Trending Blogs
Inside Arbisoft
Careers
Trending Blogs
A Technology Partnership That Goes Beyond Code
“Arbisoft is an integral part of our team and we probably wouldn't be here today without them. Some of their team has worked with us for 5-8 years and we've built a trusted business relationship. We share successes together.”
“They delivered a high-quality product and their customer service was excellent. We’ve had other teams approach us, asking to use it for their own projects”.
1000+Tech Experts
550+Projects Completed
50+Tech Stacks
100+Tech Partnerships
4Global Offices
4.9Clutch Rating
Find us on:
Development & QA
Mobility & Apps
IT Operations
81.8% NPS Score78% of our clients believe that Arbisoft is better than most other providers they have worked with.
Arbisoft is your one-stop shop when it comes to your eLearning needs. Our Ed-tech services are designed to improve the learning experience and simplify educational operations.
Companies that we have worked with
“Arbisoft has been a valued partner to edX since 2013. We work with their engineers day in and day out to advance the Open edX platform and support our learners across the world.”
Get cutting-edge travel tech solutions that cater to your users’ every need. We have been employing the latest technology to build custom travel solutions for our clients since 2007.
Companies that we have worked with
“I have managed remote teams now for over ten years, and our early work with Arbisoft is the best experience I’ve had for off-site contractors.”
As a long-time contributor to the healthcare industry, we have been at the forefront of developing custom healthcare technology solutions that have benefitted millions.
Companies that we have worked with
I wanted to tell you how much I appreciate the work you and your team have been doing of all the overseas teams I've worked with, yours is the most communicative, most responsive and most talented.
We take pride in meeting the most complex needs of our clients and developing stellar fintech solutions that deliver the greatest value in every aspect.
Companies that we have worked with
“Arbisoft is an integral part of our team and we probably wouldn't be here today without them. Some of their team has worked with us for 5-8 years and we've built a trusted business relationship. We share successes together.”
Unlock innovative solutions for your e-commerce business with Arbisoft’s seasoned workforce. Reach out to us with your needs and let’s get to work!
Companies that we have worked with
The development team at Arbisoft is very skilled and proactive. They communicate well, raise concerns when they think a development approach wont work and go out of their way to ensure client needs are met.
Arbisoft is a holistic technology partner, adept at tailoring solutions that cater to business needs across industries. Partner with us to go from conception to completion!
Companies that we have worked with
“The app has generated significant revenue and received industry awards, which is attributed to Arbisoft’s work. Team members are proactive, collaborative, and responsive”.
Software Development Outsourcing
Building your software with our expert team.
Dedicated Teams
Long term, integrated teams for your project success
IT Staff Augmentation
Quick engagement to boost your team.
New Venture Partnership
Collaborative launch for your business success.
Hear From Our Clients
“Arbisoft partnered with Travelliance (TVA) to develop Accounting, Reporting, & Operations solutions. We helped cut downtime to zero, providing 24/7 support, and making sure their database of 7 million users functions smoothly.”
“I couldn’t be more pleased with the Arbisoft team. Their engineering product is top-notch, as is their client relations and account management. From the beginning, they felt like members of our own team—true partners rather than vendors.”
Arbisoft was an invaluable partner in developing TripScanner, as they served as my outsourced website and software development team. Arbisoft did an incredible job, building TripScanner end-to-end, and completing the project on time and within budget at a fraction of the cost of a US-based developer.
In the world of software development, APIs are everywhere, enabling different systems to interact seamlessly. But what exactly are APIs? Are they an internet thing? An API can be for anything e.g. a car has its own API, and even a human being has its own APIs. APIs are not just an internet thing; they are protocols and we have multiple types of APIs, most of which we see on the internet and are known as the REST APIs. Let us begin by outlining the fundamental aspects of REST APIs.
Simply put, we have an interface and certain methods to perform actions according to that interface. You generally involve two parties: a server and a client. Clients are provided with a well-defined set of rules, outlining the available options and how they can be used to communicate data with the server in the form of Get or Post request.
We might consider communication as an exchange of messages but that’s not all; streaming a video on YouTube or accessing your email involves communication between the server and the client. This communication is performed through a well-defined API that in majority of the cases is a REST API.
Now that there is a basic understanding of REST APIs, let us explore the concept of "state" in the context of the Internet.
A short introduction to "state," especially in the internet context, is necessary. Generally, the state refers to the characteristics. Just as APIs can be for anything, states can also be for anything. For example, a car's simple state could be whether it is in ignition or not, whether it is started, or if the handbrake is engaged. Additionally, if the car is turning and its wheels are angled, that represents another state. Similarly there are some states in the client/server communication.
With a grasp on what state means, let us differentiate between stateful and stateless APIs, focusing on REST APIs' stateless nature.
REST APIs themselves are stateless, but there are protocols out there where the state plays a significant role. One example of a stateful protocol is WebSockets. This discussion will briefly introduce what state is in WebSockets to build an understanding of what statelessness means.
State can include the user's information, the user's connectivity, or previous messages from the user. These are the most important aspects when playing an online game, for example. WebSockets are protocols that carry these states. Every time there is a WebSocket connection, there is some user information, a persistent connection, and some previous state maintained.
