INITIALIZATION Knowledgebase: ki-dev-large Base Query: what is an overview for best practices in web api design?> Model: gemini-1.5-pro-preview-0409 Use Curl?: None ================================================== **Elapsed Time: 0.00 seconds** ================================================== ROUTING Query type: summary ================================================== **Elapsed Time: 1.76 seconds** ================================================== RAG PARAMETERS Max Context To Include: 100 Lowest Score to Consider: 0.1 ================================================== **Elapsed Time: 0.14 seconds** ================================================== VECTOR SEARCH ALGORITHM TO USE Use MMR search?: True Use Similarity search?: False ================================================== **Elapsed Time: 0.10 seconds** ================================================== VECTOR SEARCH DONE ================================================== **Elapsed Time: 6.64 seconds** ================================================== FILENAMES AND KEYWORDS Keywords Found: ['practices', 'web'] All file names: ['Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'arsnouveau-wiki-44789.txt', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Introduction%20to%20Quantum%20Information%20-%20Stephen%20M.%20Barnett%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'Project%20Oberon%20The%20Design%20of%20an%20Operating%20System%2C%20a%20Compiler%2C%20and%20a%20Computer%20-%20Niklaus%20Wirth%2C%20J%C3%BCrg%20Gutknecht%20%28PDF%29%20PO.Applications.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf'] File names to FILTER: ['Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf', 'The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf'] ================================================== **Elapsed Time: 1.03 seconds** ================================================== PRIMER Primer: You are Simon, a highly intelligent personal assistant in a system called KIOS. You are a chatbot that can read knowledgebases through the "CONTEXT" that is included in the user's chat message. Your role is to act as an expert at summarization and analysis. In your responses to enterprise users, prioritize clarity, trustworthiness, and appropriate formality. Be honest by admitting when a topic falls outside your scope of knowledge, and suggest alternative avenues for obtaining information when necessary. Make effective use of chat history to avoid redundancy and enhance response relevance, continuously adapting to integrate all necessary details in your interactions. Use as much tokens as possible to provide a detailed response. ================================================== **Elapsed Time: 0.00 seconds** ================================================== FINAL QUERY Final Query: CONTEXT: ########## File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 1 Context: ```markdown # Web API Design ## Crafting Interfaces that Developers Love ### Author: Brian Mulloy --- ### Table of Contents 1. **Introduction** - Overview of Web APIs - Importance of Good Design 2. **Design Principles** - Consistency - Simplicity - Flexibility 3. **Best Practices** - Documentation - Versioning - Error Handling 4. **Tools and Frameworks** - Postman - Swagger - RAML 5. **Conclusion** - Summary of Key Points --- ### Links - [Postman](https://www.postman.com) - [Swagger](https://swagger.io) - [RAML](https://raml.org) --- ### Notes - Always aim for clarity and conciseness when designing APIs. - Engage with developers to understand their needs and challenges. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 2 Context: ```markdown # Table of Contents ## Web API Design - Crafting Interfaces that Developers Love 1. [Introduction](#introduction) ....................................................................... 3 2. [Nouns are good; verbs are bad](#nouns-are-good-verbs-are-bad) .......... 4 3. [Plural nouns and concrete names](#plural-nouns-and-concrete-names) ... 8 4. [Simplify associations - sweep complexity under the ‘?’](#simplify-associations) ........................... 9 5. [Handling errors](#handling-errors) ................................................................. 10 6. [Tips for versioning](#tips-for-versioning) ................................................... 13 7. [Pagination and partial response](#pagination-and-partial-response) .......... 16 8. [What about responses that don’t involve resources?](#what-about-responses) .......................... 19 9. [Supporting multiple formats](#supporting-multiple-formats) ........................ 20 10. [What about attribute names?](#what-about-attribute-names) ...................... 21 11. [Tips for search](#tips-for-search) ............................................................... 22 12. [Consolidate API requests in one subdomain](#consolidate-api-requests) ... 23 13. [Tips for handling exceptional behavior](#tips-for-handling-exceptional-behavior) .... 25 14. [Authentication](#authentication) ............................................................ 27 15. [Making requests on your API](#making-requests-on-your-api) .................. 28 16. [Chatty APIs](#chatty-apis) ............................................................. 30 17. [Complement with an SDK](#complement-with-an-sdk) ............................. 31 18. [The API Façade Pattern](#the-api-facade-pattern) .................................... 32 ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 3 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Introduction If you're reading this, chances are that you care about designing Web APIs that developers will love and that you're interested in applying proven design principles and best practices to your Web API. One of the sources for our design thinking is REST. Because REST is an architectural style and not a strict standard, it allows for a lot of flexibility. Because of that flexibility and freedom of structure, there is also a big appetite for design best practices. This e-book is a collection of design practices that we have developed in collaboration with some of the leading API teams around the world as they craft their API strategy through a design workshop that we provide at Apigee. We call our point of view in API design "pragmatic REST," because it places the success of the developer over and above any other design principle. The developer is the customer for the Web API. The success of an API design is measured by how quickly developers can get up to speed and start enjoying success using your API. We’d love your feedback—whether you agree, disagree, or have some additional practices and tips to add. The [API Craft Google Group](https://groups.google.com/g/api-craft) is a place where Web API design enthusiasts come together to share and debate design practices—we’d love to see you there. ## Are you a Pragmatist or a RESTafarian? Let’s start with our overall point of view on API design. We advocate pragmatic, not dogmatic REST. What do we mean by dogmatic? You might have seen discussion threads on true REST - some of them can get pretty strict and wonky. Mike Schinkel sums it up well - defining a RESTafarian as follows: > “A RESTafarian is a zealous proponent of the REST [software architectural style](https://en.wikipedia.org/wiki/Representational_state_transfer) as defined by Roy T. Fielding in Chapter 5 of his PhD dissertation at UC Irvine. You can find RESTafarians in the wild on the [REST-discuss mailing list](https://groups.google.com/g/rest-discuss). But be careful, RESTafarians can be extremely meticulous when discussing the finer points of REST ...” Our view: approach API design from the ‘outside-in’ perspective. This means we start by asking - what are we trying to achieve with an API? The API's job is to make the developer as successful as possible. The orientation for APIs is to think about design choices from the application developer's point of view. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 4 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love Why? Look at the value chain below – the application developer is the lynchpin of the entire API strategy. The primary design principle when crafting your API should be to maximize developer productivity and success. This is what we call pragmatic REST. ![Value Chain](url_to_value_chain_image) ## Pragmatic REST is a design problem You have to get the design right because design communicates how something will be used. The question becomes - what is the design with optimal benefit for the app developer? The developer point of view is the guiding principle for all the specific tips and best practices we’ve compiled. ## Nouns are good; verbs are bad The number one principle in pragmatic RESTful design is: keep simple things simple. ## Keep your base URL simple and intuitive The base URL is the most important design affordance of your API. A simple and intuitive base URL design makes using your API easy. Affordance is a design property that communicates how something should be used without requiring documentation. A door handle's design should communicate whether you pull or push. Here's an example of a conflict between design affordance and documentation - not an intuitive interface! ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 5 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ![Push doors](image_url) A key litmus test we use for Web API design is that there should be only **2 base URLs per resource**. Let's model an API around a simple object or resource, a dog, and create a Web API for it. The first URL is for a collection; the second is for a specific element in the collection: - `/dogs` - `/dogs/1234` Boiling it down to this level will also force the verbs out of your base URLs. ## Keep verbs out of your base URLs Many Web APIs start by using a method-driven approach to URL design. These method-based URLs sometimes contain verbs—sometimes at the beginning, sometimes at the end. For any resource that you model, like our dog, you can never consider one object in isolation. Rather, there are always related and interacting resources to account for—like owners, veterinarians, leashes, food, squirrels, and so on. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 6 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love Think about the method calls required to address all the objects in the dogs' world. The URLs for our resource might end up looking something like this: | URL | URL | |------------------------------------|------------------------------------| | `/getAllDogs` | `/getAllLeashedDogs` | | `/verifyLocation` | `/verifyVeterinarianLocation` | | `/feedNeeded` | `/feedNeededFood` | | `/createRecuringWakeUp` | `/createRecurringMedication` | | `/giveDirectOrder` | `/doClientOwnerDiscipline` | | `/checkHealth` | `/dobExpressCheckupWithVeterinarian` | | `/getRecuringWakeUpSchedule` | `/getRecuringFeedingSchedule` | | `/getLocation` | `/getHungerLevel` | | `/getDog` | `/getSquirrelsChasingPuppies` | | `/newDog` | `/newDogForOwner` | | `/getNewDogsSince` | `/getNewDogsAtKennelSince` | | `/getRedDogs` | `/getRedDogsWithoutSiblings` | | `/getSittingDogs` | `/getSittingDogsAtPark` | | `/setDogsStateTo` | `/setLeashedDogsStateTo` | | `/replaceSittingDogsWithRunningDogs` | `/replaceParkSittingDogsWithRunningDogs` | | `/saveDog` | `/saveMommaDogsPuppies` | It's a slippery slope - soon you have a long list of URLs and no consistent pattern making it difficult for developers to learn how to use your API. ## Use HTTP verbs to operate on the collections and elements. For our dog resources, we have two base URLs that use nouns as labels, and we can operate on them with HTTP verbs. Our HTTP verbs are `POST`, `GET`, `PUT`, and `DELETE`. (We think of them as mapping to the acronym, CRUD (Create-Read-Update-Delete).) With our two resources (`/dogs` and `/dogs/1234`) and the four HTTP verbs, we have a rich set of capability that’s intuitive to the developer. Here is a chart that shows what we mean for our dogs. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 7 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love | Resource | POST create | GET read | PUT update | DELETE delete | |-----------------|---------------------|----------------|-------------------------|-------------------| | /dogs | Create a new dog | List dogs | Bulk update dogs | Delete all dogs | | /dogs/1234 | Error | Show Bo | If exists update Bo | Delete Bo | | | | | If not error | | The point is that developers probably don't need the chart to understand how the API behaves. They can experiment with and learn the API without the documentation. In summary: - Use two base URLs per resource. - Keep verbs out of your base URLs. - Use HTTP verbs to operate on the collections and elements. