When building a service that uses both a back-end REST API, and (a) front-end application(s), is it proper to build into that API the ability to dispatch email?
Take Twitter for example; for those who don’t know, they function with a back-end REST API and a front-end static website that consumes JSON resources.
I don’t know their internals, so I really don’t know how to handle this situation for myself, however obviously they do allow users to sign up, register, recover their passwords, confirm their accounts, et cetera. Most of these things require an email to be dispatched to the user. Does the API do that, or how is this implemented?
11
Sure. Why not?
When you invoke a REST service, you’re transferring state. It’s up to the software on both ends to determine what actions the deltas ultimately demand.
The general exception would be for the safe methods like HEAD, GET, OPTIONS and TRACE, which should generally produce no side effects.
And as an exception to the exception, even for the safe methods, if your API received “too many” requests or detected other suspicious requests, you’d potentially want to have a side effect like revoking access and/or dispatching an email to a security admin.
2
At it’s heart, REST is just a mapping of CRUD operations onto HTTP verbs – it’s an interface to communicate with a server. I don’t think there’s any expectation that calling a POST action for example should be side effect free, so don’t see any problem with that being the trigger for some back-end workflow including emails.
Probably not.
On larger projects, no, from my experience, it would not be typical that whatever script or process is on the server side of the REST request would actually send email. More often than not, it might generate information about the email, but then stick it into a database or queue for a dedicated email process to send. This allows applications to throttle the rate of outgoing emails, as well as handle problems that come up (resend) and logging.
Mind you, along the lines of what Robert Harvey brings up in comments, what is proper or not is completely situational. What is appropriate for Twitter is not the same as what is appropriate for a “Scarecrow and Mrs King” PHPBB Forum with 12 members. On smaller sites, sure, the script on the server side of the REST request can do the emailing itself. Its probably a lot simpler than creating a dedicated process to handle 3 emails a week. But as that grows, the functionality will probably move to more dedicated processes.