Ajax Design Patterns by Michael Mahemoff

To motivate REST, let’s consider a football service. Sufficiently authorized clients can read game records, upload new games, correct existing games, or delete games. We’ll assume your backend’s already written, but how would you offer it as a web service? How will client developers call it, and how will they learn about its interface?

To wit, following are a few random ways you might expose a game service—note that these aren’t necessarily RESTful!

And we could go on. And then we could look at the other functions here. The point is this: as a service designer, you have many options for representing a single function. Is that, in itself, a problem? You might argue it’s not a problem at all—just choose any old option, using some darts and a blindfold if need be. Then just create the service and document its usage—any competent developer will then be able to deal with it, right? That argument, however, is flawed on several counts:

So we’ve seen the argument for a convention-based approach to web services, but what’s the convention? REST is one such convention, consisting of many different guidelines, that has broad industry support. Just about any functionality can be presented as a RESTful API, and by doing so, it gains the advantage of a familiar, intuitive style. Many services on the Net already follow RESTful principles, to differing degrees. Also, many real-world entities such as browsers and caches tend to assume REST. These entities work better if REST is in place—a browser, for instance, might give better feedback; a cache will retain all the data that the programmer expected it to retain. And what will happen if REST is not in place? It’s probably not the end of the world, but you’ll find little things will go wrong and work in unexpected ways. For instance, hitting the browser’s Reload button might cause a purchase order to be resubmitted. Or a cache might end up caching data it shouldn’t, or it might not cache any data at all. Why these unfortunate events might occur will become clear as we learn about the RESTful principles.

So much for abstract motivation: what exactly are the RESTful principles (http://www.xfront.com/REST-Web-Services.html) all about? REST ultimately presents the server as a big blob of “resources” such as people, cars, or football games. Clients interact by inspecting and changing that state. Putting a purchase order on the server, for example, will trigger the server to affect the purchase described in the order. This contrasts with the Remote Procedural Call (RPC) approach, where the client would call a remote purchase( ) procedure. REST is based on data manipulation, RPC is based on procedural calls.

REST sees the universe as consisting of resources and operations performed on, and with, those resources. The resources and the operations can be represented as the HTTP concepts of URLs and call methods.

Another way to say it is in HTTP, any request a client can make involves a URL and an HTTP method. With REST, the URL is designed to represent a noun and the HTTP method always maps to one of several standard verbs, which will be performed against that noun.

How is the URL combined with the HTTP methods in practice? Returning to the example, a game is clearly an entity in this API. So REST says we create a scheme to expose each particular game as a unique URL—for example, http://example.com/games/995.

So far, this is all pretty unequivocal. Anyone familiar with REST will always be driven to create a unique URL for each game. There might be differences of opinion about the precise naming, but the basic concept will always be the same if you follow REST. Now that we have this unique URL, we can implement many functions around it, by leveraging the standard HTTP methods (http://rest.blueoxen.net/cgi-bin/wiki.pl?RestFaq#nid1UP).

In summary, each HTTP method will cause a well-defined action on the resource represented by the URL it operates on. The methods can be compared to SQL commands: GET is like “SELECT,” DELETE is like “DELETE,” POST is like “INSERT” with an auto-generated ID, and PUT is like “INSERT OR UPDATE IF EXISTS” with an ID specified.

Again, notice how most of this is unequivocal. True, you still have to decide on a precise URL convention and message formats, but that’s fairly minimal. Just by declaring “this is a REST interface,” you’re conveying many implicit rules to a REST-savvy developer. Inform that developer of the URL and message conventions, and they’ll be able to intuit most of the API. Compare that to an ad hoc, roll-your-own API, where each detail must be explained piecemeal. Considering that there are thousands of web services out there, it soon becomes clear why REST is an attractive option.

As explained in the previous section, each resource receives a unique URL. URLs generally look like nouns.

REST doesn’t tell you what names to call your resources—there are infinite possibilities and the choice is up to you. They’ll often reflect your conceptual model of the system and look similar to your database table names.

With REST, each HTTP method indicates the kind of action to be performed. Moreover, the REST API designer doesn’t have to decide what each method means, because there are only a handful of methods, and REST standardizes the meaning of each—GETs for queries, POSTs for inserts, and so on, as explained above. Notice how resource names are not standardized in the same way. Businesses have different models, so you can’t standardize on those things. But REST is saying that you can indeed model the resources so that the set of required actions is standard, thus ensuring APIs are consistent with one another.

