Here's a painful lesson from production that brought several engineers almost to tears: Please add PATCH endpoints to your public APIs.
This is true for all APIs: REST, GraphQL, RPC, or sockets. You need PATCH, a way for users to update an object.
Here's why:
Months ago we integrated with a vendor, who will go un-named, to handle calendar events for us. They have good integrations with gCal and such, a nice API, and solve fun algorithmic problems that we don't have time to tackle.
Optimal packing of a user schedule is akin to the knapsack problem, a famous NP-complete (-ish, it's complicated) problem, and ain't nobody got time to solve unsolvable problems at a startup. But this unnamed vendor has a Good Enough™ solution! Perfect.
What the heck??
We build this integration and save for a few hiccups with daylight savings everything is fine.
Until spooky things started to happen. Events un-cancelling long after they were cancelled. Timezones shifting for no reason. Attendees going missing ...
🤨
What could it be!? A distributed systems problem with updates being dropped? Wonky eventual consistency? Silent errors we don't notice? Accidentally unresolved promises causing issues?
Nope it was nothing fun like that. A massive amount of logging revealed we were overwriting our own data. Changing events to drop fields 🤦♀️
No PATCH equals pain
You see this vendor has no PATCH. There is only a POST (insert) and it acts like a PUT (upsert), but that's fine, we can handle that. The lack of PATCH hurts, though.
Here's what happens:
Say you create an event on the user's calendar. Friday 1pm for an hour. You POST an object like this:
{
calendar_id: 1234
attendees: [
{ user_id: 1234 }
],
start: '2022-10-28T20:00:00.000Z'
end: '2022-10-28T21:00:00.000Z'
}
This adds an event to calendar 1234
, adds the user as an attendee, and sets start/end times.
How would you update this event to set a cancelled status?
That's right, you send the whole object again.
{
calendar_id: 1234
attendees: [
{ user_id: 1234 }
],
start: '2022-10-28T20:00:00.000Z'
end: '2022-10-28T21:00:00.000Z'
status: 'cancelled'
}
What about adding another attendee? Multiple people tend to join a meeting.
That's right, you send the whole object again!
{
calendar_id: 1234
attendees: [
{ user_id: 1234 },
{ user_id: 1235 }
],
start: '2022-10-28T20:00:00.000Z'
end: '2022-10-28T21:00:00.000Z'
}
Oh no look what we did! The event is no longer cancelled 😱
User 1235
didn't know the event was cancelled. Client hasn't synced yet, for example. When they joined the meeting, they didn't send the status: 'cancelled'
field and the unnamed vendor dutifully overwrote the data.
Now user 1234
has two meetings at the same time because someone else saw a hole on their schedule and quickly booked a time to chat. Awkward ...
How PATCH helps
Now imagine that same sequence, but with a PATCH endpoint.
First we create the event:
{
calendar_id: 1234
attendees: [
{ user_id: 1234 }
],
start: '2022-10-28T20:00:00.000Z'
end: '2022-10-28T21:00:00.000Z'
}
Then we send a PATCH to cancel:
{
event_id: ...,
status: 'cancelled'
}
And a PATCH to add an attendee:
{
event_id: ...,
attendees: [
{ user_id: 1235 }
]
}
The system merges all this data into the final object:
{
event_id: ...
calendar_id: 1234
attendees: [
{ user_id: 1234 },
{ user_id: 1235 }
],
start: '2022-10-28T20:00:00.000Z'
end: '2022-10-28T21:00:00.000Z',
status: 'cancelled'
}
PATCH, or its equivalents in other API genres, lets you update an object without knowing the full state. Super useful when you want the API to be the source of truth, not every client.
Without PATCH, it is easy to create a race condition where multiple clients send updates, each missing parts of state the other clients are sending. Whomever comes last, that's the new object. Not great.
Now you might ask "Okay smartass, what about removing an attendee? How do you do that with PATCH?
And you'd be right, that's where REST patterns get wonky. You'd need an explicit DELETE endpoint of sorts. A function that lets you say "Remove X from event Y".
Cheers,
~Swizec
Continue reading about Why PATCH endpoints matter
Semantically similar articles hand-picked by GPT-4
- REST API best practice in a GraphQL world
- Better tooling won't fix your API
- 90% of performance is data access patterns
- Saving time in UTC doesn't work and offsets aren't enough
- That time monkey patching took 2 days off my life
Learned something new?
Read more Software Engineering Lessons from Production
I write articles with real insight into the career and skills of a modern software engineer. "Raw and honest from the heart!" as one reader described them. Fueled by lessons learned over 20 years of building production code for side-projects, small businesses, and hyper growth startups. Both successful and not.
Subscribe below 👇
Software Engineering Lessons from Production
Join Swizec's Newsletter and get insightful emails 💌 on mindsets, tactics, and technical skills for your career. Real lessons from building production software. No bullshit.
"Man, love your simple writing! Yours is the only newsletter I open and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. 👌"
Have a burning question that you think I can answer? Hit me up on twitter and I'll do my best.
Who am I and who do I help? I'm Swizec Teller and I turn coders into engineers with "Raw and honest from the heart!" writing. No bullshit. Real insights into the career and skills of a modern software engineer.
Want to become a true senior engineer? Take ownership, have autonomy, and be a force multiplier on your team. The Senior Engineer Mindset ebook can help 👉 swizec.com/senior-mindset. These are the shifts in mindset that unlocked my career.
Curious about Serverless and the modern backend? Check out Serverless Handbook, for frontend engineers 👉 ServerlessHandbook.dev
Want to Stop copy pasting D3 examples and create data visualizations of your own? Learn how to build scalable dataviz React components your whole team can understand with React for Data Visualization
Want to get my best emails on JavaScript, React, Serverless, Fullstack Web, or Indie Hacking? Check out swizec.com/collections
Did someone amazing share this letter with you? Wonderful! You can sign up for my weekly letters for software engineers on their path to greatness, here: swizec.com/blog
Want to brush up on your modern JavaScript syntax? Check out my interactive cheatsheet: es6cheatsheet.com
By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️