3 Principles of Web Application (GUI) Design for the Command Line
March 10th, 2008
When organizations need to create an application (most likely doing CRUD), they create both the application logic and user interface. Typically, this is done via a web application whose user interface is HTML. This essentially decides how the user can best utilize application logic.
CRUD applications can be used seamlessly in a GUI, via the command line, or inside other applications by following these three principles:
- Decouple the user interface from the application
- Use a standard and stateless authentication mechanism
- REST
Decouple the user interface from the application
Do not send HTML to the browser, send XML and an associated style sheet. The browser will then render the document. My sitemap is an example. This makes the page both readable in a browser and machine processable. (Note, this is very basic style sheet.)
This way, anyone can create a client side user interface to your “application.” Your user interface, simply becomes the default user interface. Anyone can create their own. Bonus points if you provide an easy method of sharing these alternative user interfaces.
Use a standard and stateless authentication mechanism
Use only HTTP Basic Authentication over SSL. Being stateless and standard, this protocol is simple and leverages a ton pre-built tools. While Apache/IIS implement Basic Authentication, it is important to understand that Basic Authentication is simply a protocol for communicating credentials. You can use any authentication store. PHP.net has a good overview of HTTP Authentication.
REST
I had never heard of REST until last year. While speaking with an exceedingly intelligent colleague of mine - I explained how if I had designed this particular GUI I would have let users query data by simply modifying the URL. Example:
http://gui/servers?platform=linux&active=true
He said, “REST!”
This is SO simple, just use GET, be stateless, use logical names, and allow selection via all characteristics. UPDATE: This is not REST, but will get the job done. I’d prefer if you implemented REST. (See comments.)
Final Thoughts
Not all data nicely fits on a single line or few lines. However, in the vast majority of cases, records can be displayed in a grep’able format. As such, its trivial to create a parameter, say f=pt, which will output the data in some line based format. At the very least, xml can be displayed in a format with is grep’able. Instead of:
<records> <record id="1"> <key name="abc" val="123" /> </record> <record id="2"> <key name="def" val="456" /> </record> </records>
Do this:
<records> <record id="1"><key name="abc" val="123" /></record> <record id="2"><key name="def" val="456" /></record> </records>
Many times, a separate “Web Services API” is created to allow people to extract data in a machine processable format. However, if you follow the these three principles, your GUI and API are one in the same. There is no need to create a separate non-human API. Furthermore, in my experience, there is rarely a need for reference documentation. The API is self explanatory.
March 10th, 2008 at 8:28 pm
Instead of three points you can just say REST and get away with it. Point 1 is basic in REST, as it supports different representations via Accept* headers. It’s usual to just send a request for xml or json or even csv representations of something that’s also represented as html and get those. Also most of REST supporting libraries and frameworks don’t bother with much beyond basic auth, as cookie based sessions are against REST principles. BTW REST is not just about GET, there are other verbs too: you should use GET only for operations that just read data and build a representation, if you want to add or change stuff use PUT (or POST to create in most cases) and DELETE to, err, delete them. A good REST app can be driven from the command line.
March 10th, 2008 at 8:47 pm
David,
Thanks for your comment!
> Also most of REST supporting libraries and frameworks
> don’t bother with much beyond basic auth, as cookie based
> sessions are against REST principles.
Basic Auth is not session based. I have created a Basic Auth via PHP example which shows this. Type any user and password and then add some query string to the URL, e.g.: ?a=b and you will notice your password is sent on every single request.
> BTW REST is not just about GET, there are other verbs too:
> you should use GET only for operations that just read data and
> build a representation, if you want to add or change stuff use PUT
> (or POST to create in most cases) and DELETE to, err, delete them.
> A good REST app can be driven from the command line.
I am in 100% agreement. I am not describing how to implement REST. I am giving basics that help me use your application from the command line. I agree, a fully compliant REST application would be ideal.
Brock
March 11th, 2008 at 9:42 am
My colleague just sent me this image which is an activity diagram to describe the resolution of HTTP response status codes. Awesome.
March 11th, 2008 at 11:20 am
Fixed title. Thanks Nino! Principals didn’t feel right…
March 11th, 2008 at 9:17 pm
Very interesting. I’m not sure if you’ve seen this site, but I see a number of developers in my group referencing it.
http://www.programmableweb.com/
April 8th, 2008 at 12:21 am
[…] I need or want to do some type of performance testing. Given my ideas on software development, I can usually do this by making simple HTTP requests. I use curl for this. While you may be […]
April 10th, 2008 at 3:13 am
A very good articale.
As I understand there are numerous REST frameworks around , can you give examples?
April 10th, 2008 at 11:26 am
Here’s two:
http://www.restlet.org/
http://simpleweb.sourceforge.net/
I personally don’t feel a framework is needed. In fact, I shun frameworks in general as they create dependencies.