Fortunately, the standard HTTP methods—when combined with a well-designed URL and resource scheme—are enough to let a client express just about anything it needs to. It’s true that in an ideal world, there would be a few extra actions to make life a bit easier. For example, it would be convenient if there was a standard LOCK action to let a client deal exclusively with a particular resource.^[*] However, you can still work around this by introducing a lock resource and letting clients lock things by manipulating those resources with the standard HTTP methods.

Refining the previous point, GET calls must be read-only. When you perform a read-only query of any kind, always use GET. Conversely, when your call will affect any data on the server, use one of the other methods: PUT, POST, and DELETE all change state. There are some caveats here—for example, if issuing a query ends up leaving a log message somewhere, does that constitute a change? Technically, yes; but common sense says no, it’s not a significant change to the underlying resource, so it’s acceptable to log the message in response to a GET request. Just be aware that the log might not read as intended; for instance, some clients will get the content from a cache, which means no log message will occur.

The reverse problem can happen too. GET requests are often cached, but the other types of requests are not. When you perform a query with POST, you deny the possibility of caching in the browser, within the client’s network, or on your own server.

If you learn nothing else about REST, be sure to learn this guideline; of all the REST conventions, this is the best known and widely applied across the net (see the sidebar "The Backpack-Accelerator Incident" in this chapter).

In stateful interaction, the server remembers stuff from the past. For example, you could do this:

Greg’s Browser: Give me the next game to work on.

Server: Work on game 995.

...

Greg’s Browser: Here’s the result: bluebaggers 150, redlegs 60.

Server: Thanks.

(Server stores “bluebaggers 150, redlegs 60” for game 995.)

The server here has an implicit conversational state; it remembers the game Greg’s working on. That makes testing harder, because you have to set the whole history up to test any particular interaction. Another problem is the fragile nature of the transaction; what if Greg’s browser fails and ends up requesting two different games? When Greg uploads the score, the server could easily misinterpret which game he’s talking about. Also, you can’t cache effectively because a query result might depend on something that happened earlier.

Furthermore, an objective of REST is to be able to switch clients at any time and receive the same result. If you switch “Greg’s Browser” to “Marcia’s Browser,” the server will respond differently to the game result above, because it will assume Marcia’s Browser is working on a different game number. While users are unlikely to switch browsers mid-conversation, other clients like caches and robots may well switch. Substitutability makes networks more scalable.

The upshot is that everything should be passed in at once. It’s okay for the client to remember details about the conversation—REST says nothing about the client’s activity—but the server must not. The server responses should be based on the server’s global state and not on the state of the conversation; i.e.:

So are cookies used at all? Yes, cookies can be used, but mainly for authentication. They should only determine whether or not the server will accept a call, by not in any way how the server will respond. If authentication fails, an appropriate response, such as a 401 (Forbidden) header, will result. If authentication succeeds, the same call will always have the same effect, independent of the client who made the call. So if Greg’s Browser says “Get All Games,” Greg will see exactly the same thing as if the all-powerful administrator asked for the same thing, as long as Greg’s allowed to see them. If the security policy forbids Greg from seeing all games, Greg’s query will be denied. What won’t happen is for Greg to receive just a minimal list of his own games—if that happened, the server would be using the cookie to determine the browser’s response. To get a minimal list, the query must be explicit—“Get All of Greg’s Games”—and of course, it must be Greg or the administrator that issues this request. If Marcia made that request, she’d get an authentication error.

An alternative to cookies is to use HTTP Basic Authentication, but this doesn’t work too well in an Ajax context, because you don’t have any control over the UI. The browser will typically pop up a dialog box, whereas you probably want to integrate any authentication directly into the interface, especially if using a pattern like Lazy Registration. HTTP Digest Authentication does allow more flexibility, but browser and server support is limited. Thus, while HTTP authentication is seen as “more pure,” cookies are a reasonable workaround, provided you use them only for authentication.

“Idempotent” means that once you pass a message to service, there’s no additional effect of passing the same message again. Consider the deletion message, “Delete Game 995.” You can send it once, or you can send it 10 times in succession, and the world will be the same either way. Likewise, a RESTful GET is always idempotent, because it never affects state. The basic conventions on GET/DELETE/PUT/POST, described earlier, are intended to support idempotency.