REST APIs are designed to be stateless, meaning there is no need to save any client context between requests. However, effective communication requires a certain source of truth, some form of state somewhere. For example, logging in. It is necessary to determine if a user is logged in or if the correct password was entered while trying to log in.
Even though REST APIs are stateless, it does not mean there is no memory or no state somewhere else. The server uses databases or other storages to hold data e.g. user credentials for logins. To illustrate how REST APIs handle user authentication without maintaining state, let us walk through the process of logging in.
Suppose a REST API call is made to log in. Some information such as an email and a password is sent to the server as an API call. GET or POST requests are used, but the specifics are not detailed here. Credentials are sent to the server, which knows nothing beyond this request and does not retain any information from previous requests. The server uses the credentials stored in a database to match what's sent by the user. If there is a match, we let the user login. The incoming request does not require the user to have previously sent anything else. It only needs the user's email and password to authenticate them right then and there.
Having understood the login process, let us explore how authentication is maintained without a server-side state.
To determine if the user is still authenticated afterward, consider scenarios such as liking a post on Facebook or opening the comment section. Re-authentication is not required in these cases. Typically, logging in once allows all these functions to continue without requiring additional logins. Without state, it is necessary to identify that actions like liking a post or commenting are performed by the same user. This is where tokens come into play, making each request self-sufficient. This brings us to the role of tokens in maintaining authentication in a stateless environment.
Upon logging in, the server provides a token, such as a JWT (JSON Web Token), which is included in the Authorization header of subsequent requests. This token helps identify the user in the next request, indicating that the same user who logged in earlier is making the current request. This is why actions like liking a post on Facebook or commenting on another page do not require additional logins. All subsequent requests include this token in their headers. If you were to make a request without this token, you will be prompted to login again.
Even though the REST API is stateless, actions that seem stateful are still manageable. Statelessness, in the context of REST APIs, means that each request is self-sufficient—it contains all the information the server needs to fulfill the request.
To delve deeper into how REST APIs utilize HTTP requests and headers to maintain statelessness, let us examine the technical components involved.
Two components form up a request. Some data that is being sent to the server or being sent by the server and the second, headers. Both requests and responses have headers. Tokens like JWTs are included in request headers to authenticate and authorize requests in a stateless manner. Similarly, additional information can be sent in request headers.
One example is caching. Caching mechanisms are employed to save up on resources on both server and client side, for instance, informing the server, "I already have this image named 'abc.jpg.' If the image you are about to provide me with has not changed since December 31st, do not send it again."
This approach saves data by avoiding the need to resend images that the client already has. Informing the server about existing images is accomplished without maintaining the state on the server because each request is self-sufficient and does not rely on the server-side stored state. The server is informed through the request that the image already exists locally. Network resources are saved by not downloading the image again. This is done using standard HTTP caching headers like If-Modified-Since or ETag.
If the server's resource has not changed since the specified date or ETag, it will not resend it. Instead, the server might return a 304 Not Modified status, indicating that the cached version can be used.
Even though the state is not maintained on the server between requests, actions are performed efficiently. By designing the request architecture thoughtfully, unnecessary data transfers, like re-downloading images, are avoided, saving significant bandwidth.
Having covered the technical aspects, let us discuss the advantages that statelessness brings to REST APIs.
One advantage is saving internet bandwidth by maintaining a stateless architecture. Additionally, server resources are conserved and performance is improved. The server's CPU load decreases because it does not need to maintain client-specific session states. It recognizes that each incoming request contains all the necessary information. Storage is saved, and server performance is enhanced by reducing CPU cycles.
Conversely, it is important to understand the potential challenges that arise if REST APIs were not stateless.
Large platforms like Amazon, YouTube, or Google Drive that handle millions and millions of requests per second from millions of users, if each of those requests required maintaining a state on the server, the amount of data storage needed would be astronomical.
To further illustrate the importance of statelessness, let us examine how scalability and resource management are handled in large-scale services.
When algorithms predict user preferences, such as showing ads on Facebook based on activities, does Facebook store a detailed state for each user indicating their preferences?
No.
While Facebook stores user data for personalization, it does not rely on server-side sessions to maintain states between requests. In this particular example, Facebook might send a Response Header to the user on login. This header serves as a Group Number assigned to the user. Several users can have the same group numbers justifying their similarity in interests. These group numbers relate a user irrespective of their identity, to the preferences.
Maintaining a server-side state for every interaction would render the internet non-functional as it operates today. By keeping requests stateless but self-sufficient, services can scale to millions of users without overburdening the servers.
REST APIs operate effectively by maintaining statelessness. The advantages and potential issues of not being stateless, including scalability challenges, have been discussed. The topic encompasses multiple concepts like tokens, cookies, and sessions that lead to extensive discussions. However, the provided information offers a strong understanding of what statelessness in REST APIs entails.
I've been working for over two years at Arbisoft specializing in Full Stack Development. I am proficient in React, React Native, Nodejs and Relational as well as Document Databases. I've also built strong expertise in Python, Scrapping and Shopify theme Development. If thats not enough, let me add edx-open-source contributions and a tiny bit of Wordpress to the list as well.