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 8 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Plural nouns and concrete names Let’s explore how to pick the nouns for your URLs. Should you choose singular or plural nouns for your resource names? You’ll see popular APIs use both. Let’s look at a few examples: - **Foursquare:** `/checkins` - **GroupOn:** `/deals` - **Zappos:** `/Product` Given that the first thing most people probably do with a RESTful API is a GET, we think it reads more easily and is more intuitive to use plural nouns. But above all, avoid a mixed model in which you use singular for some resources, plural for others. Being consistent allows developers to predict and guess the method calls as they learn to work with your API. ## Concrete names are better than abstract Achieving pure abstraction is sometimes a goal of API architects. However, that abstraction is not always meaningful for developers. Take for example an API that accesses content in various forms - blogs, videos, news articles, and so on. An API that models everything at the highest level of abstraction - as `/items` or `/assets` in our example - loses the opportunity to paint a tangible picture for developers to know what they can do with this API. It is more compelling and useful to see the resources listed as blogs, videos, and news articles. The level of abstraction depends on your scenario. You also want to expose a manageable number of resources. Aim for concrete naming and to keep the number of resources between 12 and 24. In summary, an intuitive API uses plural rather than singular nouns, and concrete rather than abstract names. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 9 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Simplify associations - sweep complexity under the '?' In this section, we explore API design considerations when handling associations between resources and parameters like states and attributes. ### Associations Resources almost always have relationships to other resources. What's a simple way to express these relationships in a Web API? Let's look again at the API we modeled in nouns; nouns are good, verbs are bad - the API that interacts with our `dogs` resource. Remember, we had two base URLs: `/dogs` and `/dogs/1234`. We're using HTTP verbs to operate on the resources and collections. Our dogs belong to owners. To get all the dogs belonging to a specific owner, or to create a new dog for that owner, do a `GET` or a `POST`: ``` GET /owners/5678/dogs POST /owners/5678/dogs ``` Now, the relationships can be complex. Owners have relationships with veterinarians, who have relationships with dogs, who have relationships with food, and so on. It's not uncommon to see people string these together making a URL 5 or 6 levels deep. Remember that once you have the primary key for one level, you usually don't need to include the levels above because you've already got your specific object. In other words, you shouldn't need too many cases where a URL is deeper than what we have above: ``` /resource/identifier/resource ``` ### Sweep complexity behind the '?' Most APIs have intricacies beyond the base level of a resource. Complexities can include many states that can be updated, changed, queried, as well as the attributes associated with a resource. Make it simple for developers to use the base URL by putting optional states and attributes behind the HTTP question mark. To get all red dogs running in the park: ``` GET /dogs?color=red&state=running&location=park ``` In summary, keep your API intuitive by simplifying the associations between resources, and sweeping parameters and other complexities under the rug of the HTTP question mark. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 10 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Handling Errors Many software developers, including myself, don't always like to think about exceptions and error handling, but it is a very important piece of the puzzle for any software developer, and especially for API designers. ### Why is good error design especially important for API designers? From the perspective of the developer consuming your Web API, everything at the other side of that interface is a black box. Errors therefore become a key tool providing context and visibility into how to use an API. First, developers learn to write code through errors. The "test-first" concepts of the extreme programming model and the more recent "test-driven development" models represent a body of best practices that have evolved because this is such an important and natural way for developers to work. Secondly, in addition to when they're developing their applications, developers depend on well-designed errors at the critical times when they are troubleshooting and resolving issues after the applications they've built using your API are in the hands of their users. ### How to think about errors in a pragmatic way with REST? Let's take a look at how three top APIs approach it. #### Facebook **HTTP Status Code:** 200 ```json { "type": "OauthException", "message": "(#803) Some of the aliases you requested do not exist: foo.bar" } ``` #### Twilio **HTTP Status Code:** 401 ```json { "status": "401", "message": "Authenticate", "code": 20003, "more_info": "http://www.twilio.com/docs/errors/20003" } ``` #### SimpleGeo **HTTP Status Code:** 401 ```json { "code": 401, "message": "Authentication Required" } ``` ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 11 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Facebook No matter what happens on a Facebook request, you get back the 200-status code - everything is OK. Many error messages also push down into the HTTP response. Here they also throw an #803 error but with no information about what #803 is or how to react to it. ## Twilio Twilio does a great job aligning errors with HTTP status codes. Like Facebook, they provide a more granular error message but with a link that takes you to the documentation. Community commenting and discussion on the documentation helps to build a body of information and adds context for developers experiencing these errors. ## SimpleGeo SimpleGeo provides error codes but with no additional value in the payload. ## A couple of best practices ### Use HTTP status codes Use HTTP status codes and try to map them cleanly to relevant standard-based codes. There are over 70 HTTP status codes. However, most developers don't have all 70 memorized. So if you choose status codes that are not very common you will force application developers away from building their apps and over to Wikipedia to figure out what you're trying to tell them. Therefore, most API providers use a small subset. For example, the Google GData API uses only 10 status codes; Netflix uses 9, and Digg, only 8. ### Google GData ``` | Code | Explanation | |------|-------------| | 200 | OK | | 201 | Created | | 304 | Not Modified | | 400 | Bad Request | | 401 | Unauthorized| | 403 | Forbidden | | 404 | Not Found | | 409 | Conflict | | 410 | Gone | | 500 | Internal Server Error | ``` ### Netflix ``` | Code | Explanation | |------|-------------| | 200 | OK | | 201 | Created | | 304 | Not Modified | | 400 | Bad Request | | 401 | Unauthorized| | 403 | Forbidden | | 404 | Not Found | | 412 | Precondition Failed | | 500 | Internal Server Error | ``` ### Digg ``` | Code | Explanation | |------|-------------| | 200 | OK | | 400 | Bad Request | | 401 | Unauthorized| | 403 | Forbidden | | 404 | Not Found | | 410 | Gone | | 500 | Internal Server Error | | 503 | Service Unavailable | ``` ### How many status codes should you use for your API? When you boil it down, there are really only 3 outcomes in the interaction between an app and an API: - Everything worked - success - The application did something wrong - client error - The API did something wrong - server error ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 12 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love Start by using the following 3 codes. If you need more, add them. But you shouldn't need to go beyond 8. - **200** - OK - **400** - Bad Request - **500** - Internal Server Error If you're not comfortable reducing all your error conditions to these 3, try picking among these additional 5: - **201** - Created - **304** - Not Modified - **404** - Not Found - **401** - Unauthorized - **403** - Forbidden (Check out this good Wikipedia entry for all [HTTP Status codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes).) It is important that the code that is returned can be consumed and acted upon by the application's business logic - for example, in an if-then-else, or a case statement. ## Make messages returned in the payload as verbose as possible. ### Code for code - **200** - OK - **401** - Unauthorized ### Message for people ```json { "developerMessage": "Verbose, plain language description of the problem for the app developer with hints about how to fix it.", "userMessage": "Pass this message on to the app user if needed.", "errorCode": 12345, "more info": "http://dev.teachodgest.com/errors/12345" } ``` In summary, be verbose and use plain language descriptions. Add as many hints as your API team can think of about what's causing an error. We highly recommend you add a link in your description to more information, like Twilio does. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 13 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Tips for Versioning Versioning is one of the most important considerations when designing your Web API. ### Never release an API without a version and make the version mandatory. Let's see how three top API providers handle versioning. | Provider | Versioning Example | |------------------|--------------------------------------| | Twilio | `/2010-04-01/Accounts/` | | salesforce.com | `/services/data/v20.0/sobjects/Account` | | Facebook | `?v=1.0` | **Twilio uses a timestamp in the URL (note the European format).** At compilation time, the developer includes the timestamp of the application when the code was compiled. That timestamp goes in all the HTTP requests. When a request arrives, Twilio does a look-up. Based on the timestamp, they identify the API that was valid when this code was created and route accordingly. It's a very clever and interesting approach, although we think it is a bit complex. For example, it can be confusing to understand whether the timestamp is the compilation time or the timestamp when the API was released. **Salesforce.com uses v20.0, placed somewhere in the middle of the URL.** We like the use of the v. notation. However, we don't like using the .0 because it implies that the interface might be changing more frequently than it should. The logic behind an interface can change rapidly but the interface itself shouldn’t change frequently. **Facebook also uses the v. notation but makes the version an optional parameter.** This is problematic because as soon as Facebook forced the API up to the next version, all the apps that didn’t include the version number broke and had to be pulled back and version number added. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 14 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## How to think about version numbers in a pragmatic way with REST? - Never release an API without a version. Make the version mandatory. - Specify the version with a `v` prefix. Move it all the way to the left in the URL so that it has the highest scope (e.g. `/v1/dogs`). - Use a simple ordinal number. Don't use the dot notation like `v1.2` because it implies a granularity of versioning that doesn't work well with APIs—it's an interface not an implementation. Stick with `v1`, `v2`, and so on. ### How many versions should you maintain? Maintain at least one version back. ### For how long should you maintain a version? Give developers at least one cycle to react before obsoleting a version. Sometimes that's 6 months; sometimes it's 2 years. It depends on your developers' development platform, application type, and application users. For example, mobile apps take longer to rev than Web apps. ## Should version and format be in URLs or headers? There is a strong school of thought about putting format and version in the header. Sometimes people are forced to put the version in the header because they have multiple inter-dependent APIs. That is often a symptom of a bigger problem, namely, they are usually exposing their internal mess instead of creating one, usable API facade on top. That's not to say that putting the version in the header is a symptom of a problematic API design. It's not! In fact, using headers is more correct for many reasons: it leverages existing HTTP standards, it's intellectually consistent with Fielding's vision, it solves some hard real-world problems related to inter-dependent APIs, and more. However, we think the reason most of the popular APIs do not use it is because it's less fun to hack in a browser. ### Simple rules we follow: 1. If it changes the logic you write to handle the response, put it in the URL so you can see it easily. 2. If it doesn't change the logic for each response, like OAuth information, put it in the header. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 15 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love These, for example, all represent the same resource: ``` GET /dogs/1 Content-Type: application/json ``` ``` GET /dogs/1 Content-Type: application/xml ``` ``` GET /dogs/1 Content-Type: application/png ``` The code we would write to handle the responses would be very different. There’s no question the header is more correct, and it is still a very strong API design. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 16 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Pagination and Partial Response Partial response allows you to give developers just the information they need. Take for example a request for a tweet on the Twitter API. You’ll get much more than a typical Twitter app often needs— including the name of the person, the text of the tweet, a timestamp, how often the message was re-tweeted, and a lot of metadata. Let’s look at how several leading APIs handle giving developers just what they need in responses, including Google who pioneered the idea of **partial response**. ### LinkedIn ``` /people:(id,first-name,last-name,industry) ``` This request on a person returns the ID, first name, last name, and the industry. LinkedIn does partial selection using this terse `:(...)` syntax which isn’t self-evident. Plus, it’s difficult for a developer to reverse engineer the meaning using a search engine. ### Facebook ``` /joe.smith/friends?fields=id,name,picture ``` ### Google ``` ?fields=title,media:group(media:thumbnail) ``` Google and Facebook have a similar approach, which works well. They each have an optional parameter called `fields` after which you put the names of fields you want to be returned. As you see in this example, you can also put sub-objects in responses to pull in other information from additional resources. ## Add Optional Fields in a Comma-Delimited List The Google approach works extremely well. Here’s how to get just the information we need from our dogs API using this approach: ``` /dogs?fields=name,color,location ``` It’s simple to read; a developer can select just the information an app needs at a given time; it cuts down on bandwidth issues, which is important for mobile apps. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 17 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love The partial selection syntax can also be used to include associated resources, cutting down on the number of requests needed to get the required information. ## Make it easy for developers to paginate objects in a database It's almost always a bad idea to return every resource in a database. Let's look at how Facebook, Twitter, and LinkedIn handle pagination. Facebook uses `offset` and `limit`. Twitter uses `page` and `rpp` (records per page). LinkedIn uses `start` and `count`. Semantically, Facebook and LinkedIn do the same thing. That is, the LinkedIn `start` and `count` are used in the same way as the Facebook `offset` and `limit`. To get records 50 through 75 from each system, you would use: - **Facebook** - `offset 50` and `limit 25` - **Twitter** - `page 3` and `rpp 25` (records per page) - **LinkedIn** - `start 50` and `count 25` ## Use limit and offset We recommend `limit` and `offset`. It is more common, well understood in leading databases, and easy for developers. ``` /dogs?limit=25&offset=50 ``` ## Metadata We also suggest including metadata with each response that is paginated that indicates to the developer the total number of records available. ## What about defaults? My loose rule of thumb for default pagination is `limit=10` with `offset=0`. ``` (limit=10&offset=0) ``` The pagination defaults are, of course, dependent on your data size. If your resources are large, you probably want to limit it to fewer than 10; if resources are small, it can make sense to choose a larger limit. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 18 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## In summary: - Support **partial response** by adding optional fields in a comma delimited list. - Use **limit** and **offset** to make it easy for developers to paginate objects. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 19 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## What about responses that don’t involve resources? API calls that send a response that's not a resource *per se* are not uncommon depending on the domain. We’ve seen it in financial services, Telco, and the automotive domain to some extent. Actions like the following are your clue that you might not be dealing with a "resource" response. - Calculate - Translate - Convert For example, you want to make a simple algorithmic calculation like how much tax someone should pay, or do a natural language translation (one language in request; another in response), or convert one currency to another. None involve resources returned from a database. ### In these cases: #### Use verbs, not nouns For example, an API to convert 100 euros to Chinese Yen: ``` /convert?from=EUR&to=CNY&amount=100 ``` Make it clear in your API documentation that these “non-resource” scenarios are different. Simply separate out a section of documentation that makes it clear that you use verbs in cases like this – where some action is taken to generate or calculate the response, rather than returning a resource directly. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 20 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Supporting multiple formats We recommend that you support more than one format - that you push things out in one format and accept as many formats as necessary. You can usually automate the mapping from format to format. Here's what the syntax looks like for a few key APIs. ### Google Data ``` ?alt=json ``` ### Foursquare ``` /venue.json ``` ### Digg* ``` Accept: application/json ?type=json ``` *The type argument, if present, overrides the `Accept` header. Digg allows you to specify in two ways: in a pure RESTful way in the `Accept` header or in the type parameter in the URL. This can be confusing - at the very least you need to document what to do if there are conflicts. We recommend the Foursquare approach. To get the JSON format from a collection or specific element: ``` dogs.json /dogs/1234.json ``` Developers and even casual users of any file system are familiar to this dot notation. It also requires just one additional character (the period) to get the point across. ## What about default formats? In my opinion, JSON is winning out as the default format. JSON is the closest thing we have to universal language. Even if the back end is built in Ruby on Rails, PHP, Java, Python, etc., most projects probably touch JavaScript for the front-end. It also has the advantage of being terse - less verbose than XML. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 21 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## What about attribute names? In the previous section, we talked about formats - supporting multiple formats and working with JSON as the default. This time, let's talk about what happens when a response comes back. You have an object with data attributes on it. How should you name the attributes? Here are API responses from a few leading APIs: - **Twitter** ```json "created_at": "Thu Nov 03 05:19:38 +0000 2011" ``` - **Bing** ```json "DateTime": "2011-10-29T09:35:00Z" ``` - **Foursquare** ```json "createdAt": 1320296464 ``` They each use a different code convention. Although the Twitter approach is familiar to me as a Ruby on Rails developer, we think that Foursquare has the best approach. How does the API response get back in the code? You parse the response (JSON parser); what comes back populates the object. It looks like this: ```javascript var myObject = JSON.parse(response); ``` If you chose the Twitter or Bing approach, your code looks like this. It's not JavaScript convention and looks weird - it looks like the name of another object or class in the system, which is not correct. ```javascript timing = myObject.created_at; timing = myObject.DateTime; ``` ## Recommendations - Use JSON as default - Follow JavaScript conventions for naming attributes - Use medial capitalization (aka CamelCase) - Use uppercase or lowercase depending on the type of object ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 22 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love This results in code that looks like the following, allowing the JavaScript developer to write it in a way that makes sense for JavaScript. ```javascript "createdAt": 1320296464; timing = myObject.createdAt; ``` ## Tips for Search While a simple search could be modeled as a resourceful API (for example, `/dogs/?q=red`), a more complex search across multiple resources requires a different design. This will sound familiar if you've read the topic about using verbs not nouns when results don't return a resource from the database - rather the result is some action or calculation. If you want to do a global search across resources, we suggest you follow the Google model: ### Global Search `/search?q=fluffy+fur` Here, `search` is the verb; `q` represents the query. ### Scoped Search To add scope to your search, you can prepend with the scope of the search. For example, search in dogs owned by resource ID 5678: `/owners/5678/dogs?q=fluffy+fur` Notice that we've dropped the explicit search in the URL and rely on the parameter `q` to indicate the scoped query. (Big thanks to the contributors on the [API Craft](https://apicraft.com) Google group for helping refine this approach.) ### Formatted Results For search or for any of the action-oriented (non-resource) responses, you can prepend with the format as follows: `/search.xml?q=fluffy+fur` ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 23 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Consolidate API requests in one subdomain We’ve talked about things that come after the top-level domain. This time, let’s explore stuff on the other side of the URL. Here’s how Facebook, Foursquare, and Twitter handle this: Facebook provides two APIs. They started with `api.facebook.com`, then modified it to orient around the social graph `graph.facebook.com`. - `graph.facebook.com` - `api.facebook.com` Foursquare has one API. - `api.foursquare.com` Twitter has three APIs; two of them focused on search and streaming. - `stream.twitter.com` - `api.twitter.com` - `search.twitter.com` It’s easy to understand how Facebook and Twitter ended up with more than one API. It has a lot to do with timing and acquisition, and it’s easy to reconfigure a CNAME entry in your DNS to point requests to different clusters. But if we’re making design decisions about what’s in the best interest of the app developer, we recommend following Foursquare’s lead: ### Consolidate all API requests under one API subdomain. It’s cleaner, easier, and more intuitive for developers who want to build cool apps using your API. Facebook, Foursquare, and Twitter also all have dedicated developer portals. - `developers.facebook.com` - `developers.foursquare.com` - `dev.twitter.com` ## How to organize all of this? Your API gateway should be the top-level domain. For example, `api.teachdogrest.com`. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 24 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love In keeping with the spirit of REST, your developer portal should follow this pattern: `developers.yourtopleveldomain`. For example, `developers.teachdogrest.com` ## Do Web redirects Then optionally, if you can sense from requests coming in from the browser where the developer really needs to go, you can redirect. Say a developer types `api.teachdogrest.com` in the browser but there's no other information for the GET request, you can probably safely redirect to your developer portal and help get the developer where they really need to be. - `api` → developers (if from browser) - `dev` → developers - `developer` → developers ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 25 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Tips for handling exceptional behavior So far, we've dealt with baseline, standard behaviors. Here we'll explore some of the exceptions that can happen - when clients of Web APIs can't handle all the things we've discussed. For example, sometimes clients intercept HTTP error codes, or support limited HTTP methods. What are ways to handle these situations and work within the limitations of a specific client? ### When a client intercepts HTTP error codes One common thing in some versions of Adobe Flash - if you send an HTTP response that is anything other than HTTP 200 OK, the Flash container intercepts that response and puts the error code in front of the end user of the app. Therefore, the app developer doesn't have an opportunity to intercept the error code. App developers need the API to support this in some way. Twitter does an excellent job of handling this. They have an optional parameter `suppress_response_codes`. If `suppress_response_codes` is set to true, the HTTP response is always 200. ``` /public_timelines.json?suppress_response_codes=true HTTP status code: 200 {"error":"Could not authenticate you."