In resource representations returned by GET queries, use hyperlinks liberally to refer to related resources. With judicious use of hyperlinks, you can and should break information down. Instead of providing one massive response, include a modicum of information and point to further information using resource identifiers.

RESTful services can and should document themselves. The exact mechanism is not well-defined. But a couple of examples include:

As an extension to the previous point, RESTful services rely on standards such as Document Type Definitions (DTDs) and XML Schema to verify data formats as well as to document what’s acceptable.

The REST definition is especially geared for creating—such as Amazon—reading, updating, and deleting (CRUD) operations. How about transactions and arbitrary actions, such as “Pause the printer” or “Email the catalogue to this user”? By definition, application-specific actions don’t fit neatly with the standard REST actions. There will always be some pragmatic judgment required as to a suitably RESTful interface. A few possibilities have been mooted, with viewpoints varying (http://rest.blueoxen.net/cgi-bin/wiki.pl?VerbsCanAlsoBeNouns):

Being a broad architectural style, REST will always have different interpretations. The ambiguity is exacerbated by the fact that there aren’t nearly enough standard HTTP methods to support common operations. The most typical example is the lack of a search method, meaning that different people will design search in different ways. Given that REST aims to unify service architecture, any ambiguity must be seen as weakening the argument for REST.

Another issue is portability —while GET and POST are standard, you may encounter browsers and servers that don’t deal consistently with DELETE, PUT, and other methods.

The main alternative to REST is RPC (see RPC Service , later). It’s equally broad in definition, but the essential idea is that services are exposed at procedures. You end up POSTing into verb-like URLs such as /game/createGame?gameId=995 instead of RESTful, noun-like URLs such as /game/995. In fact, the distinction is significant enough that some service providers, such as Amazon, actually provide separate APIs for each. As a general rule, any set of services could be exposed as either REST or RPC; it’s just a question of API clarity and ease of implementation. Note also there is some overlap; as discussed in the RPC Service solution, RPC can still follow certain RESTful principles.

From an implementation perspective, REST and RPC differ in that REST requires some explicit design, whereas RPC tends to follow directly from the backend software model. In the example, it’s likely there will be a Game class with a createGame( ) method—that’s just how most server-side software gets done. So it’s a no-brainer to tack on a /game/createGame web service that mediates between the client and the backend method. In fact, there are many frameworks that will completely automate the process for you.

With REST, there’s no direct mapping between web service and backend implementation—an impedance mismatch. You need to take a step back and explicitly design your API to be RESTful. If you’re following feature-driven design, the API is the first thing you’ll produce anyway, since the design will be “pulled” by the needs of clients, rather than “pushed” from the available technology. Once you’ve designed the API, the web service implementation will effectively be a kind of middleware Adaptor (see Gamma et al., 1995) to the backend services.

To summarize crudely:

Atom is a feed protocol built around RESTful principles. Blogger offers a good description on its use of Atom in its public API (http://code.blogger.com/archives/atom-docs.html). The API lets third-party applications read and change Blogger blogs. Blogger themselves could theoretically build an Ajax App that directly calls on the API.

A blog entry is one important resource in Blogger’s API. For example, entry ID 1000 for user 555 “lives at” http://blogger.com/atom/555/1000. So to read that entry, just issue a GET on that URL. To change the entry there, just PUT an XML document to the same URL. To add a new entry, you don’t yet know its ID, so you POST to a URL containing only the user ID—for example, http://blogger.com/atom/555. Note that each of these operations uses HTTP Basic Authentication and runs over HTTPS.

An XML list of categories is exposed by GETting http://ajaxify.com/run/shop/categories.phtml. Here, categories is the resource and the HTTP method is GET since we’re reading the resource. To avoid listing all category information here, there’s a link to each specific category resource:

  <categories>
    <category xlink="http://ajaxify.com/run/shop/rest/category.phtml?name=Books">
Books</category>
    <category xlink="http://ajaxify.com/run/shop/rest/category.phtml?name=Songs">
Songs</category>
    <category xlink="http://ajaxify.com/run/shop/rest/category.phtml?name=Movies">
Movies</category>
  </categories>

To drill down to an individual category, say “Movies,” you GET http://ajaxify.com/run/shop/category.phtml?name=Movies, which provides the name and items. Since an item is defined solely by its name, and we can’t perform operations on items themselves, there’s no need to give it a URL.

