The REST standard is based on the six principles listed below. They go back to the computer scientist Roy Fielding, who first described them entirely in 2000. An API in which all mandatory principles have been implemented is also referred to as RESTful. Principle 6 (code on demand) is optional.
1. Client-server architecture
The assumed separation of client (service user) and server is intended for distributing tasks. In practical terms, this means that services provided by a server (e.g. a database server) are requested via the user interface of a software. This makes it easier to scale the system, as both components can be developed independently of each other.
2. Statelessness
Requests from a client must contain all the information that the server needs to be able to process them. The server must not save any session data about the client. This also ensures scalability, as incoming requests can be distributed to any other machine.
3. Cacheability
Frequently occurring responses from a server should be cacheable, so as not to overload the server unnecessarily. For the data in the cache, however, it must be defined how long it is to be retained. This is necessary so that the client does not receive any outdated information.
4. Uniform interface
The interaction between client and server takes place according to uniform standards based on four conditions:
- Addressability of resources: A server resource can contain a wide variety of data, but it must be uniquely addressable via an URL.
- Resource manipulation through representations: Clients can interact with resources via data interchage formats such as JSON or XML. Such formats contain all the information required to modify or delete a resource.
- Self-descriptive messages: Messages must already contain the information required for interpretation by a client or server.
- HATEOAS (Hypermedia as the Engine of Application State): This means that clients can navigate dynamically through application resources using links embedded in the server responses.
5. Layered systems
Requests must be routable through independent network layers such as proxy servers or load balancers. The client or server code should not be changed. Such intermediate layers can greatly improve the performance and security of a system.
6. Code on demand (optional)
This principle states that the server may transfer code to the client for local execution if required.