Problem/Motivation
Backwards compatibility policy for Drupal APIs is clear, and can often be used to infer the compatibility policies that might cover the Drupal REST implementation. However, without REST design documentation and an explicit policy, it is difficult for anyone thinking about providing a Drupal-based Web API or consuming a "vanilla" Drupal REST API to know what kinds of things might break on upgrades. This makes the risk of operating or integrating with Drupal REST a large and unknown quantity.
Such a document would also help jump-start best practices for individual REST-enabled Drupal systems, whose documentation/communications resources should reference or start with this text.
Proposed resolution
Document REST backwards compatibility policies to help steer development, and reference this from places in the Drupal codebase, API site, and others so technologists looking for this information can find it easily. Similar to the D8 "internal" B/C policy, the kinds of changes allowed should be tied to versioning. In this course of deriving this policy we may find a follow-up to separately track REST version from Drupal application version, a generally recommended practice that allows APIs and Application to evolve unencumbered from each other.
Items to Cover
Top-of-mind list.
- HTTP Headers (discussion of common headers like CORS and Caching helpful)
- Removal of Headers
- Addition of Headers
- Change in Header values
- Entity Properties
- Removal of entity field
- Name change of entity field
- Addition of entity field
- Change in structure of entity field
- Change in field item value format
- Change in field item value
- Resource path
Remaining tasks
- Decide on some initial policy points
- Draft documentation
- Find a home
- Identify reference locations
User interface changes
Possibly if there are spots in the Admin determined to reference the new documentation.
API changes
None
Data model changes
None
Comments
Comment #2
Grayside CreditAttribution: Grayside at Phase2 commentedComment #4
alexpottAdded some related issues that have discussion BC changes or REST APIs
Comment #5
Wim LeersClarifying issue title.
Comment #6
klausiYes, this is hard. We should only break API consumers when absolutely necessary, but we also should not restrict ourselves to deliver the exact bit by bit REST responses forever.
Some suggestions:
HTTP headers: This is metadata. Values should be covered by the HTTP spec. We should not give any guarantees here - all response headers are subject to change and clients should not rely on headers always being present. We should document specific exceptions. Example: after creating a node with a POST request there will always be a Link header in the response with a link to the created node.
Entity fields:
Base fields must never be removed. This is consistent with the core API where we promise to never change NodeInterface for example.
Base fields can be added: I think clients should be robust enough to work with responses that suddenly have more base fields. We should produce a change notice though.
Change in field structure/format/value: I don't know. Decide on a case by case basis? #2751325: All serialized values are strings, should be integers/booleans when appropriate for example took a good sensible approach by assuming that most clients will just be fine.
Resource paths: should be stable and not change. We can allow new paths though and still support old ones. Example: POST /entity/node keeps working, but we can also receive requests at POST /node.
Serializer data formats: should be stable, we won't make arbitrary changes like changing a [] structure to {} in JSON.
In general all minor REST API changes should be documented in change notices, but I think we are doing that already.
Comment #7
alexpottIn fact additions are allowed.
Comment #8
Wim Leers#7: But… then existing implementations would break because they don't implement a new interface method? Only optional additions are allowed:
NodeInterface
that adds an additional methodEDIT: this principle applied to REST means that it's disallowed to add required fields to entity types.
Comment #9
Wim LeersComment #12
gabesulliceI very much agree with #6 WRT HTTP headers and base fields (accepting the caveat in #8).
I wonder if REST shouldn't draft a specification similar to the JSON API specification. The conventions like MUST, SHOULD
and MAY are incredibly useful. It would allow REST to leave areas undecided and permit flexibility in areas not yet fully explored (e.g. revisioning/translations). A spec also provides useful guidance to client implementations on what inconsistencies they should expect (and program against).
Something that hasn't brought up, is that clients are not necessarily tied 1:1 with the Drupal backend. In fact, one of the promises of decoupled Drupal is that one can implement different frontends over time w/o necessarily changing the backend. Therefore, I'd like to toss the idea out that our HTTP API versions can be more like hook_update_N numbers, rather than 1:1 mappings to the core version. It would be ideal if we could support different versions of the API concurrently. This article lays out an approach that we may be able to adapt to our needs: https://stripe.com/blog/api-versioning