  <category>
    <name>Movies</name>
    <item>Contact</item>
    <item>Gatica</item>
    <item>Solaris</item>
  </category>

As the system scales up, the list of all items gets excessive for someone who just wants to know the category name. So the next service provides just the items. If we want, we could then remove the list of items in the category name.

Being RESTful, we can’t just access the shopping cart out using the current session—each operation must specify the cart’s owner. The session is used here, but only for authentication.

To read the shopping cart of user 5000, we GET http://ajaxify.com/run/shop/rest/cart.phtml?userId=5000:

  <cart userId="5000">
    <item>
      <name>Hackers and Painters</name>
      <amount>2</amount>
    </item>
    <item>
      <name>Accidental Empires</name>
      <amount>4</amount>
    </item>
  </cart>

To test the authentication, visit the web app http://ajaxify.com/run/shop/rest and add a few items. Cut and paste your assigned user ID over the “5000” in the above URL. You’ll be able to see your cart. Then try a different user ID, say 6000, and you’ll be greeted with the following message along with a 401 (Forbidden) header:

  You don't have access to Cart for user 6000.

Being RESTful, the cart URL remains the same whether we’re manipulating or reading it. So when we make changes to user 5000’s cart, we use the same URL as for reading it, http://ajaxify.com/run/shop/rest/cart.phtml?userId=5000 (which would instead end with the cleaner /cart/5000 if we could use URL-rewriting).

To update the cart, we simply PUT a new cart specification to the cart’s URL. If the user’s just cleared the cart, the following will be uploaded:

    <cart>
    </cart>

If the user’s added an item, the browser still does the same thing: just upload the whole cart; e.g.:

  <cart userId="65590">
    <item>
      <name>Hackers and Painters</name>
      <amount>2</amount>
    </item>
    <item>
      <name>Accidental Empires</name>
      <amount>5</amount>
    </item>
  </cart>

Note that working with PUT is quite similar to working with POST. As explained in XMLHttpRequest Call (Chapter 6), XMLHttpRequest has a requestType parameter. In the example here, the details are in any event abstracted by the AjaxCaller wrapper library:

  ajaxCaller.putBody("cart.phtml?userId="+userId, null, onCartResponse, true,
      null, "text/xml", cartXML);

How to mail the cart contents is more subjective, as discussed in the “Arbitrary Actions” section in the Solution. The approach here is to post an email address to the cart URL, e.g.:

  <email-address>
    ajaxmail@example.com
  </email-address>

function readBody( ) {
    $body="";
    $putdata = fopen("php://input", "r");
    while ($block = fread($putdata, 1024)) {
      $body = $body.$block;
    }
    fclose($putdata);
    return $body;
  }

RPC Service (see later in this chapter) is an alternative to RESTful Service, as highlighted earlier in the "Solution.”

XML Messages (see later in this chapter) are often used as the format of a REST service’s response, and sometimes its input as well. XML fits well here because it’s standards-based, broadly supported and understood, self-documenting, and capable of self-verifying when used with DTDs and XML Schemas. XML Messages tend to appear as the body of PUT and POST calls as well as in responses.

A RESTful transaction often involves passing a resource back and forth, with each side augmenting its state. For instance, a server can deliver an initially empty shopping cart, the client can add an item to it, the server can set the total price, and so on. Instead of transforming to and from a custom data structure, it sometimes makes sense for the browser to retain the incoming XML Messages in an XML Data Island (Chapter 11) and transform it according to the interaction.

Unique URLs (Chapter 17) also relates to URL design, though they differ in scope. Unique URLs relates to the URLs of the Ajax App itself, while RESTful Service involves the URLs of web services it uses. It’s sometimes said that “Ajax breaks REST” because many Ajax Apps have a single URL regardless of state. Ironically, though, Ajax actually facilitates REST by encouraging a clean API to service the browser application. As for the browser application, Unique URLs do help make an Ajax App a bit more RESTful, though that’s somewhat beside the point since it’s the web services that a client would want to use.

