how should Hateoas be handled from frontend?

Asked 7/10, 2015 at 1:51 Answered 16/10, 2015 at 21:58

I have this question that has been going around through my head for a while. Lets suppose we have structured our project with backend and frontend on separate layers. So, from the frontend, we want to get a costumer, which comes on hal+json format:

GET /customers/1 HTTP/1.1
Accept: application/hal+json
{
    "name": "Alice",
    "links": [ {
        "rel": "self",
        "href": "http://localhost:8080/customer/1"
    } {
        "rel": "transactions",
        "href": "http://localhost:8080/customer/1/transactions"
    }]
}

Then, from the frontend i want to get all customer transactions. My question is: how should i get the url? should it be from the response? or should i build it internally?

if we go with first option, i think that maybe that wouldn't be elegant to iterate all links until we get that one we want. Also, there could happen the situation where we don't have the link of the request we want to do.

if we go with second option, i don't understand how to build that url if we don't actually have the ids. How could i create new customer transactions if hateoas replaces ids with links and i haven't got the object reference in the body anymore?

I thought that maybe service should support both application/hal+json(oriented to users) and application/json(oriented to clients) but i don't see that this is how is making it done generally.

What do you think?

Hildagarde answered 7/10, 2015 at 1:51 Comment(0)

Definitely the first option. Namely, since HATEOAS is a final stage of Richardson Maturity Model, clients are expected to follow the provided links, not to build the URLs by themselves:

The point of hypermedia controls is that they tell us what we can do next, and the URI of the resource we need to manipulate to do it. Rather than us having to know where to post our appointment request, the hypermedia controls in the response tell us how to do it.

What benefits does this bring? I can think of at least two:

Simple upgrade of the REST API - server-side developers can change the URIs of the resources, without breaking the client-side code because clients just follow the provided links; additionally, server-side developers can easily add new links
Robustness - by following the links, client-side code would never try to access the broken links, misspelled links etc.

Q: Also, there could happen the situation where we don't have the link of the request we want to do?

It is up to API designer to ensure that all required links are provided. Front-end developer shouldn't worry about that.

See also:

Rest lesson learned - avoid hackable URLs

Leverett answered 16/10, 2015 at 21:58 Comment(4)

What in case i have the user id which i want to add an authority? Then i should have to make a GET request to /users to get the link of the specified user's authorities. That would be ok? i am doing 2 requests instead of one. Thanks for your response! – Hildagarde 17/10, 2015 at 0:1

you shouldn't have an id from an external system. you should have a URL. And yeah, it's 2 requests...unless the server is smart enough to know your intent. then for example it could embed the transaction relationship for you. One way you could give it that intent is by identifying the consuming client with a header. But don't fret too much about the 2 requests, it's a very small price to pay. NOW if you are internal...why are you using an HTTP api anyways? just go to the DB/system or record and get the data you need. – Beriosova 17/10, 2015 at 4:13

@ChrisDaMour Thanks for jumping in with a nice explanation. – Leverett 17/10, 2015 at 10:26

@ChrisDaMour sorry for the respawn but you mentioned "identifying the consuming client with a header", could you give me some more information about this ? any conventions to identify the client? any references about this in particullar? thanks – Hildagarde 22/10, 2015 at 18:51

HATEOAS (Hypermedia as the Engine of Application State) is a constraint of the REST application architecture. You can have a look on Spring HATEOAS documentation for instance :

https://spring.io/understanding/HATEOAS

Another link about it using Spring and AngularJS is available here:

AngularJS and Spring HATEOAS tutorial

This one seems to be good enough and handles your use case.

Regards, André

Filter answered 14/10, 2015 at 20:45 Comment(2)

HATEOS link does not work anymore, please repair. – Overcheck 9/11, 2021 at 8:16

this is the new docs for spring HATEOAS – Godred 10/4 at 14:22

Recommended topics

Hot tags