} ``` Notice that this parameter is a big verbose response code. (They could have used something like `src`, but they opted to be verbose.) This is important because when you look at the URL, you need to see that the response codes are being suppressed as it has huge implications about how apps are going to respond to it. ### Overall recommendations: 1. Use `suppress_response_codes = true` 2. The HTTP code is no longer just for the code The rules from our previous Handling Errors section change. In this context, the HTTP code is no longer just for the code - the program - it's now to be ignored. Client apps are never going to be checking the HTTP status code, as it is always the same. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 26 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## 3 - Push any response code that we would have put in the HTTP response down into the response message In my example below, the response code is 401. You can see it in the response message. Also include additional error codes and verbose information in that message. ### Always return OK ```plaintext /dogs?suppress_response_codes=true ``` ### Code for ignoring ```plaintext 200 - OK ``` ### Message for people & code ```json { "response_code": 401, "message": "Verbose, plain language description of the problem with hints about how to fix it.", "more_info": "http://dev.teachdogrest.com/errors/12345", "code": 12345 } ``` ## When a client supports limited HTTP methods It is common to see support for GET and POST and not PUT and DELETE. To maintain the integrity of the four HTTP methods, we suggest you use the following methodology commonly used by Ruby on Rails developers: ### Make the method an optional parameter in the URL Then the HTTP verb is always a GET but the developer can express rich HTTP verbs and still maintain a RESTful clean API. #### Create ```plaintext /dogs?method=post ``` #### Read ```plaintext /dogs ``` #### Update ```plaintext /dogs/1234?method=put&location=park ``` #### Delete ```plaintext /dogs/1234?method=delete ``` > **WARNING:** It can be dangerous to provide post or delete capabilities using a GET method because if the URL is in a Web page then a Web crawler like the Googlebot can create or destroy lots of content inadvertently. Be sure you understand the implications of supporting this approach for your applications' context. 26 ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 27 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Authentication There are many schools of thought. My colleagues at Apigee and I don't always agree on how to handle authentication - but overall here's my take. Let's look at these three top services. See how each of these services handles things differently: ### PayPal - Permissions Service API ### Facebook - OAuth 2.0 ### Twitter - OAuth 1.0a Note that PayPal's proprietary three-legged permissions API was in place long before OAuth was conceived. ### What should you do? Use the latest and greatest OAuth - OAuth 2.0 (as of this writing). It means that Web or mobile apps that expose APIs don’t have to share passwords. It allows the API provider to revoke tokens for an individual user, for an entire app, without requiring the user to change their original password. This is critical if a mobile device is compromised or if a rogue app is discovered. Above all, OAuth 2.0 will mean improved security and better end-user and consumer experiences with Web and mobile apps. Don't do something *like* OAuth, but different. It will be frustrating for app developers if they can’t use an OAuth library in their language because of your variation. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 28 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Making requests on your API Let's take a look at what some API requests and responses look like for our dogs API. ### Create a brown dog named Al **POST** `/dogs` `name=Al&furColor=brown` **Response** ``` { "dog": { "id": "1234", "name": "Al", "furColor": "brown" } } ``` ### Rename Al to Rover - Update **PUT** `/dogs/1234` `name=Rover` **Response** ``` { "dog": { "id": "1234", "name": "Rover", "furColor": "brown" } } ``` ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 29 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Tell me about a particular dog **GET /dogs/1234** **Response** 200 OK ```json { "dog": { "id": "1234", "name": "Rover", "furColor": "brown" } } ``` ## Tell me about all the dogs **GET /dogs** **Response** 200 OK ```json { "dogs": [ { "dog": { "id": "1233", "name": "Fido", "furColor": "white" } }, { "dog": { "id": "1234", "name": "Rover", "furColor": "brown" } } ], "_metadata": [ { "totalCount": 327, "limit": 25, "offset": 100 } ] } ``` ## Delete Rover :( **DELETE /dogs/1234** **Response** 200 OK ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 30 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Chatty APIs Let’s think about how app developers use that API you’re designing and dealing with chatty APIs. ### Imagine how developers will use your API When designing your API and resources, try to imagine how developers will use it to say construct a user interface, an iPhone app, or many other apps. Some API designs become very chatty—meaning just to build a simple UI or app, you have dozens or hundreds of API calls back to the server. The API team can sometimes decide not to deal with creating a nice, resource-oriented RESTful API, and just fall back to a mode where they create the 3 or 4 Java-style getter and setter methods they know they need to power a particular user interface. We don’t recommend this. You can design a RESTful API and still mitigate the chattiness. ### Be complete and RESTful and provide shortcuts First design your API and its resources according to [pragmatic RESTful design principles](https://www.example.com) and then provide shortcuts. What kind of shortcut? Say you know that 80% of all your apps are going to need some sort of composite response, then build the kind of request that gives them what they need. Just don’t do the latter instead of the former. First design using good pragmatic RESTful principles! ### Take advantage of the partial response syntax The partial response syntax discussed in a previous section can help. To avoid creating one-off base URLs, you can use the partial response syntax to drill down to dependent and associated resources. In the case of our dogs API, the dogs have association with owners, who in turn have associations with veterinarians, and so on. Keep nesting the partial response syntax using dot notation to get back just the information you need. ``` /owners/5678?fields=name,dogs.name ``` ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 31 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Complement with an SDK It’s a common question for API providers - do you need to complement your API with code libraries and software development kits (SDKs)? If your API follows good design practices, is self-consistent, standards-based, and well documented, developers may be able to get rolling without a client SDK. Well-documented code samples are also a critical resource. On the other hand, what about the scenario in which building a UI requires a lot of domain knowledge? This can be a challenging problem for developers even when building UI and apps on top of APIs with pretty simple domains - think about the Twitter API with its primary object of 140 characters of text. You shouldn't change your API to try to overcome the domain knowledge hurdle. Instead, you can complement your API with code libraries and a software development kit (SDK). In this way, you don’t overburden your API design. Often, a lot of what’s needed is on the client side and you can push that burden to an SDK. The SDK can provide the platform-specific code, which developers use in their apps to invoke API operations - meaning you keep your API clean. Other reasons you might consider complementing your API with an SDK include: - **Speed adoption on a specific platform.** (For example, Objective C SDK for iPhone.) Many experienced developers are just starting off with Objective C so an SDK might be helpful. - **Simplify integration effort required to work with your API.** If key use cases are complex or need to be complemented by standard on-client processing. - **An SDK can help reduce bad or inefficient code** that might slow down service for everyone. As a developer resource - good SDKs are a forcing function to create good source code examples and documentation. Yahoo! and Paypal are good examples: - Yahoo! [http://developer.yahoo.com/social/sdk/](http://developer.yahoo.com/social/sdk/) - Paypal [https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/library_download_sdks](https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/library_download_sdks) To market your API to a specific community - you upload the SDK to a samples or plug-in page on a platform’s existing developer community. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 32 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## The API Façade Pattern At this point, you may be asking: **What should we be thinking from an architectural perspective?** **How do we follow all these best practice guidelines, expose my internal services and systems in a way that’s useful to app developers, and still iterate and maintain my API?** Back-end systems of record are often too complex to expose directly to application developers. They are stable (have been hardened over time) and dependable (they are running key aspects of your business), but they are often based on legacy technologies and not always easy to expose to Web standards like HTTP. These systems can also have complex interdependencies and they change slowly meaning that they can’t move as quickly as the needs of mobile app developers and keep up with changing formats. In fact, the problem is not creating an API for just one big system but creating an API for an array of complementary systems that all need to be used to make an API valuable to a developer. | Big System | DB | Content Mgmt | SOAP | JDBC | RSS | |------------|----------|---------------|------|------|------| | | | | | | | It’s useful to talk through a few anti-patterns that we’ve seen. Let’s look at why we believe they don’t work well. ## The Build Up Approach In the build-up approach, a developer exposes the core objects of a big system and puts an XML parsing layer on top. ``` XML Expose Objects ``` ``` Big System ``` ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 33 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love This approach has merit in that it can get you to market with version 1 quickly. Also, your API team members (your internal developers) already understand the details of the system. Unfortunately, those details of an internal system at the object level are fine-grained and can be confusing to external developers. You’re also exposing details of internal architecture, which is rarely a good idea. This approach can be inflexible because you have 1:1 mapping to how a system works and how it is exposed to the API. In short, building up from the systems of record to the API can be overly complicated. ## The Standards Committee Approach Often the internal systems are owned and managed by different people and departments with different views about how things should work. Designing an API by a standards committee often involves creating a standards document, which defines the schema and URLs and such. All the stakeholders build toward that common goal. ``` | Standards Doc | |-------------------| | **Expose** | **Expose** | **Expose RSS** | | `XML` | `XML` | `XML` | | | | | | **Big System** | **DB** | **Content Mgmt** | ``` The benefits of this approach include getting to version 1 quickly. You can also create a sense of unification across an organization and a comprehensive strategy, which can be significant accomplishments when you have a large organization with a number of stakeholders and contributors. A drawback of the standards committee pattern is that it can be slow. Even if you get the document created quickly, getting everybody to implement against it can be slow and can lack adherence. This approach can also lead to a mediocre design as a result of too many compromises. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 34 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## The Copy Cat Approach We sometimes see this pattern when an organization is late to market – for example, when their close competitor has already delivered a solution. Again, this approach can get you to version 1 quickly and you may have a built-in adoption curve if the app developers who will use your API are already familiar with your competitor's API. ![Competitor's API Doc](#) | Format | Service | System | |--------|----------------|------------| | XML | Expose | Big System | | XML | Expose | DB | | XML | Expose RSS | Content Mgmt| However, you can end up with an undifferentiated product that is considered an inferior offering in the market of APIs. You might have missed exposing your own key value and differentiation by just copying someone else's API design. ## Solution – The API façade pattern The best solution starts with thinking about the fundamentals of product management. Your product (your API) needs to be credible, relevant, and differentiated. Your product manager is a key member of your API team. Once your product manager has decided what the big picture is like, it’s up to the architects. We recommend you implement an **API façade pattern**. This pattern gives you a buffer or virtual layer between the interface on top and the API implementation on the bottom. You essentially create a façade – a comprehensive view of what the API should be and, importantly, from the perspective of the app developer and end user of the apps they create. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 35 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love The developer and the app that consume the API are on top. The API façade isolates the developer and the application and the API. Making a clean design in the façade allows you to decompose one really hard problem into a few simpler problems. > “Use the façade pattern when you want to provide a simple interface to a complex subsystem. Subsystems often get more complex as they evolve.” > — Design Patterns – Elements of Reusable Object-Oriented Software > (Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides) Implementing an API façade pattern involves three basic steps: 1. **Design the ideal API** – design the URLs, request parameters and responses, payloads, headers, query parameters, and so on. The API design should be self-consistent. 2. **Implement the design with data stubs**. This allows application developers to use your API and give you feedback even before your API is connected to internal systems. 3. **Mediate or integrate between the façade and the systems.** ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 36 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ![Web API Design Icon](link-to-icon) ## Ideal Design ![Ideal Design Diagram](link-to-ideal-design-diagram) ## API Facade ![API Facade Diagram](link-to-api-facade-diagram) ## Mediate | Big System | DB | Content Mgmt | SOAP | JDBC | RSS | |------------|----|---------------|------|------|-----| Using the three-step approach, you've decomposed one big problem into three smaller problems. If you try to solve the one big problem, you’ll be starting in code and trying to build up from your business logic (systems of record) to a clean API interface. You would be exposing objects or tables or RSS feeds from each silo, mapping each to XML in the right format before exposing to the app. It is a machine-to-machine orientation focused around an app and is difficult to get this right. Taking the façade pattern approach helps shift the thinking from a silo approach in a number of important ways. First, you can get buy-in around each of the three separate steps and have people more clearly understand how you’re taking a pragmatic approach to the design. Secondly, the orientation shifts from the app to the app developer. The goal becomes to ensure that the app developer can use your API because the design is self-consistent and intuitive. Because of where it is in the architecture, the façade becomes an interesting gateway. You can now have the façade implement the handling of common patterns (for pagination, queries, ordering, sorting, etc.), authentication, authorization, versioning, and so on, uniformly across the API. *(This is a big topic and a full discussion is beyond the scope of this article.)* Other benefits for the API team include being more easily able to adapt to different use cases regardless of whether they are internal developer, partner, or open scenarios. The API team will be able to keep pace with the changing needs of developers, including the ever-changing protocols and languages. It is also easier to extend an API by building out more capability from your enterprise or plugging in additional existing systems. ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 37 Context: ```markdown # Web API Design - Crafting Interfaces that Developers Love ## Resources - Representational State Transfer (REST), Roy Thomas Fielding, 2000 - [RESTful API Design Webinar](https://example.com), 2nd edition, Brian Mulloy, 2011 - [Apigee API Tech & Best Practices Blog](https://example.com) - [API Craft](https://example.com) Google Group ## About Brian Mulloy **Brian Mulloy, Apigee** Brian has 15 years of experience ranging from enterprise software to founding a Web startup. He co-founded and was CEO of Swivel, a website for social data analysis. He was President and General Manager of Grand Central, a cloud-based offering for application infrastructure (before we called it the cloud). He was also Director of Product Marketing at BEA Systems. Brian holds a degree in Physics from the University of Michigan. Brian is a frequent contributor on the [Apigee API Tech & Best Practices Blog](https://example.com), the [Apigee YouTube channel](https://example.com), the [API Craft](https://example.com) Google Group, and [Webinars](https://example.com). ``` #################### File: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf Page: 38 Context: ```markdown # Apigee Apigee is the leading provider of API products and technology for enterprises and developers. Hundreds of enterprises like Comcast, GameSpy, TransUnion Interactive, Guardian Life, and Constant Contact, as well as thousands of developers, use Apigee's technology. Enterprises use Apigee for visibility, control, and scale of their API strategies. Developers use Apigee to learn, explore, and develop API-based applications. Learn more at [apigee.com](http://apigee.com). ## Accelerate your API Strategy ## Scale Control and Secure your Enterprise ## Developers – Consoles for the APIs you ❤️ ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 1 Context: ```markdown # The little book about OS development **Authors:** Erik Helin, Adam Renberg **Date:** 2015-01-19 **Commit:** fe8e3e27dab3c399303354d2lea38f6d4ee2928212 ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 3 Context: ```markdown # Contents 1. [Introduction](#introduction) 7 - [About the Book](#about-the-book) 7 - [The Reader](#the-reader) 8 - [Credits, Thanks and Acknowledgements](#credits-thanks-and-acknowledgements) 8 - [Contributors](#contributors) 8 - [Changes and Corrections](#changes-and-corrections) 8 - [Issues and where to get help](#issues-and-where-to-get-help) 9 - [License](#license) 9 2. [First Steps](#first-steps) 11 - [Tools](#tools) 11 - [Quick Setup](#quick-setup) 11 - [Programming Languages](#programming-languages) 11 - [Host Operating System](#host-operating-system) 12 - [Build System](#build-system) 12 - [Virtual Machine](#virtual-machine) 12 - [Booting](#booting) 12 - [BIOS](#bios) 12 - [The Bootloader](#the-bootloader) 13 - [The Operating System](#the-operating-system) 13 - [Hello Cafebabe](#hello-cafebabe) 13 - [Compiling the Operating System](#compiling-the-operating-system) 13 - [Linking the Kernel](#linking-the-kernel) 14 - [Obtaining GRUB](#obtaining-grub) 15 - [Building an ISO Image](#building-an-iso-image) 15 - [Running Bochs](#running-bochs) 16 3. [Further Reading](#further-reading) 17 ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 4 Context: ```markdown # 3 Getting to C 19 - **Setting Up a Stack** .......................................... 19 - **Calling C Code From Assembly** .................................. 20 - Packing Structs ............................................... 20 - **Compiling C Code** ............................................... 21 - **Build Tools** ................................................... 21 - **Further Reading** ................................................ 22 # 4 Output 23 - **Interacting with the Hardware** .................................. 23 - **The Framebuffer** ................................................ 23 - Writing Text .................................................... 23 - Moving the Cursor ............................................... 25 - The Driver ..................................................... 26 - **The Serial Ports** ............................................... 26 - Configuring the Serial Port ..................................... 27 - Configuring the Line ............................................ 27 - Configuring the Buffers ......................................... 29 - Configuring the Modem .......................................... 29 - Writing Data to the Serial Port ................................ 30 - Configuring Bochs .............................................. 31 - The Driver ..................................................... 31 - **Further Reading** ............................................... 31 # 5 Segmentation 33 - **Accessing Memory** ............................................... 33 - **The Global Descriptor Table (GDT)** ................................ 35 - **Loading the GDT** ............................................... 36 - **Further Reading** ............................................... 37 # 6 Interrupts and Input 39 - **Interrupts Handlers** ............................................ 39 - **Creating an Entry in the IDT** .................................. 39 - **Handling an Interrupt** .......................................... 40 - **Creating a Generic Interrupt Handler** .......................... 41 - **Loading the IDT** ............................................... 43 ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 7 Context: ```markdown # Chapter 1 ## Introduction This text is a practical guide to writing your own x86 operating system. It is designed to give enough help with the technical details while at the same time not reveal too much with samples and code excerpts. We’ve tried to collect parts of the vast (and often excellent) expanse of material and tutorials available, on the web and otherwise, and add our own insights into the problems we encountered and struggled with. This book is not about the theory behind operating systems, or how any specific operating system (OS) works. For OS theory, we recommend the book *Modern Operating Systems* by Andrew Tanenbaum [1]. Lists and details on current operating systems are available on the Internet. The starting chapters are quite detailed and explicit, to quickly get you into coding. Later chapters give more of an outline of what is needed, as more and more of the implementation and design comes up to the reader, who should now be more familiar with the world of kernel development. At the end of some chapters there are links for further reading, which might be interesting and give a deeper understanding of the topics covered. In chapters 2 and 3 we set up our development environment and boot up our OS kernel in a virtual machine, eventually starting to write code in C. We continue in chapter 4 with writing to the screen and the serial port, and then we dive into segmentation in chapter 5 and interrupts and input in chapter 6. After this we have a quite functional but bare-bones OS kernel. In chapter 7 we start the road to user mode applications, with virtual memory through paging (chapters 8 and 9), memory allocation (chapter 10), and finally running a user application in chapter 11. In the last three chapters we discuss the more advanced topics of file systems (chapter 12), system calls (chapter 13), and multitasking (chapter 14). ## About the Book The OS kernel and this book were produced as part of an advanced individual course at the Royal Institute of Technology [2], Stockholm. The authors had previously taken courses in OS theory, but had only limited practical experience with OS kernel development. In order to get more insight and a deeper understanding of how the theory from the previous OS courses works in practice, the authors decided to create a new course, which focused on the development of a small OS. Another goal of the course was writing a thorough tutorial on how to develop a small OS basically from scratch, and this short book is the result. The x86 architecture is, and has been for a long time, one of the most common hardware architectures. It was not a difficult choice to use the x86 architecture as the target of the OS, with its large community, extensive ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 9 Context: ```markdown # Issues and where to get help If you run into problems while reading the book, please check the issues on GitHub for help: [GitHub Issues](https://github.com/littleosbook/littleosbook/issues). # License All content is under the Creative Commons Attribution Non Commercial Share Alike 3.0 license: [CC BY-NC-SA 3.0](http://creativecommons.org/licenses/by-nc-sa/3.0/). The code samples are in the public domain - use them however you want. References to this book are always received with warmth. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 13 Context: ```markdown # Bootloader The BIOS program will transfer control of the PC to a program called a **bootloader**. The bootloader's task is to transfer control to us, the operating system developers, and our code. However, due to some restrictions¹ of the hardware and because of backward compatibility, the bootloader is often split into two parts: the first part of the bootloader will transfer control to the second part, which finally gives control of the PC to the operating system. Writing a bootloader involves writing a lot of low-level code that interacts with the BIOS. Therefore, an existing bootloader will be used: the GNU GRand Unified Bootloader (GRUB)[17]. Using GRUB, the operating system can be built as an ordinary ELF[18] executable, which will be loaded by GRUB into the correct memory location. The compilation of the kernel requires that the code is laid out in memory in a specific way (how to compile the kernel will be discussed later in this chapter). ## The Operating System GRUB will transfer control to the operating system by jumping to a position in memory. Before the jump, GRUB will look for a magic number to ensure that it is actually jumping to an OS and not some random code. This magic number is part of the multiboot specification[19] that GRUB adheres to. Once GRUB has made the jump, the OS has full control of the computer. ## Hello Cafebabe This section will describe how to implement the smallest possible OS that can be used together with GRUB. The only thing the OS will do is write `0xCAFEBABE` to the exit register (most people would probably not even call this an OS). ## Compiling the Operating System This part of the OS has to be written in assembly code, since C requires a stack, which isn’t available (the chapter “Getting to C” describes how to set one up). Save the following code in a file called `loader.s`: ```assembly global loader ; the entry symbol for ELF MAGIC_NUMBER equ 0x1BADB002 ; define the magic number constant FLAGS equ 0x0 ; multiboot flags CHECKSUM equ -MAGIC_NUMBER ; calculate the checksum ; (magic number + checksum + flags should equal 0) section .text ; start of the text (code) section align 4 ; the code must be 4 byte aligned dd MAGIC_NUMBER ; write the magic number to the machine code dd FLAGS ; the flags; ``` > ¹ The bootloader must fit into the master boot record (MBR) boot sector of a hard drive, which is only 512 bytes large. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 17 Context: ```markdown # Further Reading - Gustavo Duarte has written an in-depth article about what actually happens when an x86 computer boots up: [How Computers Boot Up](http://duartes.org/gustavo/blog/post/how-computers-boot-up) - Gustavo continues to describe what the kernel does in the very early stages at: [Kernel Boot Process](http://duartes.org/gustavo/blog/post/kernel-boot-process) - The OSDev wiki also contains a nice article about booting an x86 computer: [Boot Sequence](http://wiki.osdev.org/Boot_Sequence) ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 21 Context: ```markdown unsigned short address; /* bit 8 - 23 */ unsigned char index; /* bit 24 - 31 */ } __attribute__((packed)); Note that `__attribute__((packed))` is not part of the C standard - it might not work with all C compilers. ## Compiling C Code When compiling the C code for the OS, a lot of flags to GCC need to be used. This is because the C code should not assume the presence of a standard library, since there is no standard library available for our OS. For more information about the flags, see the GCC manual. The flags used for compiling the C code are: ``` -m32 -nostdlib -nostartfiles -fno-builtin -fno-stack-protector -nostartfiles -nodefaultlibs ``` As always when writing C programs we recommend turning on all warnings and treating warnings as errors: ``` -Wall -Wextra -Werror ``` You can now create a function `kmain` in a file called `kmain.c` that you call from `loader.s`. At this point, `kmain` probably won't need any arguments (but in later chapters it will). ## Build Tools Now is also probably a good time to set up some build tools to make it easier to compile and test-run the OS. We recommend using `make`, but there are plenty of other build systems available. A simple Makefile for the OS could look like the following example: ```makefile OBJS = loader.o kmain.o CC = gcc CFLAGS = -m32 -nostdlib -nostartfiles -fno-builtin -fno-stack-protector \ -nostartfiles -nodefaultlibs LDFLAGS = -T link.ld -m elf_i386 AS = nasm ASFLAGS = -f elf all: kernel.elf kernel.elf: $(OBJS) ld $(LDFLAGS) $(OBJS) -o kernel.elf os.iso: kernel.elf cp kernel.elf iso/boot/kernel.elf \ && genisoimage -R \ -b boot/grub/stage2_eltorito \ --no-emul-boot \ os.iso ``` ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 23 Context: ```markdown # Chapter 4 ## Output This chapter will present how to display text on the console as well as writing data to the serial port. Furthermore, we will create our first driver, that is, code that acts as a layer between the kernel and the hardware, providing a higher abstraction than communicating directly with the hardware. The first part of this chapter is about creating a driver for the framebuffer [26] to be able to display text on the console. The second part shows how to create a driver for the serial port. Both can store output from the serial port in a file, effectively creating a logging mechanism for the operating system. ## Interacting with the Hardware There are usually two different ways to interact with the hardware: memory-mapped I/O and I/O ports. If the hardware uses memory-mapped I/O, then you can write to a specific memory address and the hardware will be updated with the new data. One example of this is the framebuffer, which will be discussed in more detail later. For example, if you write the value `0x14` to address `0x000B8000`, you will see the letter 'A' in white color on a black background (see the section on the framebuffer for more details). If the hardware uses I/O ports, then the assembly code instructions `out` and `in` must be used to communicate with the hardware. The instruction `out` takes two parameters: the address of the I/O port and the data to send. The instruction `in` takes a single parameter, the address of the I/O port, and returns data from the hardware. One can think of I/O ports as communicating with hardware the same way you communicate with a server using sockets. The cursor (the blinking rectangle) of the framebuffer is one example of hardware controlled via I/O ports on a PC. ## The Framebuffer The framebuffer is a hardware device that is capable of displaying a buffer of memory on the screen [26]. The framebuffer has 80 columns and 25 rows, and the row and column indices start at 0 (so rows are labelled 0-24). ## Writing Text Writing text to the console via the framebuffer is done with memory-mapped I/O. The starting address of the memory-mapped I/O for the framebuffer is `0x000B8000` [27]. The memory is divided into 16-bit cells, 23 ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 29 Context: ```markdown The article on OSDev [31] has a more in-depth explanation of the values. ## Configuring the Buffers When data is transmitted via the serial port it is placed in buffers, both when receiving and sending data. This way, if you send data to the serial port faster than it can send it over the wire, it will be buffered. However, if you send too much data too fast the buffer will be full and data will be lost. In other words, the buffers are FIFO queues. The FIFO queue configuration byte looks like the following figure: | Bit: | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |---------------|---|---|---|---|---|---|---|---| | Content: | 1 | l | v | l | 1 | b | s | r | dma | c | l | t | c | l | r | e | A description for each name can be found in the table below: | Name | Description | |-------|------------------------------------------------------| | lvl | How many bytes should be stored in the FIFO buffers | | bs | If the buffers should be 16 or 64 bytes large | | r | Reserved for future use | | dma | How the serial port data should be accessed | | clt | Clear the transmission FIFO buffer | | clr | Clear the receiver FIFO buffer | | e | If the FIFO buffer should be enabled or not | We use the value `0xC7 = 11000000` that: - Enables FIFO - Clears both receiver and transmission FIFO queues - Uses 14 bytes as size of queue The WikiBook on serial programming [32] explains the values in more depth. ## Configuring the Modem The modem control register is used for very simple hardware flow control via the Ready To Transmit (RTS) and Data Terminal Ready (DTR) pins. When configuring the serial port we want RTS and DTR to be 1, which means that we are ready to send data. The modem configuration byte is shown in the following figure: | Bit: | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |---------------|---|---|---|---|---|---|---|---| | Content: | 1 | r | 1 | a | 1 | b | a | c | 2 | a | 0 | 1 | r | t | s | d | t | A description for each name can be found in the table below: ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 35 Context: ```markdown func: mov eax, [esp+4] mov ebx, [ds:eax] add ebx, 8 mov [ds:eax], ebx ret You don't need to use for storing the stack segment selector, or as for the data segment selector. You could store the stack segment selector in ds and vice versa. However, in order to use the implicit style shown above, you must store the segment selectors in their indirect registers. Segment descriptors and their fields are described in Figure 3-8 in the Intel manual [33]. # The Global Descriptor Table (GDT) A GDT/LDT is an array of 8-byte segment descriptors. The first descriptor in the GDT is always a null descriptor and can never be used to access memory. At least two segment descriptors (plus the null descriptor) are needed for the GDT, because the descriptor contains more information than just the base and limit fields. The two most relevant fields for us are the Type field and the Descriptor Privilege Level (DPL) field. Table 3-1 in chapter 3 of the Intel manual [33] specifies the values for the Type field. The table shows that the Type field can't be both writable and executable at the same time. Therefore, two segments are needed: one segment for executing code to put in cs (Type = Execute-only or Execute-Read) and one segment for reading and writing data (Type = Read/Write) to put in the other segment registers. The DPL specifies the privilege levels required to use the segment. x86 allows for four privilege levels (PL), 0 to 3, where PL0 is the most privileged. In most operating systems (e.g., Linux and Windows), only PL0 and PL3 are used. However, some operating systems, such as MINIX, make use of all levels. The kernel should be able to do anything; therefore, it uses segments with DPL set to 0 (also called kernel mode). The current privilege level (CPL) is determined by the segment selector in cs. The segments needed are described in the table below. | Index | Offset | Name | Address range | Type | DPL | |-------|--------|----------------------------|--------------------------------|------|-----| | 0 | 0x00 | null descriptor | | | | | 1 | 0x08 | kernel code segment | 0x00000000 - 0xFFFFFFFF | RX | PL0 | | 2 | 0x10 | kernel data segment | 0x00000000 - 0xFFFFFFFF | RW | PL0 | Note that the segments overlap - they both encompass the entire linear address space. In our minimal setup we'll only use segmentation to get privilege levels. See the Intel manual [33], chapter 3, for details on the other descriptor fields. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 37 Context: ```markdown To load `cs` we have to do a “far jump”: ```assembly ; code here uses the previous cs jmp 0x0080:flush_cs ; specify cs when jumping to flush_cs flush_cs: ; now we've changed cs to 0x08 ``` A far jump is a jump where we explicitly specify the full 48-bit logical address: the segment selector to use and the absolute address to jump to. It will first set `cs` to `0x08` and then jump to `flush_cs` using its absolute address. ## Further Reading - Chapter 3 of the Intel manual [33] is filled with low-level and technical details about segmentation. - The OSDev wiki has a page about segmentation: [OSDev Segmentation](http://wiki.osdev.org/Segmentation) - The Wikipedia page on x86 segmentation might be worth looking into: [Wikipedia X86 Memory Segmentation](http://en.wikipedia.org/wiki/X86_memory_segmentation) ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 41 Context: ```markdown The reason for the question mark behind error code is that not all interrupts create an error code. The specific CPU interrupts that put an error code on the stack are 8, 10, 11, 12, 13, 14, and 17. The error code can be used by the interrupt handler to get more information on what has happened. Also, note that the interrupt number is not pushed onto the stack. We can only determine what interrupt has occurred by knowing what code is executing - if the handler registered for interrupt 17 is executing, then interrupt 17 has occurred. Once the interrupt handler is done, it uses the `iret` instruction to return. The instruction `iret` expects the stack to be the same as at the time of the interrupt (see the figure above). Therefore, any values pushed onto the stack by the interrupt handler must be popped. Before returning, `iret` restores `eflags` by popping the value from the stack and then finally jumps to `cs:eip` as specified by the values on the stack. The interrupt handler has to be written in assembly code, since all registers that the interrupt handlers