Kiko (http://kiko.com) is an online calendar application with a slew of Ajax features. The browser communicates to an interface using RPC-style URLs. For example, the following call retrieves my contacts:

  http://www.kiko.com/kiko/kikoservlet?function=SelectContactsByUser , false ,
  undefined , undefined)

A change is made in the same way. Here’s what the browser called when I added an appointment:

  http://www.kiko.com/kiko/kikoservlet?function=CreateAppt&starttime=2005-9-12 18:0:
  00&endtime=2005-9-12 s18:30:00 , false , undefined , undefined)

Kiko invokes these URLs using POSTs, where the body is just an authentication key. Note that the service could be more REST-like, while retaining the RPC-style URLs, if Kiko wants to open the API to the public and ensure scaleability. To make it more REST-like, queries like SelectContactsByUser would be issued as GETs, with cookies used for authentication in place of the authentication key in the body. This would not only improve consistency across APIs, but also have the direct practical benefit of supporting caching, since GET responses can easily be cached. Also, POSTs could include all arguments inside the body, while retaining RPC-style URLs like /?function=CreateAppt.

The Flickr API (http://www.flickr.com/services/api/), available to external developers, is a good example of an API with RPC-style URLs that also respects the basic REST conventions of GET strictly for reads and POST strictly for writes. Most calls include an API key, which the developer must apply for. A query for photo details such as owner and description is a GET call to a URL like this:

    http://www.flickr.com/services/rest/?method=flickr.photos.getInfo&api_
         key=ap1000&photo_id=2000

You can also effect changes with the API. For example, you can tag an element by POSTing to a URL like this:

    http://www.flickr.com/services/rest/?method=flickr.photos.addTags

containing a body like this:

    api_key=ap1000&photo_id=2000&tags=Screenshot

To read the Categories, you GET http://ajaxify.com/shop/rpc/services.phtml?command=get-Categories.

To drill down to an individual category, say “Movies,” you GET http://ajaxify.com/shop/rpc/services.phtml?categoryName=Movies.

To read cart contents, you GET http://ajaxify.com/shop/rpc/services.phtml?command=getCar t. Note that cart access is based on the session, as with the Basic Shop Demo (and unlike the RESTful Service demo). It doesn’t have to be like this, but doing so allowed for a minimal change.

To clear the cart, we POST a body of command=clearCart to services.phtml. To add an item, we POST the command and item in the body, such as command=addToCart&item=Accidental Empires to services.phtml.

RESTful Service (see earlier in this chapter) is an alternative to RPC Service, but many tenets of REST can, and should, still be followed in RPC. See the RESTful Service "Solution" for a comparison.

Ajax Stub (see later in this chapter) automates the production of RPC Services.

RPC is often used to design an application-independent web service API, or at least one that doesn’t know anything about the user interface. That being the case, responses tend to be of a raw, semantic nature such as a Plain-Text Message (see later in this chapter) or an XML Message (see later).

With great power comes great responsibility. An Ajax Stub makes it easy, bordering on trivial, to directly expose business operations. That means it’s also easy to let curious users do things they shouldn’t. Since many Ajax Apps push the whole user interface out to the browser, the web tier is left publishing business methods. Harry Fuecks, author of the Ajax Stub toolkit JPSpan (http://jpspan.sourceforge.net/), gave this cautionary example on the Ajax Blog (http://ajaxblog.com/archives/2005/05/25/a-grumpier-ajaxian). A naïve export of a business operation could end up with a call like this:

  var ccNum = AJAX.getCreditCardNumber(userId);

Anyone can edit the JavaScript and pass any argument to the credit card operation. Another stubbing framework, DWR (http://getahead.ltd.uk/dwr/getstarted), warns: “There is a danger that you could cause all sorts of security problems using this code. You need to think about security earlier rather than later.”

Other approaches, such as RESTful Service, are also vulnerable to the same threat, but they tend to encourage more analysis, because you have to explicitly design the service interface. With Ajax Stub, you’re effectively ticking a few boxes to say which backend operations can be executed.

A few guidelines:

SAJAX (http://www.modernmethod.com/sajax/) is an Ajax Stub framework that actually supports multiple backend languages. The browser side is the same for all, but there are different server-side proxy components depending on which language is used. Among the backend languages are ASP, ColdFusion, Perl, PHP, Python, and Ruby.

