firewalls and proxy servers, to control access to various distinct parts of the system. You can also use HTTP redirects to point clients to different endpoints, although there are some pitfalls in that regard.

I can't think of any disadvantages , apart from those of level 0.

Level 2

At this level, not only do you have resources, but you also use HTTP verbs, such as GET , POST , DELETE , etc.

One advantage is that you can now begin to take more advantage of HTTP infrastructure. For instance, you can instruct clients to cache responses to GET requests, whereas other requests typically aren't cacheable. Again, you can use standard HTTP firewalls and proxies to implement caching. You can get 'web-scale' caching for free.

The reason that level 2 builds on level 1 is that you need each resource to be separate, because you want to be able to cache resources independently from each other. You can't do this if you can't distinguish various resources from each other, or if you can't distinguish reads from writes.

The disadvantage is that it may involve more programming work to implement this. Also, all the previous disadvantages still apply. Clients are tightly coupled to your published API. If you change your URL structure, clients break. If you change data formats, clients break.

Still, many so-called REST APIs are designed and published at this level, so in practice it seems that many organisations find this a good trade-off between advantages and disadvantages.

Level 3

This is the level of REST design that I consider true REST. It's nothing like the previous levels; it's a completely different way to design APIs. In my mind, there's a hard divide between levels 0-2, and level 3.

One distinguishing feature of level 3 is that you must think content negotiation into the API design . Once you have that, though, the reasons to choose this API design style become clearer.

To me, the dominant advantage of level 3 APIs is that you can evolve them independently of clients. If you're careful, you can change the structure, even the navigation graph, of your API without breaking existing clients. If you need to introduce breaking changes, you can use content negotiation to ensure that clients can opt-in to the breaking change, whereas legacy clients will keep working.

Basically, when I'm asked to write an API where I have no control over clients, my default choice is level 3.

Designing a level 3 REST API requires you to design in a way that's unusual and alien to many, so that's a disadvantage . Another disadvantage is that client developers often find this style of API design unfamiliar, so they often try to second-guess, or retro-engineer, your URL structure . If they do, you'll have to expend some effort to prevent them from doing that as well, since this will prevent you from being able to evolve the API.

In other words, level 3 APIs require considerable development effort, particularly on the server-side, but clients also become more complex.

I will, though, reiterate the advantage: you can evolve an level 3 REST API independently of clients. If you don't control clients, backwards compatibility is critical. Level 3 enables you to evolve APIs while still retaining compatibility. I'm not aware of a way you can achieve this with any of the other styles.

CQRS

Now that we've identified some advantages and disadvantages of REST, we can start to discuss whether it's applicable to CQRS.

The most fundamental agreement between Greg Young and Udi Dahan concerning CQRS is that it's not a top-level architecture .

In a nutshell, the reason for this is that the messages (commands and events) and queries that make up a CQRS system are sensitive to interpretation. In order to do something, a client must know which command to issue, and the server must know how to interpret it. The command, thus, is part of the system.

The system may be distributed across clients and servers, but the messages and data structures are coupled to each other. If you change how your server interprets a given message, that change will impact your clients. You can't evolve clients and servers independently in a CQRS architecture, which is the reason why it's not a top-level architecture.

So, given that it's not a top-level architecture, the transport architecture becomes fairly irrelevant. In a sense, the only thing you need in order to send messages is a single 'service bus' endpoint, which could easily be a level 0 endpoint, if all you need is interoperability. After all, the only thing you do is to put a message on a queue.

The final answer, then, is, as always: it depends.

Is speed of delivery the most important criterion? And can you control all clients and servers at the same time? Then, perhaps level 0 is all you need. Perhaps level 2 is fine.

On the other hand, if you have clients out of your control (mobile apps, hardware (IoT), business partners using your public API, etc.), you must consider how to deal with backwards and forwards compatibility, in which case level 3 is (IMO) required. In that case, though, I'd suggest keeping CQRS an implementation detail.

Answer 2

The best answer would probably be "it depends", but one of the big things about real REST is that it is stateless. And it being stateless means all sorts of things.

Basically, if you look at the HATEOAS constraint you have the reason for the decoupling ¹

I think that RPC-JSON is not statefull per se, but it definately is not defined as stateless. So there you have the strongest argument of why the decoupling is very high with REST.

1: https://en.wikipedia.org/wiki/HATEOAS , http://restfulapi.net/hateoas/