Start reading The REST API Design Handbook on the free Kindle Reading App or on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.

Deliver to your Kindle or other device

Enter a promotion code
or gift card

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Sorry, this item is not available in
Image not available for
Image not available

The REST API Design Handbook [Kindle Edition]

George Reese , Christian Reilly
3.9 out of 5 stars  See all reviews (59 customer reviews)

Kindle Price: $4.99

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your email address or mobile phone number.

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Book Description

Designing and implementing web services APIs has become a common part of every software engineer's job. The RESTful approach to web services design is rapidly become the approach of choice. Unfortunately, too few people have truly solid REST API design skills, and discussions of REST can become bogged down in dry theory.

The REST API Design Handbook is a simple, practical guide to aid software engineers and software architects create lasting, scalable APIs based on REST architectural principles. The book provides a sound foundation in discussing the constraints that define a REST API. It quickly goes beyond that into the practical aspects of implementing such an API in the real world.

Written by cloud computing expert George Reese, The REST API Design Handbook reflects hands on work in consuming many different third party APIs as well the development of REST-based web services APIs. It addresses all of the debates the commonly arise while creating these APIs. Subjects covered include:

* REST architectural constraints
* Using HTTP methods and response codes in an API
* Authenticating RESTful API calls
* Versioning
* Asynchronous Operations
* Pagination and Streaming
* Polling and Push Notifications
* Rate Limiting

Editorial Reviews

From the Author

I work with web services of all stripes every day. My Dasein Cloud Java libraries talk to AWS, Rackspace, the HP Cloud, Terremark, Savvis, Joyent, Eucalyptus, CloudStack, OpenStack, vCloud, vSphere, Nimbula, EMC Atmos, Microsoft Azure, and even more. Some are SOAP-based, some are just random HTTP query-based, and some attempt to be RESTful. Few actually are useful, and all have their warts.

I spend a lot of time on Twitter complaining about the things I don't like. When I asked my followers what I should write my next book on, the answer was overwhelmingly that I should write one on REST APIs. This book brings Fielding's theories on REST architectures together with my practical experience in cloud API consumption and development. My hope is that it will help API developers everywhere build truly RESTful APIs and understanding why REST constraints are important in the real world.

About the Author

George Reese is the co-founder and CTO of enStratus Networks, provider of cloud infrastructure management software for enterprise security, governance, and automation. At enStratus, he works with SOAP, REST, and other kinds of web services APIs on a daily basis. He is also the primary author of the enStratus REST API for accessing resources across multiple heterogenous clouds.

George holds an MBA from the Kellogg School of Management at Northwestern University in Evanston Illinois and a BA in Philosophy from Bates College in Lewiston, ME. He lives in Minneapolis, MN with his wife Monique and his two daughters.

Product Details

  • File Size: 340 KB
  • Print Length: 90 pages
  • Simultaneous Device Usage: Unlimited
  • Sold by: Amazon Digital Services, Inc.
  • Language: English
  • ASIN: B00890OBFI
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Enabled
  • Amazon Best Sellers Rank: #73,792 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

Customer Reviews

Most Helpful Customer Reviews
42 of 45 people found the following review helpful
Format:Kindle Edition
The author has tried hard to make a useful reference on REST API design, and while certain parts of the book are acceptable, overall he has failed to provide a book that I would recommend to others as a guide. It is worth reading, but more as an opportunity for critique than as a source of gospel truth.

I'll start with the major issues and then proceed to smaller ones.

The author's coverage of security and how to use cryptographic primitives to handle request security is WRONG AND DANGEROUSLY INSECURE. Do not follow his advice on how to use SHA256 or anything else crypto-related; based on his suggestions he is not qualified to give advice on these topics. If you want to keep your API traffic secure, use TLS (properly configured -- see for deployment best practices and a handy validator). If you cannot use TLS for some extremely good reason, you need to read "Cryptography Engineering: Design Principles and Practical Applications" (Ferguson, Schneier, Kohno) as an introductory text on designing cryptographic protocols. If that book hasn't persuaded you to simply use TLS and benefit from the hard work of experienced cryptographers, then it will at least give you a reading list of further advanced texts to refer to when designing your own protocol (which almost certainly won't be as good as TLS 1.2).

His coverage of authentication is correct in that it suggests using a finite-lifespan token. However, the fact that it does not cover OAuth 1 or 2 is bizarre for a book published in mid-2012. This is a serious omission since OAuth 2 (or 1) is likely to be a good fit for many modern REST APIs.

His coverage of HTTP PUT is incorrect. Using PUT to update part of a resource is WRONG as per the spec. See RFC 2616 9.6 ([...
Read more ›
Was this review helpful to you?
23 of 25 people found the following review helpful
Format:Kindle Edition|Verified Purchase
This is a reasonable read for someone who doesn't know what REST is all about. Reese does a good job writing about the general nature of REST. Unfortunately there is some opinion mixed-in with fact, which makes it difficult for an inexperienced reader to tell fact from opinion.

The whole document has a somewhat informal tone; it reads like I'm listening to Reese talk to a friend. At times I find that makes for an easier read, and at times I find the lack of formality a little... grating.