DWR (http://getahead.ltd.uk/dwr/overview/dwr) is an open source framework for Ajax Stubs to Java classes. On the server side, you run a DWR servlet and configure it with a separate XML file. In the browser, just include a JavaScript file. Java and JavaScript may not have much in common, but calls do at least look the same. A DWR JavaScript-to-Java call looks just like a Java-to-Java call.

Richard Newman’s open source CL-AJAX (http://www.cliki.net/cl-ajax) supports stubbing of Common Lisp functions.

Ajax Stubs are built on top of XMLHttpRequest Calls (Chapter 6) and represent a different approach to the usual Ajax remoting. XMLHttpRequest Calls leave the user to deal directly with HTTP concepts and packing and unpacking of messages, tasks that Ajax Stubs take care of. The benefit of direct XMLHttpRequest Calls is that the server-side service interface is independent of the underlying implementation.

XML-RPC and SOAP are more generic (non-Ajax-specific) ways to develop RPC Services (see earlier in this chapter). Since Ajax Stubs tend to produce Ajax-specific services, XML-RPC or SOAP might be more appropriate if you’re opening up to external clients.

An Ajax Stub is one way to implement an RPC Service.

JSON Messages (see later in this chapter) are being used by several Ajax Stub frameworks because Ajax Stubs need to share data between browser and server; i.e., inbound arguments and outbound return values. These objects should be standard JavaScript objects in the browser and standard Java or PHP or whatever-your-language-choice objects on the server. In between, it’s most convenient to transfer them as strings. JSON defines a standard way to convert objects in many languages to and from a string representation.

An even more ambitious standard is JSON-RPC (http://json-rpc.org/), a protocol for remoting that’s touted as a lightweight alternative to XML-RPC. There’s an Ajax Stub framework based on JSON-RPC, the aptly named JSON-RPC-Java (http://oss.metaparadigm.com/jsonrpc/).

In the extreme, the service could generate HTML for the entire document, making it similar to a conventional page refresh. In practice, you’ll usually want to limit the HTML’s level of granularity to well-defined, distinct page elements. For example:

You’ll need to decide how much style is contained in the message. An HTML Message already ties the server to the browser somewhat, but style directives will tie it further to the server. In general, it’s good practice to just include class names and element IDs so that the browser application can influence the style, usually with a standard CSS stylesheet. If you do this, you’ll need to ensure the names are unique, and you’ll need to decide on exactly which elements need to be given ID and class declarations.

Digg Spy (http://digg.com/spy) shows new stories and events such as user moderation as they happen (see Figure 5-5). The XMLHttpRequest Call (Chapter 6) accesses a static URL (http://digg.com/last10) containing the last 10 submissions and integrates them into the page. The HTML looks like this:

  <div class="news-body" id="main64115">
    <h3 id="title">
      <a href="http://digg.com/movies/How_LEGOs_Are_Made_"> How LEGOs Are Made!
</a>
    </h3>
    <p class="news-submitted">
      <a href="/users/Akshun"><img src="/img/user-small/user-default.png" alt=
"Akshun" height="16" width="16"> </a>
    submitted by <a href="/users/Akshun"> Akshun </a> 14 hours 22 minutes ago
      (<a href="http://www.popandco.com/archive/moab/" class="simple tight" title=
"How LEGOs Are Made!"> ... </a>) </p>
  <p> </p>
  </div>
  <div class="news-body" id="main64550">
  ...

Rapha (http://www.rapha.cc) is an e-commerce web site for cycling gear (Figure 9-5). The shopping cart is Ajaxian, requiring no page refresh to update. Each time an item is purchased, the HTML for the shopping cart is retrieved. For example:

  <div id="basket">
    <h3>Your basket:</h3>
    <ul>
      <li>Small Softshell Jacket x 2</li>
    </ul>
    <p><a href="/basket/">Edit selection</a> | <a href=
"/checkout/">Go to checkout</a></p>
  </div>

Figure 9-5. Rapha

Francis Shanahan’s Amazon Zuggest (http://www.francisshanahan.com/zuggest.aspx) provides a Live Search: results are shown as you type. The server responds by providing the entire HTML for each result—for example:

  <table>
    <tr><td valign=top width='20%'><b>Vempire Or Dark Faerytales
in Phallustei</b><br>
    <a href='http://www.amazon.com/exec/obidos/redirect?tag=francshanacom-20%26link_
code=sp1%26camp=2025%26creative=165953%26path=http://www.amazon.com/gp/
redirect.html%253fASIN=B0000525ZY%2526tag=francshanacom-20%2526lcode=sp1%2526cID=
2025%2526ccmID=165953%2526location=/o/ASIN/B0000525ZY%25253FSubscriptionId=
16KBB0XN5XP4WSNNVKG2'
target=_blank>Click to View</a><br>
    [Music]<br>List Price<span class='lp'>$23.99</span><br>
    <span class='lnp'>1 NEW from $14.99[$13.50 used]</span>
    ...
  </td></tr><table>

TalkDigger (http://talkdigger.com) is a webfeed meta-search. Enter a query, and it fires off parallel queries to different search engines (an example of Multi-Stage Download). Each result is returned as an HTML table to be added to the page.

Plain-Text Message, XML Message, and JSON Message (see more on these later in this chapter) all involve sending raw data as opposed to concrete display detail. When the browser receives such responses, it can render it or use it in some other way, such as retaining some information. In contrast, HTML Messages are likely to be display directly and are not retained. A further difference is that HTML Messages tend to be responses only, whereas these other formats are often used for uploading data as well.

Where HTML Message provides snippets of HTML to be fused on to the page, On-Demand JavaScript (Chapter 6) can provide snippets of JavaScript to be executed immediately. The idea is introduced in that pattern as “Behavior Message.”

Brett Stimmerman’s Lace Chat (http://www.socket7.net/lace/) is an Ajax chat app (Figure 9-7). When the page is initially shown, all user messages are downloaded as a single, long string. Within the string, each user message is captured as a set of attributes, separated by pipe characters:

  1135646360:749||||date-1135646204||*Monday, 26 December
  2005||||hour-17||*17:00||||1135646204||Posted about 3 minutes ago at
  17:16||Aj Two||Yeah you can *SO* chat in real time||||1135646212||Posted
  about 2 minutes, 52 seconds ago at 17:16||*Lace||AJ One
  has joined the conversation||||1135646212||

Figure 9-7. Lace Chat

In Magnetic Poetry (http://www.broken-notebook.com/magnetic/), you drag tiles around a workspace. When the browser receives an updated position, the message looks like a structured command statement:

  Update magnetic_poetry set top_value=291, left_value=119 WHERE id=81

HousingMaps (http://housingmaps.com) is a mashup between Google Maps and Craigslist (http://craigslist.com), a community-oriented classified advertising web site. The HousingMaps portion is downloaded with an XMLHttpRequest Call that retrieves the 15 or so results matching a query. Each result represents a single home and is broken into a sequence of attributes, one line at a time, and prefixed with an identifier:

  PA:34.0917
  PN:-118.28
  IC:p
  DS:One Bath With Small Loft Duplex Near Sunset Junction
  AD:Hyperion Ave &&& Sunset Blvd</line><line>
Los Angeles</line><line>CA
  ...
  I4:a.im.craigslist.org/rR/iv/X1dT18TzV07cfjuQzouhKQ5EETuK.jpg
  LC:1071999
  PA:34.0763
  PN:-118.294
  IC:p
  DS:1930&&#39;s Restored Spanish Beauty- 1St Month Free
  AD:Berendo &&& Beverly</line><line>
Los Angeles</line><line>CA
  ...
  I4:a.im.craigslist.org/n0/Xm/SS3hSoIWLOsc8wOjaiLGQK5HFbzl.jpg
  LC:1072004
  ...

As discussed in the "Solution,” an XML Message may be a better alternative for more complex data.

There are many ways the server might generate XML messages:

When you pass XML Messages back and forth, each end must assume the same document format. That’s a standard requirement with XML, and you can define the format precisely using a separate document: either a Document Type Definition or a stricter XML Schema document.

The browser doesn’t always need to render incoming XML messages—sometimes it just uses the data. But, for situations when it does render the XML, there are a few options. In all cases, the script is building up some HTML, which will then be injected onto a DOM element by setting its innerHMTL property to the HTML string.

