feat (AIP-136) Update guidance of billable stateless methods #1124
Conversation
Proposes changes for AIP-136 regarding the use of GET and POST for stateless methods.
aip/general/0136.md
Outdated
| ### Choice of HTTP methods for stateless methods | ||
|
|
||
| Stateless method **should** use `GET` HTTP method for retrieval use cases due to | ||
| its cache-friendly nature. This can reduce the costs for both the server and the |
There was a problem hiding this comment.
it might be worth elaborating: e.g. it's common for web browsers to cache GET requests, and it's understood by clients to be a cacheable response.
There was a problem hiding this comment.
Thanks for the review! Can you elaborate a bit more on "and it's understood by clients to be a cacheable response" part? What does this mean? Specifically what is "it" referring to? Thanks!
There was a problem hiding this comment.
Sorry, by "it" I was referring to the fact that GET methods are cacheable.
and it's understood by clients to be a cacheable response
What I mean is HTTP clients often cache GET responses as GET implies that it's doing data retrieval: https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.1. Specficially:
The response to a GET request is cacheable; a cache MAY use it to
satisfy subsequent GET and HEAD requests unless otherwise indicated
by the Cache-Control header field (Section 5.2 of [RFC7234]).
So custom methods which are cacheable and send no payload should use GET.
There was a problem hiding this comment.
Thanks, I edited it again with a new commit. PTAL!
|
@alin04 could you take a look? |
|
@xdtdaniel make sure to re-request review once changes are addresses so it'll notify the reviewer. @alin04 I think a new PR is up for your review. |
|
Thanks! Sorry wasn't very familiar with this. Thanks for the notice!
Yusuke Tsutsumi ***@***.***> 于 2023年6月9日周五 09:09写道:
… @xdtdaniel <https://github.com/xdtdaniel> make sure to re-request review
once changes are addresses so it'll notify the reviewer.
@alin04 <https://github.com/alin04> I think a new PR is up for your
review.
—
Reply to this email directly, view it on GitHub
<#1124 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI7GLMXZXHXKGY4WEO3AS73XKNDDRANCNFSM6AAAAAAYV5KURE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Sorry to nit pick when I wasn't asked for a review, but @toumorokoshi should we try to separate the guidance and the Rationale from each other? There is a lot of reasoning in the guidance, which distracts from the piece of guidance itself. Add me as a reviewer if you want this specific feedback. |
| HTTP clients such as browsers often cache `GET` responses as `GET` implies that | ||
| it is doing data retrieval. Stateless methods that are cacheable and send no | ||
| payload **should** use `GET` HTTP method due to its cache-friendly nature. | ||
| This can reduce the costs for both the server and the client. |
There was a problem hiding this comment.
Unfortunately, I don't believe cacheability to informs the choice of method for rest api.
On one hand, per RFC the response returned by non-GET operations may carry an entity that has cacheable implications.
https://datatracker.ietf.org/doc/html/rfc7231#section-7.2
In a successful response to a state-changing request, validator
fields describe the new representation that has replaced the prior
selected representation as a result of processing the request.
For example, an ETag header field in a 201 (Created) response
communicates the entity-tag of the newly created resource's
representation, so that it can be used in later conditional requests
to prevent the "lost update" problem [[RFC7232](https://datatracker.ietf.org/doc/html/rfc7232)].
So the litmus test is less like "is your response cacheable?" and more like "is the URI (path+query) the address of a data or of a function?" --- and if the URI is the address of data --- do all of the idempotent and non-idempotent methods acting on that URI comply with the RFC necessary to be cacheable?
And that's the other hand, our API are actually miles away from cacheable and would take effort to change that... Like:
- return an etag json field has no semantic meaning - the response would need to contain an ETag response header instead
- the format of our ETag isn't right. it doesn't matter if it's a guid or not - but the string value must contain starting and ending with double-quote characters
- both the mutating and non-mutating URI would need to have the same path+query for cache hits, cache invalidation, and optimistic concurrency. the way we have processing-instruction parameters appear as query arguments (like update_mask=xxx and etag=yyy) means that PATCH and DELETE operations are correlated to different cache entries than the GET's response represents
- and speaking of ?etag=yyy precondition field --- for browser and httpclient cacheability what we'd need to accept are the If-Match yyy and If-None-Match: yyy request header parameters.
(I think those would be great to do --- but without that using a cache-enabled api httpclient does more harm than good. w/out etag and 304 response code it can actively prevent you from reaching past stale data --- especially if PUT/PATCH/DELETE aren't invalidating cache entries by URI properly)
(Also worth noting this isn't unusual --- many (most?) (almost all??) systems with REST API interfaces don't go down the road of http-defined cachability. I suppose that's because (unlike a 70k js or png file) by the time you've paid for the round-trip, done the mandatory authn/authz for the operation, and drawn sufficient info from the DB to known that the etag verifier is up-to-date ---- returning 304 and saving the typically smaller response of an average API doesn't have much ROI left)
There was a problem hiding this comment.
Thanks Louis for the comment. I think it makes sense to emphasize the part of how uri informs the operation - is it more of a data retrieval or something more complicated than that. Let me rephrase this part. I will wait for Noah's comment as well to make the change together. Thanks!
Hi @noahdietz can you help adding yourself as a reviewer? I am not sure if I can add you as a reviewer. Thanks! |
| HTTP clients such as browsers often cache `GET` responses as `GET` implies that | ||
| it is doing data retrieval. Stateless methods that are cacheable and send no |
There was a problem hiding this comment.
HTTP clients such as browsers often cache `GET` responses as `GET` implies that
it is doing data retrieval.
This is rationale, not guidance
|
|
||
| HTTP clients such as browsers often cache `GET` responses as `GET` implies that | ||
| it is doing data retrieval. Stateless methods that are cacheable and send no | ||
| payload **should** use `GET` HTTP method due to its cache-friendly nature. |
There was a problem hiding this comment.
due to its cache-friendly nature.
This is rationale, not guidance.
| HTTP clients such as browsers often cache `GET` responses as `GET` implies that | ||
| it is doing data retrieval. Stateless methods that are cacheable and send no | ||
| payload **should** use `GET` HTTP method due to its cache-friendly nature. | ||
| This can reduce the costs for both the server and the client. |
There was a problem hiding this comment.
This can reduce the costs for both the server and the client.
This is rationale, not guidance.
Proposes changes for AIP-136 regarding the use of GET and POST for stateless methods.