arbisoft brand logo
arbisoft brand logo

A Technology Partnership That Goes Beyond Code

  • company logo

    “Arbisoft is an integral part of our team and we probably wouldn't be here today without them. Some of their team has worked with us for 5-8 years and we've built a trusted business relationship. We share successes together.”

    Jake Peters profile picture

    Jake Peters/CEO & Co-Founder, PayPerks

  • company logo

    “They delivered a high-quality product and their customer service was excellent. We’ve had other teams approach us, asking to use it for their own projects”.

    Alice Danon profile picture

    Alice Danon/Project Coordinator, World Bank

1000+Tech Experts

550+Projects Completed

50+Tech Stacks

100+Tech Partnerships

4Global Offices

4.9Clutch Rating

  • company logo

    “Arbisoft has been a valued partner to edX since 2013. We work with their engineers day in and day out to advance the Open edX platform and support our learners across the world.”

    Ed Zarecor profile picture

    Ed Zarecor/Senior Director & Head of Engineering

81.8% NPS78% of our clients believe that Arbisoft is better than most other providers they have worked with.

  • Arbisoft is your one-stop shop when it comes to your eLearning needs. Our Ed-tech services are designed to improve the learning experience and simplify educational operations.

    Companies that we have worked with

    • MIT logo
    • edx logo
    • Philanthropy University logo
    • Ten Marks logo

    • company logo

      “Arbisoft has been a valued partner to edX since 2013. We work with their engineers day in and day out to advance the Open edX platform and support our learners across the world.”

      Ed Zarecor profile picture

      Ed Zarecor/Senior Director & Head of Engineering

  • Get cutting-edge travel tech solutions that cater to your users’ every need. We have been employing the latest technology to build custom travel solutions for our clients since 2007.

    Companies that we have worked with

    • Kayak logo
    • Travelliance logo
    • SastaTicket logo
    • Wanderu logo

    • company logo

      “Arbisoft has been my most trusted technology partner for now over 15 years. Arbisoft has very unique methods of recruiting and training, and the results demonstrate that. They have great teams, great positive attitudes and great communication.”

      Paul English profile picture

      Paul English/Co-Founder, KAYAK

  • As a long-time contributor to the healthcare industry, we have been at the forefront of developing custom healthcare technology solutions that have benefitted millions.

    Companies that we have worked with

    • eHuman logo
    • Reify Health logo

    • company logo

      I wanted to tell you how much I appreciate the work you and your team have been doing of all the overseas teams I've worked with, yours is the most communicative, most responsive and most talented.

      Matt Hasel profile picture

      Matt Hasel/Program Manager, eHuman

  • We take pride in meeting the most complex needs of our clients and developing stellar fintech solutions that deliver the greatest value in every aspect.

    Companies that we have worked with

    • Payperks logo
    • The World Bank logo
    • Lendaid logo

    • company logo

      “Arbisoft is an integral part of our team and we probably wouldn't be here today without them. Some of their team has worked with us for 5-8 years and we've built a trusted business relationship. We share successes together.”

      Jake Peters profile picture

      Jake Peters/CEO & Co-Founder, PayPerks

  • Unlock innovative solutions for your e-commerce business with Arbisoft’s seasoned workforce. Reach out to us with your needs and let’s get to work!

    Companies that we have worked with

    • HyperJar logo
    • Edited logo

    • company logo

      The development team at Arbisoft is very skilled and proactive. They communicate well, raise concerns when they think a development approach wont work and go out of their way to ensure client needs are met.

      Veronika Sonsev profile picture

      Veronika Sonsev/Co-Founder

  • Arbisoft is a holistic technology partner, adept at tailoring solutions that cater to business needs across industries. Partner with us to go from conception to completion!

    Companies that we have worked with

    • Indeed logo
    • Predict.io logo
    • Cerp logo
    • Wigo logo

    • company logo

      “The app has generated significant revenue and received industry awards, which is attributed to Arbisoft’s work. Team members are proactive, collaborative, and responsive”.

      Silvan Rath profile picture

      Silvan Rath/CEO, Predict.io

  • Software Development Outsourcing

    Building your software with our expert team.

  • Dedicated Teams

    Long term, integrated teams for your project success

  • IT Staff Augmentation

    Quick engagement to boost your team.

  • New Venture Partnership

    Collaborative launch for your business success.