When you roll over a movie title in the Netflix Top 100 (http://www.netflix.com/Top100#), a balloon soon appears with summary details (Figure 9-9). After the rollover, an XMLHttpRequest Call occurs, which receives movie details like this:

  <MOVIES>
  <MOVIE ID="60031236" POS="17" DS="0">
    <TITLE>Kill Bill: Vol. 2</TITLE>
    <SYNOPSIS>In this film noir tale written ... </SYNOPSIS>
    <DETAILS RATED="R" RELYEAR="2003" GENREID="296" GENRENAME="Action &&&
Adventure"/>
    <STARRING>
      <PERSON ID="92495" NAME="Uma Thurman"/>
      <PERSON ID="20008295" NAME="Lucy Liu"/>
    </STARRING>
    <DIRECTOR>
      <PERSON ID="20001496" NAME="Quentin Tarantino"/>
    </DIRECTOR>
  </MOVIE>
  </MOVIES>

Figure 9-9. Netflix

Protopage (http://protopage.com) is a portal-style application with excellent personalization capabilities. Each time you change something on the page, a command is uploaded to the server via an XMLHttpRequest Call. For example, here’s what the browser sent when I moved a Portlet around:

<command accountId="25570" protopageId="25568" protopagePath="mahemoff" name=
"save-panel-geometry">
  <param name="id">129644</param>
  <param name="left">216</param>
  <param name="top">476</param>
  <param name="width">423</param>
  <param name="height">71</param>
  <param name="collapsed">false</param>
  <param name="zIndex">33</param>
  <param name="verticalScrollProportion">0</param>
</command>

Google Maps is perhaps the most famous usage of XML Messages. Meta-information is downloaded as XML and rendered with Browser-Side XSLT.

As mentioned earlier in the "Solution,” XML can often be overkill for simple messages, and Plain-Text Messages (see earlier in this chapter) are worth considering as an alternative.

Just like XML Message, JSON Message is a suitable representation for data of various complexities. The "Alternatives" section of JSON Message compares the two formats.

Kiko (http://kiko.com) is an online calendar application with a slew of Ajax features (Figure 9-11). As you’d expect, the server holds a model of the calendar, and the browser keeps uploading changes using XMLHttpRequest Calls. JSON is the message format used for server responses—each response is a list of objects.

Figure 9-11. Kiko

Delicious (http://del.icio.us/doc/feeds/json/), a social bookmarking tool, provides a Web Service that exposes a user’s recent bookmarks in the form of a JSON Message. For reasons discussed in On-Demand JavaScript (Chapter 6), this means a browser script can conveniently grab the data without the need for a Cross-Domain Proxy.

Jim Ley’s Route Planning application (http://jibbering.com/routeplanner/) shows you all the routes for a given airport (Figure 9-12), and, as his long-running XMLHttpRequest Tutorial (http://jibbering.com/2002/4/httprequest.html) explains, it uses JSON. For example, a JSON Message for the LAX airport is available at http://jibbering.com/routeplanner/route.1?LAX. What the browser receives from the following JSON Message is an XMLHttpRequest Call (... has been substituted for multiple data items):

  {from:'LAX',airports:[{id:"AMS",country:"NL",lat:"52.316666666667",
lon:"4.7833333333333",
tz:"Europe/Amsterdam",name:"Amsterdam",shortname:"Schiphol"},...,{id:"IAD",
country:"US",
lat:"38.95",lon:"-77.45",tz:"America/New_York",name:"Washington, DC",
shortname:"Washington Dulles International"}],routes:[{carrier:"star",toAirport:"AMS",
miles:5570},...,{carrier:"oneworld",toAirport:"DCA",miles:2304}]}

Figure 9-12. Jibbering Route Planner

Ajax.Net (http://ajax.schwarz-interactive.de/) is one of several Ajax Stub frameworks that uses JSON Messages to transfer data, which can easily be converted to and from native objects at either end. For more details, see "JSON Message" in the "Related Patterns" section of Ajax Stub.

JSON defines itself as a “fat-free alternative to XML.” Before considering the differences between the formats, let’s first look at what they have in common.

JSON Message has several advantages over XML Message (see earlier in this chapter):

XML Message (see earlier in this chapter) has several advantages over JSON Message:

Being a portable object format, JSON is a useful way to facilitate calls from browser to server using an Ajax Stub (see earlier in this chapter) framework.

Since a JSON Message is an ordinary JavaScript expression, it can be pulled in using On-Demand JavaScript. Data from external domains can be accessed this way, as explained in On-Demand JavaScript (Chapter 6).