In which OSI layer is the REST API paradigm?

Question

During an interview I was asked to classify the REST API paradigm between OSI Layers.

I thought it would have been between 5 and 7 layer; however, the interviewer said that it belongs only to the 5th layer because it is similar to RPC.

In my opinion, it can't be at 5 Session Layer only, because true REST API is stateless unlike session (HTTP session), so it could be placed as protocol on the 7th layer (application) because it is like HTTP (but why not in 6th as well?).

I searched online but I didn't find a clear answer (I know that some protocols are distributed ambiguously in OSI layers).

Maybe other people have a clearer opinion on this?

All the REST services I have encountered are being relayed via some type of an http server. Unless you create your own socket server and implement a restful service protocol yourself then you will be at or above whatever OSI level that http server you are running is categorized as. — Ross Bush, Mar 28 '15 at 17:30
REST is just an architectural style and an API which strictly follows the REST principles is called RESTful API. Having said that, AFIK, you can write only "Application layer" APIs with REST principles(Writing APIs/protocols of remaining layers with REST doesn't make sense to me),so REST APIs sit at Application layer. — geekprogrammer, Apr 04 '15 at 15:24
An API is not a protocol. REST is not a protocol. HTTP is an application layer protocol. [tag:osi] is defunct and irrelevant. Unclear what you're asking. — user207421, Feb 08 '19 at 09:17

score 15 · Answer 1 · answered Aug 25 '17 at 08:12

15

REST is not a protocol for two systems to communicate. REST is an architecture style. It is mostly atop HTTP, the application layer.

answered Aug 25 '17 at 08:12

ProgramCpp

1,280
2
15
26

What if a protocol is based on REST? Like [SRU](https://en.wikipedia.org/wiki/Search/Retrieve_via_URL). We should split application layer into different sublayers? – Pablo Bianchi Jun 08 '18 at 22:57
2

@PabloBianchi I don't think the answer is creating more layers. The TCP/IP model is only 4 layers and makes much more sense in Internet concepts. Everything above the OS (**Network** and **Transport** layers) is simply "**Application**". What the application chooses to do with the data should be out of scope for an "interconnection model". This holds true for everything from Internet to generic copper/RF/IR connected microcontrollers. – Bruno Bronosky Jun 01 '21 at 18:23

score 7 · Accepted Answer · answered Mar 25 '15 at 20:09

REST architecture is stateless in a sense that the server does not store the state of the client, but state of the objects are transferred back and forth. After all, REST stands for Representational State Transfer. So, I'd think REST belongs to Layer 5 - Session Layer, which is commonly described as the layer where continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes.

It's hard to see how REST API could belong to the Layer 6 or Layer 7 of the OSI Model. The Presentation layer provides for negotiation of the form of representation or syntax of the data that will be transferred. Usually mechanisms like character encoding (UTF, ASCII), data encryption and decryption are part of presentation layer. Application layer provides application specific services like FTP, HTTP, Telnet that support end user processes.

Please share more details. How does REST work in your configuration of layers if it was not build upon HTTP? — Nico Haase, Dec 04 '20 at 22:34

Bruno Bronosky · Answer 3 · 2021-06-01T18:04:12.447

0

REST is an API (Application Programming Interface) in the Application Layer. Don't let the "Session" title of Layer 5 confuse you. REST is squarely Layer 7. What is below the Application? The Operating System. Does the OS care about REST? Let's look at the response headers from this very page.

$ curl -svo /dev/null https://stackoverflow.com/q/29264855 2>&1 | grep '^[<>]'
> GET /q/29264855 HTTP/2
> Host: stackoverflow.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/2 200
< cache-control: private
< content-type: text/html; charset=utf-8
< last-modified: Sat, 05 Dec 2020 07:07:50 GMT
< set-cookie: prov=9bbe6161-8a11-c618-c487-ff38f7c65f3b; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
<

The qualities which make this REST lies entirely in the HTTP headers you see here. Does the operating system do anything with any of that other than deliver it to the "client application"? No it doesn't.

edited Jun 01 '21 at 18:04

answered May 25 '17 at 04:24

Bruno Bronosky

66,273
12
162
149

Illegible. Don't post pictures of text here. REST is an API, not a protocol. The only protocol here is HTTP. – user207421 Feb 08 '19 at 09:18
@MarquisofLorne I replaced the browser screenshot with curl output. – Bruno Bronosky Dec 05 '20 at 07:07
This is the right answer. REST is layer 7. – dudeman Jul 15 '22 at 20:59

In which OSI layer is the REST API paradigm?

3 Answers3