Reese does not seem to like the idea of POST updating a resource, despite RFC 2616 reading "The actual function performed by the POST method is determined by the server and is usually dependent on the Request-URI." I don't honestly understand how Reese can argue for PUT updating a resource; RFC 2616 seems to me to imply that PUT will put a whole new version of an existing resource.

I wish Reese had spent a little more time talking about the effect of intermediate HTTP caches on API design; in particular POST and PUT invalidating intermediate caches for subsequent GETs is an important concept, as it forces the API designer to model consistent resources supported by separate verbs.
Was this review helpful to you?
7 of 7 people found the following review helpful
3.0 out of 5 stars Not Bad, Not Great April 22, 2013
Format:Kindle Edition|Verified Purchase
Although it's labeled a handbook, it comes off more as a set (a fairly nice set) of anecdotal experiences organized into a set of useful suggestions. The topic is definitely in need of addressing, and I do like books written by practitioners, as opposed to theorists. It's unfortunate that more professionals don't take the opportunity to put down their experiences in this fashion.

The style of the prose is very conversational, and feels like you're listening to a lecture as opposed to reading a handbook. However, I found the sentence structures sometimes awkward and difficult to follow unless you understand the context of the writers mind at any given moment. If you are prepared with enough prerequisite knowledge, you can glean a fair amount of wisdom from its pages.

The example API at the end was a bit disappointing. There really wasn't a lot of meat there in terms of sample requests and responses. Overall, I'd appreciate more solid examples.

Still, for the price, I did find the clearly hard fought, front line knowledge valuable. Because it isn't an arduous slog of a read, you can get the benefit out of it in a single afternoon. Some of it applies not only to REST APIs, but any API. Though I probably will refer back to it in the future if the need arises, I will also be on the hunt for a more definitive guide to REST practices.
Comment | 
Was this review helpful to you?
13 of 15 people found the following review helpful
2.0 out of 5 stars Unfulfilling April 25, 2013
Format:Kindle Edition|Verified Purchase
I'm an experienced programmer, but not with REST APIs. I was looking for a meaningful introduction, which would allow me to start designing APIs in a RESTful way. I'm still looking.

The book has very few examples, and they are so simple, that they don't give any insight of how to solve real problems. I wouldn't know that in a REST API it's expected to create or modify object by PUTing or POSTing their representation as obtained with GET. Because all the examples demonstrate only GET. All 3 of them!

The author states the difference between SOAP and REST, but doesn't provide any help on should you use REST and how to implement an inherently transactional API.

It's full of "DONT'S", but doesn't provide you with alternatives. For example, it says something like "don't introduce non-standard HTTP response codes". Fine. Now, how do I specify, that something isn't working properly, if none of the HTTP status codes seems to match? The book doesn't say.

In short, this book is "Mostly pointless".
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
4.0 out of 5 stars Four Stars
Good introduction into RESTful APIs. Its short and well written, so its easy to read.
Published 9 days ago by Dave C
5.0 out of 5 stars Awesome read. Perfectly educational, terse, illustrative and...
Read this on a flight back to New Mexico from New York. I went from dangerous user of RESTful APIs to learned user. Read more
Published 2 months ago by David
1.0 out of 5 stars You wont get any useful information. This book is overprice
You wont get any useful information. This book is overprice. It should be sold at $0.25. This book doesn't give more info than what you can get in the blogs.
Published 4 months ago by tech deal finder
4.0 out of 5 stars Good Primer.
Good REST API primer and quick read to either bush up on standard principles or set your foundation.
Published 4 months ago by Armando Padilla
4.0 out of 5 stars recommended book
Very concise and informative. I recommend it to anyone who would like a quick overview of how to properly write REST APIs
Published 6 months ago by Amazon Customer
5.0 out of 5 stars Mr. Reese--congratulations on making RESTful APIs understandable....
Mr. Reese--congratulations on making RESTful APIs understandable. Short and to the point. You should write more books. I will buy.
Published 7 months ago by mr z
5.0 out of 5 stars Five Stars
Very good book. Don't miss the appendix.
Published 7 months ago by Amazon Customer
1.0 out of 5 stars Not good at all
Feels very rushed and lacks real substance. Book comes to a really abrupt end (I was like "that is it? Read more
Published 7 months ago by Mark C Nalepka
4.0 out of 5 stars Four Stars
The book conveys the core idea of REST services well. But the security part is somewhat shallow.
Published 7 months ago by Stepan Mitkin
3.0 out of 5 stars It's OK, Some interesting thoughts
It is a quick read, so I probably should not have expected more. I did learn some things, and unlike another reviewer, I actually LIKED the authors opinions. Read more
Published 7 months ago by James Ross
Search Customer Reviews
Search these reviews only

More About the Author

I am the CTO of enStratus Networks (, the leading cloud infrastructure management vendor for enterprise clouds. Based in Minneapolis, MN, I co-founded enStratus as a spin-off from a company in the middle of moving into the cloud, Valtira. I was the primary architect of the enStratus software as well as the Open Source cloud abstraction API for Java, Dasein Cloud (

My professional career began in Hollywood working on TV shows like the People's Court and ESPN Up Close, but my "Internet Career" started in 1991 developing Open Source online gaming software, specifically the Nightmare and Dead Souls mud libraries. I got involved with Java in 1995 and wrote my first book, Database Programming with JDBC and Java in 1996.

What Other Items Do Customers Buy After Viewing This Item?


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category