Discover More

Hear From Our Clients

  • company logo

    “Arbisoft partnered with Travelliance (TVA) to develop Accounting, Reporting, & Operations solutions. We helped cut downtime to zero, providing 24/7 support, and making sure their database of 7 million users functions smoothly.”

    Dori Hotoran profile picture

    Dori Hotoran/Director Global Operations - Travelliance

  • company logo

    “I couldn’t be more pleased with the Arbisoft team. Their engineering product is top-notch, as is their client relations and account management. From the beginning, they felt like members of our own team—true partners rather than vendors.”

    Diemand-Yauman profile picture

    Diemand-Yauman/CEO, Philanthropy University

  • company logo

    Arbisoft was an invaluable partner in developing TripScanner, as they served as my outsourced website and software development team. Arbisoft did an incredible job, building TripScanner end-to-end, and completing the project on time and within budget at a fraction of the cost of a US-based developer.

    Ethan Laub profile picture

    Ethan Laub/Founder and CEO

Contact Us

Statelessness in REST: What It Means and Why It Matters

https://d1foa0aaimjyw4.cloudfront.net/Everything_You_Need_to_Know_About_Quantum_Machine_Learning_QML_3e2b57ed01.png

In the world of software development, APIs are everywhere, enabling different systems to interact seamlessly. But what exactly are APIs? Are they an internet thing? An API can be for anything e.g. a car has its own API, and even a human being has its own APIs. APIs are not just an internet thing; they are protocols and we have multiple types of APIs, most of which we see on the internet and are known as the REST APIs. Let us begin by outlining the fundamental aspects of REST APIs.

 

Characteristics of REST APIs

Simply put, we have an interface and certain methods to perform actions according to that interface. You generally involve two parties: a server and a client. Clients are provided with a well-defined set of rules, outlining the available options and how they can be used to communicate data with the server in the form of Get or Post request.

 

We might consider communication as an exchange of messages but that’s not all;  streaming a video on YouTube or accessing your email involves communication between the server and the client. This communication is performed through a well-defined API that in majority of the cases is a REST API.

 

Now that there is a basic understanding of REST APIs, let us explore the concept of "state" in the context of the Internet.

 

Understanding "State" in the Internet Context

A short introduction to "state," especially in the internet context, is necessary. Generally, the state refers to the characteristics. Just as APIs can be for anything, states can also be for anything. For example, a car's simple state could be whether it is in ignition or not, whether it is started, or if the handbrake is engaged. Additionally, if the car is turning and its wheels are angled, that represents another state. Similarly there are some states in the client/server communication.

 

With a grasp on what state means, let us differentiate between stateful and stateless APIs, focusing on REST APIs' stateless nature.

 

Statelessness in REST APIs

REST APIs themselves are stateless, but there are protocols out there where the state plays a significant role. One example of a stateful protocol is WebSockets. This discussion will briefly introduce what state is in WebSockets to build an understanding of what statelessness means.

Understanding State and Statelessness

State can include the user's information, the user's connectivity, or previous messages from the user. These are the most important aspects when playing an online game, for example. WebSockets are protocols that carry these states. Every time there is a WebSocket connection, there is some user information, a persistent connection, and some previous state maintained.

 

REST APIs are designed to be stateless, meaning there is no need to save any client context between requests. However, effective communication requires a certain source of truth, some form of state somewhere. For example, logging in. It is necessary to determine if a user is logged in or if the correct password was entered while trying to log in. 

 

Even though REST APIs are stateless, it does not mean there is no memory or no state somewhere else. The server uses databases or other storages to hold data e.g. user credentials for logins. To illustrate how REST APIs handle user authentication without maintaining state, let us walk through the process of logging in.

Example: Logging In with REST APIs

Suppose a REST API call is made to log in. Some information such as an email and a password is sent to the server as an API call. GET or POST requests are used, but the specifics are not detailed here. Credentials are sent to the server, which knows nothing beyond this request and does not retain any information from previous requests. The server uses the credentials stored in a database to match what's sent by the user. If there is a match, we let the user login. The incoming request does not require the user to have previously sent anything else. It only needs the user's email and password to authenticate them right then and there.

 

Having understood the login process, let us explore how authentication is maintained without a server-side state.

Maintaining Authentication Without Server-Side State

To determine if the user is still authenticated afterward, consider scenarios such as liking a post on Facebook or opening the comment section. Re-authentication is not required in these cases. Typically, logging in once allows all these functions to continue without requiring additional logins. Without state, it is necessary to identify that actions like liking a post or commenting are performed by the same user. This is where tokens come into play, making each request self-sufficient. This brings us to the role of tokens in maintaining authentication in a stateless environment.

