REST callbacks

In a REST API which correctly uses hypermedia, the URLs to contact with HTTP requests by the client are not fixed. They are embedded in responses from previous requests, making their change possible.

This style uses standard media types to transmit the links, such as XML in the form of Atom feeds or JSON HAL. Even if we skip the standard media types, we can embed links into HTTP headers of the responses to provide flexibility and discoverability:

• Location headers in 201 Created responses to POST requests.
• Location headers in 30X redirects after we notice a POST is not acceptable or If-Match conditions are not satisfied.
• Link headers to navigate a collection of resources back and forth, and to store bookmarks to the currently most recent page.

Today I want to expand this mindset to cover server to server interaction, between two applications that chat through a REST API; actually, through two REST APIs exposed to each other.

Context: asynchronous calls

Processes are a precious, limited resource; in many stacks such as LAMP a process busy respond to an HTTP request can't do anything else, even if it's blocked waiting for IO from a downstream dependency like a database. Moreover, there is a limit to how many processes can be allocated. For example, the number of Apache processes is limited by configuration; each new process results in a different connection to the database being created or taken by the pool; and it takes a toll in context switches that the processor cores have to perform to manage a number of processes much bigger than them (like a programmer having to work on 3 or 4 user stories at the same time).

Still, the number of web processes defined how many concurrent clients you can support: once they are all allocated clients will see their connection hung up while they wait for an accept() system call by Apache. After a timeout, their connection are refused or terminated on the client side.

One of the easiest ways to expand this capacity is to make processes terminate as fast as possible (another is front end caching so that they do not even get called).

For example, with 64 processes available, taking an average amount of time of 1 second to produce a response, you can deal with exactly 64 concurrent clients before hitting degradation (the 65th client will have to wait until one process frees and this queue time will be added to the demand time taken by the process then to build its response.)

If you sacrifice an immediate response, you can make these process terminate as fast as possible by transforming the interface in a asynchronous one. You go from

> POST /jobs HTTP/1.1
> param=value
< HTTP/1.1 200 OK

to

> POST /jobs HTTP/1.1
> param=value
< HTTP/1.1 202 Accepted

The process just puts the job in a queue, possibly performing some low-cost validation immediately. The client application can get a result by being called back on another URL after the job has been processed. Asynchronous calls like this one let you handle larger spikes in load that fill your queue even if it's not capable of guaranteeing that throughput (paying the price of a higher total time for the job to be completed).

Going asynchronous is also mandatory when you're calling external systems in the job execution. You don't want to depend on the availability and response times of other systems before returning a response to the user, even a partial one.

Calling back

The server side takes the initiative after completing a job and transforms itself in a client making an HTTP request to the original client (which acts now like a server, of course). The protocol has to be shared (such as PUT or POST requests with a certain format).

However, you don't need this callback URL to be fixed, as it can be passed through the original HTTP request:

> POST /jobs HTTP/1.1
> param=value&resource_url=https://www.onebip.com/api/billing/123
< 202 Accepted

After completing the job, the callback request will be:

PUT /api/billing/123
...some body...
Host: www.onebip.com

(HTTP methods are used for explicative purposes here, please do not judge their semantics.)

This is similar to what JavaScript and other continuation-passing style languages do. For example, jQuery performing Ajax requests:

success = function(response) { ... };
failure = function(response) { ... };
$.ajax(url, ..., success, failure);

Erlang processes instead communicate with unidirectional messages handled asynchronously. So to get a response, each message must include the sender in its content (in this case not an URL but a PID):

neighbor ! {self(), ...}.

This pattern can also be extended to communication between more than two processes, if the main process passes to neighbor someone else's PID instead of its own.

Conclusions

The dynamicity of not harcoding return routes for messages let us also play with the system for testing purposes. For example, if we are developing a system A that talks to another system B, it's easy to test A from a staging area against a production system B without touching A's production: just configure B urls and pass your own (publicly reachable) URLs.

It also becomes easy to support multiple production systems A1, A2, ... An: you basically transform a collaboration between A and B to a B-as-a-service situation where it's easy to drop in new A clients even when there is a return path from B to A.