version: 1.1
Based on: Project Kenai: RESTful Cloud Specification - Common Behaviors
Copyright © Sun Microsystems, 2009. This work is licensed under Creative Commons Attribution 3.0 Unported License
This document specifies constraints that apply to all the requests and responses that occur in the RESTful APIs supported by the abiCloud's server, hereinafter referred to as "The Server".
Contents:
Imperative Terms In Specifications
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document, and all other documents that comprise the specification of The Platform RESTful API, are to be interpreted as described in "Key words for use in RFCs to Indicate Requirement Levels" (RFC 2119).
Transport Protocol
All of The Server APIs are based on the Hypertext Transfer Protocol, version 1.1 (RFC 2616). Each request will be authenticated using HTTP Basic Authentication (RFC 2617). Therefore, requests sent from clients on the public Internet (and not on a secure channel such as a VPN) SHOULD use the https protocol.
URI Space
All the resources of the system are identified by URIs. To begin operations, a client must know the URI for a Server.
Clients MUST NOT make assumptions about the layout of the URIs within a Space.
Media Types
In The Server API, resource representations and request bodies are normally encoded in XML.
Each type of resource matches the pattern application/xml, even the errors
The Server MUST provide representations of all resources available in XML.
The Server MUST accept requests from clients encoded in XML.
Request Headers
In requests made to services implementing abiCloud APIs, several specific HTTP headers are used as described in the following table:
| Header | Supported Values | Description of use | Required | |
|---|---|---|---|---|
| Accept | Comma-delimited list of media types or media type patterns. | Indicates to the server what media type(s) this client is prepared to accept. | Recommended, on requests that will produce a response message body. | |
| Authorization | "Basic " plus username and password (per RFC 2617) | Identifies the authorized user making this request. | No. We are considering use OAuth to authenticate users | //todo |
| Content-Length | Length (in bytes) of the request message body. | Length (in bytes) of the request message body. | Yes, on requests that contain a message body.(1) | |
| Content-Type | Media type describing the request message body | Describes the representation and syntax of the request message body. | Yes, on requests that contain a message body. | |
| Host | Identifies the origin host receiving the message. | Required to allow support of multiple origin hosts at a single IP address. | All requests. Note that since a single Space may spread its URIs across multiple hosts, this may need to be re-set for each request. | |
| X-YYYYY-Client-Specification-Version | String containing a specification version number. | Declares the specification version of the YYYYY API that this client was programmed against. | No (current version is assumed if this header is not present). |
(1) Some APIs MAY require a "Content-Length: 0" header to be included on a POST request that contains no request message body.
Note that, since all interactions with RESTful abiCloud APIs are stateless, no Cookie header (or any other mechanism to provide a session identifier) is used.
Request Parameters
Since the URI space is controlled by the server, client programs MUST not make any assumptions about the meanings of request parameters.
Response Headers
In responses returned by The Server, several specific HTTP headers are used as described in the following table:
| Header | Supported Values | Description of use | Required |
|---|---|---|---|
| Content-Length | Length (in bytes) of the response message body. | Describes the size of the message body. | Yes, on responses that contain a message body. |
| Content-Type | Media type describing the response message body. | Describes the representation and syntax of the response message body. | Yes, on responses that contain a message body. |
Standard HTTP Status Codes
AbiCloud APIs will return standard HTTP response codes as described in the following table, under the conditions listed in the description.
| HTTP Status | Description |
|---|---|
| 200 OK | The request was successfully completed. If this request created a new resource that is addressable with a URI, and a response body is returned containing a representation of the new resource, a 200 status will be returned with a Location header containing the canonical URI for the newly created resource. |
| 201 Created | A request that created a new resource was completed, and no response body containing a representation of the new resource is being returned. A Location header containing the canonical URI for the newly created resource should also be returned. |
| 202 Accepted | The request has been accepted for processing, but the processing has not been completed. Per the HTTP/1.1 specification, the returned entity (if any) SHOULD include an indication of the request's current status, and either a pointer to a status monitor or some estimate of when the user can expect the request to be fulfilled. |
| 400 Bad Request | The request could not be processed because it contains missing or invalid information (such as validation error on an input field, a missing required value, and so on). |
| 401 Unauthorized | The authentication credentials included with this request are missing or invalid. |
| 403 Forbidden | The server recognized your credentials, but you do not possess authorization to perform this request. |
| 404 Not Found | The request specified a URI of a resource that does not exist. |
| 405 Method Not Allowed | The HTTP verb specified in the request (DELETE, GET, HEAD, POST, PUT) is not supported for this request URI. |
| 406 Not Acceptable | The resource identified by this request is not capable of generating a representation corresponding to one of the media types in the Accept header of the request. |
| 409 Conflict | A creation or update request could not be completed, because it would cause a conflict in the current state of the resources supported by the server (for example, an attempt to create a new resource with a unique identifier already assigned to some existing resource). |
| 500 Internal Server Error | The server encountered an unexpected condition which prevented it from fulfilling the request. |
| 501 Not Implemented | The server does not (currently) support the functionality required to fulfill the request. |
| 503 Service Unavailable | The server is currently unable to handle the request due to temporary overloading or maintenance of the server. |
