Friday, March 11, 2011

XML Schema in REST Webservices

Regarding the Usage of XML Schema for REST webservices to create an Open API does not seem to have common practice.

for eg
Amazon,Ebay,Yahoo exposes a xsd for their services.
netflix,best buy does not have a xml schema exposed.

The only reason which i could think about the above API's are netflix,best buy API have very less input parameters,and most of them are GET requests. But Ebay/Amazon requests have many input Parameters and POST methods are used in Many services.

As we all know most of the enterprises are tying to adopt/already adopted the REST architecture and expose atleast a minimum business function as an Open API.Request/Response complexity depends upon the nature of service exposed by the enterprise.

when to use XML Schema in REST?

If your service has more input parameters.
if you expect a many versions of your service in future,backaward compatability for the services exposed.
To Avoid malformed XML inputs.
To Detect the XML Errors Early and return Error Response

why to use XML Schema in REST?

The common reason is to validate our XML input Structures.
Most of the Java based REST webservices Frameworks uses JAXB to bind the Data to Objects.it would be better when you detect errors before allowing the xml input to bind java objects.

Apart from these reasons the level of validation done on the XML input is purely based on the design and requirement of your Service.

I prefer the below method.

Have a Filter/Interceptor class ,Register an error handler to it, and validate for error,fatal error messages and return an user friendly error message.

Do not have heavy patterns on your XML Schema, validate the XML Request structure with the Schema and user java regular expressions to validate the actual data.

This way we can stop the malformed xml inputs in the interceptor rather than allowing them to reach the resource for validations.

Overall it should not be a very strict XML Validation but we should make sure our system accepts only a valid input. When it comes to performance Vs security , it is worth to consider Security.

Thanks
Prem.
Posted by at

1 comment:

utkarsh said...

How does how REST web services Framework binds the input xml to a JAXB element. can you explain the process a little bit... Thanks.

July 4, 2011 at 12:37 AM

Post a Comment

Subscribe to: Post Comments (Atom)