Tokens and Stateless Authentication

Upon logging in, the server provides a token, such as a JWT (JSON Web Token), which is included in the Authorization header of subsequent requests. This token helps identify the user in the next request, indicating that the same user who logged in earlier is making the current request. This is why actions like liking a post on Facebook or commenting on another page do not require additional logins. All subsequent requests include this token in their headers. If you were to make a request without this token, you will be prompted to login again.

 

Even though the REST API is stateless, actions that seem stateful are still manageable. Statelessness, in the context of REST APIs, means that each request is self-sufficient—it contains all the information the server needs to fulfill the request.

 

To delve deeper into how REST APIs utilize HTTP requests and headers to maintain statelessness, let us examine the technical components involved.

HTTP Requests and Headers

Two components form up a request. Some data that is being sent to the server or being sent by the server and the second, headers. Both requests and responses have headers. Tokens like JWTs are included in request headers to authenticate and authorize requests in a stateless manner. Similarly, additional information can be sent in request headers.

 

One example is caching. Caching mechanisms are employed to save up on resources on both server and client side, for instance, informing the server, "I already have this image named 'abc.jpg.' If the image you are about to provide me with has not changed since December 31st, do not send it again."

 

This approach saves data by avoiding the need to resend images that the client already has. Informing the server about existing images is accomplished without maintaining the state on the server because each request is self-sufficient and does not rely on the server-side stored state. The server is informed through the request that the image already exists locally. Network resources are saved by not downloading the image again. This is done using standard HTTP caching headers like If-Modified-Since or ETag.

 

If the server's resource has not changed since the specified date or ETag, it will not resend it. Instead, the server might return a 304 Not Modified status, indicating that the cached version can be used.

 

Even though the state is not maintained on the server between requests, actions are performed efficiently. By designing the request architecture thoughtfully, unnecessary data transfers, like re-downloading images, are avoided, saving significant bandwidth.

 

Having covered the technical aspects, let us discuss the advantages that statelessness brings to REST APIs.

 

Advantages of Statelessness

One advantage is saving internet bandwidth by maintaining a stateless architecture. Additionally, server resources are conserved and performance is improved. The server's CPU load decreases because it does not need to maintain client-specific session states. It recognizes that each incoming request contains all the necessary information. Storage is saved, and server performance is enhanced by reducing CPU cycles.

 

Conversely, it is important to understand the potential challenges that arise if REST APIs were not stateless.

 

Potential Issues Without Statelessness

Large platforms like Amazon, YouTube, or Google Drive that handle millions and millions of requests per second from millions of users, if each of those requests required maintaining a state on the server, the amount of data storage needed would be astronomical.

 

To further illustrate the importance of statelessness, let us examine how scalability and resource management are handled in large-scale services.

 

Scalability and Resource Management

When algorithms predict user preferences, such as showing ads on Facebook based on activities, does Facebook store a detailed state for each user indicating their preferences?

 

No.

 

While Facebook stores user data for personalization, it does not rely on server-side sessions to maintain states between requests. In this particular example, Facebook might send a Response Header to the user on login. This header serves as a Group Number assigned to the user. Several users can have the same group numbers justifying their similarity in interests. These group numbers relate a user irrespective of their identity, to the preferences.

 

Conclusion

Maintaining a server-side state for every interaction would render the internet non-functional as it operates today. By keeping requests stateless but self-sufficient, services can scale to millions of users without overburdening the servers.

 

REST APIs operate effectively by maintaining statelessness. The advantages and potential issues of not being stateless, including scalability challenges, have been discussed. The topic encompasses multiple concepts like tokens, cookies, and sessions that lead to extensive discussions. However, the provided information offers a strong understanding of what statelessness in REST APIs entails.

 

Muhammad Abdullah's profile picture
Muhammad Abdullah Qureshi

I've been working for over two years at Arbisoft specializing in Full Stack Development. I am proficient in React, React Native, Nodejs and Relational as well as Document Databases. I've also built strong expertise in Python, Scrapping and Shopify theme Development. If thats not enough, let me add edx-open-source contributions and a tiny bit of Wordpress to the list as well.

Explore More

Have Questions? Let's Talk.

We have got the answers to your questions.

We recommend using your work email.
What is your budget? *