use must be preserved by pushing them onto the stack. This is because the code that was interrupted doesn’t know about the interrupt and will therefore expect that its registers stay the same. Writing all the logic of the interrupt handler in assembly code will be tiresome. Creating a handler in assembly code that saves the registers, calls a C function, restores the registers and finally executes `iret` is a good idea! The C handler should get the state of the registers, the state of the stack and the number of the interrupt as arguments. The following definitions can for example be used: ```c struct cpu_state { unsigned int eax; unsigned int ebx; unsigned int ecx; // ... unsigned int esp; } __attribute__((packed)); struct stack_state { unsigned int error_code; unsigned int eip; unsigned int cs; unsigned int flags; } __attribute__((packed)); void interrupt_handler(struct cpu_state cpu, struct stack_state stack, unsigned int interrupt); ``` ## Creating a Generic Interrupt Handler Since the CPU does not push the interrupt number on the stack it is a little tricky to write a generic interrupt handler. This section will use macros to show how it can be done. Writing one version for each interrupt is tedious - it is better to use the macro functionality of NASM. And since not all interrupts produce an error code the value 0 will be added as the "error code" for interrupts without an error code. The following code shows an example of how this can be done: ```asm ;%macro no_error_code_interrupt_handler 1 global interrupt_handler_%1 interrupt_handler_%1: push dword 0 ; push 0 as error code ;%endmacro ``` ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 45 Context: ```markdown #include "io.h" #define KBD_DATA_PORT 0x60 /** read_scan_code: * Reads a scan code from the keyboard * @return The scan code (NOT an ASCII character!) */ unsigned char read_scan_code(void) { return inb(KBD_DATA_PORT); } The next step is to write a function that translates a scan code to the corresponding ASCII character. If you want to map the scan codes to ASCII characters as is done on an American keyboard, then Andries Brouwer has a great tutorial [36]. Remember, since the keyboard interrupt is raised by the PIC, you must call `pic_acknowledge` at the end of the keyboard interrupt handler. Also, the keyboard will not send you any more interrupts until you read the scan code from the keyboard. ## Further Reading - The OSDev wiki has a great page on interrupts: [OSDev Interrupts](http://wiki.osdev.org/Interrupts) - Chapter 6 of Intel Manual 3A [33] describes everything there is to know about interrupts. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 55 Context: ```markdown # Identity Paging The simplest kind of paging is when we map each virtual address onto the same physical address, called identity paging. This can be done at compile time by creating a page directory where each entry points to its corresponding 4 MB frame. In NASM, this can be done using macros and commands (`irep`, `times` and `dd`). It can of course also be done at run-time by using ordinary assembly code instructions. ## Enabling Paging Paging is enabled by first writing the address of a page directory to `cr3` and then setting bit 31 (the PG "paging-enable" bit) of `cr0` to 1. To use 4 MB pages, set the PSE bit (Page Size Extensions, bit 4) of `cr4`. The following assembly code shows an example: ```assembly ; eax has the address of the page directory mov cr3, eax mov ebx, cr4 ; read current cr4 or ebx, 0x00000001 ; set PSE mov cr4, ebx ; update cr4 mov ebx, cr0 ; read current cr0 or ebx, 0x80000000 ; set PG mov cr0, ebx ; update cr0 ; now paging is enabled ``` ## A Few Details It is important to note that all addresses within the page directory, page tables, and in `cr3` need to be physical addresses to the structures, never virtual. This will be more relevant in later sections where we dynamically update the paging structures (see the chapter "User Mode"). An instruction that is useful when updating a PDT or PT is `invLpg`. It invalidates the Translation Lookaside Buffer (TLB) entry for a virtual address. The TLB is a cache for translated addresses, mapping physical addresses corresponding to virtual addresses. This is only required when changing a PDE or PTE that was previously mapped to something else. If the PDE or PTE had previously been marked as not present (bit 0 was set to 0), executing `invLpg` is unnecessary. Changing the value of `cr3` will cause all entries in the TLB to be invalidated. An example of invalidating a TLB entry is shown below: ```assembly ; invalidate any TLB references to virtual address 0 invLpg [0] ``` ## Paging and the Kernel This section will describe how paging affects the OS kernel. We encourage you to run your OS using identity paging before trying to implement a more advanced paging setup, since it can be hard to debug a malfunctioning page table that is set up via assembly code. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 57 Context: ```markdown # Higher-half Linker Script We can modify the first linker script to implement this: ```ld ENTRY(loader) /* the name of the entry symbol */ . = 0xC0100000; /* the code should be relocated to 3GB + 1MB */ /* align at 4 KB and load at 1 MB */ .text ALIGN(0x1000) : AT(ADDR(.text) - 0xC0000000) { *(.text) /* all text sections from all files */ } /* align at 4 KB and load at 1 MB + */ .rodata ALIGN(0x1000) : AT(ADDR(.text) - 0xC0000000) { *(.rodata*) /* all read-only data sections from all files */ } /* align at 4 KB and load at 1 MB + */ .data ALIGN(0x1000) : AT(ADDR(.text) - 0xC0000000) { *(.data) /* all data sections from all files */ } /* align at 4 KB and load at 1 MB + */ .bss ALIGN(0x1000) : AT(ADDR(.text) - 0xC0000000) { *(.common) /* all COMMON sections from all files */ *(.bss) /* all bss sections from all files */ } ``` # Entering the Higher Half When GRUB jumps to the kernel code, there is no paging table. Therefore, all references to `0xC0100000 + X` won’t be mapped to the correct physical address, and will therefore cause a general protection exception (GPE) at the very best, otherwise (if the computer has more than 3 GB of memory) the computer will just crash. Therefore, assembly code that doesn’t use relative jumps or relative memory addressing must be used to do the following: - Set up a page table. - Add identity mapping for the first 1 MB of the virtual address space. - Add an entry for `0xC0100000` that maps to `0x00100000`. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 63 Context: ```markdown # Managing Available Memory How do we know which page frames are in use? The page frame allocator needs to keep track of which are free and which aren't. There are several ways to do this: bitmaps, linked lists, trees, the Buddy System (used by Linux) etc. For more information about the different algorithms see the article on OSDev [1]. Bitmaps are quite easy to implement. One bit is used for each page frame and one (or more) page frames are dedicated to store the bitmap. (Note that this is just one way to do it; other designs might be better and/or more fun to implement.) ## How Can We Access a Page Frame? The page frame allocator returns the physical start address of the page frame. This page frame is not mapped in - no page table points to this page frame. How can we read and write data to the frame? We need to map the page frame into virtual memory, by updating the PDT and/or PT used by the kernel. What if all available page tables are full? Then we can’t map the page frame into memory, because we need a new page table - which takes up an entire page frame - and to write to this page frame we’d need to map its page frame... Somehow this circular dependency must be broken. One solution is to reserve a part of the first page table used by the kernel (or some other higher-half page table) for temporarily mapping page frames to make them accessible. If the kernel is mapped at `0xC0000000` (page directory entry with index 768), and 4 KB page frames are used, then the kernel has at least one page table. If we assume - or limit us to - a kernel of size at most 4 MB minus 4 KB we can dedicate the last entry (entry 1023) of this page table for temporary mappings. The virtual address of pages mapped in using the last entry of the kernel's PT will be: ``` (768 << 22) | (1023 << 12) | 0x000 = 0xC03F0000 ``` After we’ve temporarily mapped the page frame we want to use as a page table, and set it up to map in our first page frame, we can add it to the page directory and remove the temporary mapping. ## A Kernel Heap So far we’ve only been able to work with fixed-size data, or directly with raw memory. Now that we have a page frame allocator we can implement `malloc` and `free` to use in the kernel. Kernighan and Ritchie [2] have an example implementation in their book [2] that we can draw inspiration from. The only modification we need to do is to replace calls to `sbrk/brk` with calls to the page frame allocator when more memory is needed. We must also make sure to map the page frames returned by the page frame allocator to virtual addresses. A correct implementation should also return page frames to the page frame allocator on call to `free`, whenever sufficiently large blocks of memory are freed. ## Further Reading - The OSDev wiki page on page frame allocation: [OSDev Page Frame Allocation](http://wiki.osdev.org/Page_Frame_Allocation) ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 70 Context: ```markdown # Inodes and Writable File Systems When the need for a writable file system arises, then it is a good idea to look into the concept of an **inode**. See the section “Further Reading” for recommended reading. ## A Virtual File System What abstraction should be used for reading and writing to devices such as the screen and the keyboard? A virtual file system (VFS) creates an abstraction on top of the concrete file systems. A VFS mainly supplies the path system and file hierarchy; it delegates operations on files to the underlying file systems. The original paper on VFS is succinct and well worth a read. See the section “Further Reading” for a reference. With a VFS we could mount a special file system on the path `/dev`. This file system would handle all devices such as keyboards and the console. However, one could also take the traditional UNIX approach, with major/minor device numbers and `mknod` to create special files for devices. Which approach you think is the most appropriate is up to you; there is no right or wrong when building abstraction layers (although some abstractions turn out way more useful than others). ## Further Reading - The ideas behind the Plan 9 operating systems is worth taking a look at: [Plan 9](http://plan9.bell-labs.com/plan9/index.html) - Wikipedia's page on inodes: [Inode](http://en.wikipedia.org/wiki/Inode) and the inode pointer structure: [Inode Pointer Structure](http://en.wikipedia.org/wiki/Inode_pointer_structure). - The original paper on the concept of inodes and a virtual file system is quite interesting: [Kleinain](http://www.sun.com/west/edu/fredk/Courses/cs253/fall01/Papers/kleinain86/inodes.pdf). - Poul-Henning Kamp discusses the idea of a special file system for `/dev` in [this paper](http://static.usenix.org/publications/library/proceedings/bsdcon02/full_papers/kamp/kamp_html/index.html). ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 71 Context: ```markdown # Chapter 13 ## System Calls System calls are the way user-mode applications interact with the kernel—to ask for resources, request operations to be performed, etc. The system call API is the part of the kernel that is most exposed to the users; therefore, its design requires some thought. ## Designing System Calls It is up to us, the kernel developers, to design the system calls that application developers can use. We can draw inspiration from the POSIX standards or, if they seem like too much work, just look at the ones for Linux, and pick and choose. See the section “Further Reading” at the end of the chapter for references. ## Implementing System Calls System calls are traditionally invoked with software interrupts. The user applications put the appropriate values in registers or on the stack and then initiate a pre-defined interrupt which transfers execution to the kernel. The interrupt number used is dependent on the kernel; Linux uses the number 0x80 to identify that an interrupt is intended as a system call. When system calls are executed, the current privilege level is typically changed from PL3 to PL0 (if the application is running in user mode). To allow this, the DPL of the entry in the IDT for the system call interrupt needs to allow PL3 access. Whenever inter-privilege level interrupts occur, the processor pushes a few important registers onto the stack—the same ones we used to enter user mode before (see Figure 6-4, section 6.12.1, in the Intel manual [33]). What stack is used? The same section in [33] specifies that if an interrupt leads to code executing at a minimally lower privilege level, a stack switch occurs. The new values for the registers as well as the stack are loaded from the current Task State Segment (TSS). The TSS structure is specified in Figure 7-2, section 7.2.1 of the Intel manual [33]. To enable system calls, we need to set up a TSS before entering user mode. Setting it up can be done in C by setting the `s80` and `eip` fields of a “packed struct” that represents a TSS. Before loading the “packed struct” into the processor, a TSS descriptor has to be added to the GDT. The structure of the TSS descriptor is described in section 7.2.2 in [33]. ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 75 Context: ```markdown # Difficulties with Preemptive Scheduling When using preemptive scheduling, one problem arises that doesn't exist with cooperative scheduling. With cooperative scheduling, every time a process yields, it must be in user mode (privilege level 3), since yield is a system call. With preemptive scheduling, the processes can be interrupted in either user mode or kernel mode (privilege level 0), since the process itself does not control when it gets interrupted. Interrupting a process in kernel mode is a little bit different than interrupting a process in user mode, due to the way the CPU sets up the stack at interrupts. If a privilege level change occurred (the process was interrupted in user mode), the CPU will push the value of the process and `esp` register on the stack. If no privilege level change occurs (the process was interrupted in kernel mode), the CPU won't push the `esp` register on the stack. Furthermore, if there was no privilege level change, the CPU won't change stack to the one defined it the TSS. This problem is solved by calculating what the value of `esp` was before the interrupt. Since you know that the CPU pushes 3 things on the stack when no privilege change happens and you know how much you have pushed on the stack, you can calculate what the value of `esp` was at the time of the interrupt. This is possible since the CPU won't change stacks if there is no privilege level change, so the content of `esp` will be the same as at the time of the interrupt. To further complicate things, one must think of how to handle the case when switching to a new process that should be running in kernel mode. Since `iret` is being used without a privilege level change, the CPU won't update the value of `esp` with the one placed on the stack - you must update it yourself. ## Further Reading - For more information about different scheduling algorithms, see [OSDev Scheduling Algorithms](http://wiki.osdev.org/Scheduling_Algorithms). ``` #################### File: The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf Page: 77 Context: ```markdown # References 1. Andrew Tanenbaum, 2007. *Modern operating systems*, 3rd edition. Prentice Hall, Inc. 2. The Royal Institute of Technology, [http://www.kth.se](http://www.kth.se). 3. Wikipedia, [Hexadecimal](http://en.wikipedia.org/wiki/Hexadecimal). 4. OSDev, [OSDev](http://wiki.osdev.org/Main_Page). 5. James Molloy, [James's kernel development tutorial](http://www.jamesmolloy.co.uk/tutorial_html/). 6. Canonical Ltd, [Ubuntu](http://www.ubuntu.com/). 7. Oracle, [Oracle VM VirtualBox](http://www.virtualbox.org/). 8. Dennis M. Ritchie and Brian W. Kernighan, 1988. *The C programming language*, second edition. Prentice Hall, Inc. 9. Wikipedia, [C (programming language)](http://en.wikipedia.org/wiki/C_(programming_language)). 10. Free Software Foundation, [GCC, the GNU Compiler Collection](http://gcc.gnu.org/). 11. NASM, [NASM: The Netwide Assembler](http://www.nasm.us/). 12. Wikipedia, [Bash](http://en.wikipedia.org/wiki/Bash_%28Unix_shell%29). 13. Free Software Foundation, [GNU make](http://www.gnu.org/software/make/). 14. Volker Rüppel, [Bochs: The Open Source IA-32 Emulation Project](http://bochs.sourceforge.net/). 15. QEMU, [QEMU](http://wiki.qemu.org/Main_Page). 16. Wikipedia, [BIOS](http://en.wikipedia.org/wiki/BIOS). 17. Free Software Foundation, [GNU GRUB](http://www.gnu.org/software/grub/). 18. Wikipedia, [Executable and Linkable Format](http://en.wikipedia.org/wiki/Executable_and_Linkable_Format). 19. Free Software Foundation, [Multiboot Specification Version 0.6.96](http://www.gnu.org/software/grub/manual/multiboot/multiboot.html). 20. GNU, [GNU Binaries](http://www.gnu.org/software/binutils/). 21. Lars Noodén, Bug #426419: *configure: error: GRUB requires a working absolute pathcopy*, [https://bugs.launchpad.net/ubuntu/+source/grub/+bug/426419](https://bugs.launchpad.net/ubuntu/+source/grub/+bug/426419). 22. Wikipedia, [ISO Image](http://en.wikipedia.org/wiki/ISO_image). 23. Boch's, [Bochs](http://bochs.sourceforge.net/doc/bochs/user/bochsrel.html). 24. NASM, [RESB and Friends: Declaring Uninitialized Data](http://www.nasm.us/doc/nasmdoc3.htm). ``` ########## """QUERY: what is an overview for best practices in web api design?>""" Consider the chat history for relevant information. Use all information included. Use as much tokens as needed. Important: If you find information separated by a | in the context, it is a table formatted in Markdown.Important: Take a look at the QUERY and only the QUERY. If this is vague or unclear, please ignore everything and ask a follow-up question instead! Final Files Sources: Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 1, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 2, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 3, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 4, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 5, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 6, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 7, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 8, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 9, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 10, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 11, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 12, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 13, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 14, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 15, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 16, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 17, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 18, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 19, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 20, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 21, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 22, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 23, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 24, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 25, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 26, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 27, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 28, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 29, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 30, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 31, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 32, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 33, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 34, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 35, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 36, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 37, Web%20API%20Design%20-%20Brian%20Mulloy%20%28PDF%29.pdf - Page 38, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 1, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 3, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 4, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 7, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 9, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 13, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 17, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 21, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 23, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 29, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 35, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 37, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 41, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 45, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 55, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 57, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 63, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 70, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 71, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 75, The%20Little%20Book%20About%20OS%20Development%20-%20Erik%20Helin%2C%20Adam%20Renberg%20-%20%28PDF%2C%20HTML%29.pdf - Page 77 ================================================== **Elapsed Time: 0.00 seconds** ================================================== FINAL ANSWER Answer: Designing web APIs that developers love requires following best practices that prioritize usability and clarity. Here's an overview based on the provided context, emphasizing a pragmatic RESTful approach: **1. Intuitive URLs for Resources:** - **Nouns over Verbs:** Use nouns to represent resources in URLs (e.g., `/dogs`, `/dogs/1234`) and avoid verbs, keeping the base URL concise. - **Plural Nouns:** Opt for plural nouns for collections (`/dogs`) to enhance readability and intuitiveness. - **Concrete Naming:** Choose concrete resource names (`/blogs`, `/videos`) over abstract ones (`/items`) for better understanding. **2. Leveraging HTTP Verbs:** - **CRUD Operations:** Utilize HTTP verbs (GET, POST, PUT, DELETE) for standard CRUD operations on resources, making the API predictable. **3. Managing Complexity:** - **Simplify Associations:** Keep URLs shallow, avoiding deep nesting. Represent relationships using query parameters (e.g., `/owners/5678/dogs`). - **Query Parameters for Options:** Handle optional states, attributes, filtering, etc., using query parameters (e.g., `/dogs?color=red&state=running`). **4. Handling Errors Effectively:** - **Clear HTTP Status Codes:** Use a small subset of standard HTTP status codes (e.g., 200, 400, 500) for easy comprehension. - **Verbose Error Messages:** Provide detailed, human-readable error messages in the response payload, including hints for resolution and links to further information. **5. Versioning:** - **Mandatory Versioning:** Always version your API using a 'v' prefix and a simple ordinal number in the URL (e.g., `/v1/dogs`). - **Maintainability:** Maintain at least one version back, providing developers sufficient time for migration. **6. Pagination and Partial Responses:** - **Partial Response:** Allow retrieving specific data fields using a comma-delimited list in query parameters (e.g., `/dogs?fields=name,color`). - **Pagination:** Implement pagination using `limit` and `offset` parameters for better handling of large datasets. - **Metadata:** Include metadata about the total number of records and pagination details in paginated responses. **7. Non-Resource Responses:** - **Verbs for Actions:** When an API call involves actions or calculations, use verbs in the URL (e.g., `/convert?from=EUR&to=USD`). **8. Format Negotiation:** - **Support Multiple Formats:** Allow developers to request data in different formats (e.g., JSON, XML) using dot notation in the URL (e.g., `/dogs.json`). - **JSON as Default:** Use JSON as the default format for its simplicity and compatibility. **9. Consistent Naming Conventions:** - **JavaScript Conventions:** Follow JavaScript conventions for attribute names in JSON responses, using camelCase. **10. Search Functionality:** - **Dedicated Search Endpoint:** Use a dedicated endpoint like `/search?q=query` for global searches. - **Scoped Search:** Allow searching within specific resources using query parameters (e.g., `/owners/5678/dogs?q=query`). **11. API Subdomain:** - **Consolidated Subdomain:** Consolidate all API requests under a single subdomain (e.g., `api.example.com`) for consistency. **12. Handling Exceptional Behavior:** - **Error Code Suppression:** Provide a mechanism to suppress HTTP error codes if clients intercept them (e.g., `suppress_response_codes=true`). - **Limited HTTP Method Support:** Offer workarounds for clients with limited HTTP method support, such as using query parameters (e.g., `method=put`). **13. Authentication:** - **OAuth 2.0:** Utilize OAuth 2.0 for secure authentication and authorization. **14. Addressing Chattiness:** - **RESTful Design with Shortcuts:** Design a RESTful API and then provide shortcuts or composite responses for common use cases to reduce chattiness. **15. SDKs for Enhanced Integration:** - **Consider SDKs:** Complement your API with SDKs to simplify integration, promote best practices, and speed up adoption on specific platforms. **16. API Façade Pattern:** - **Abstraction Layer:** Implement an API façade to create an abstraction layer between the API interface and underlying systems, simplifying design and maintenance. By adhering to these best practices, you can create web APIs that are enjoyable to use, easy to understand, and promote developer productivity. ================================================== **Elapsed Time: 21.97 seconds** ==================================================