REST in Practice by Jim Webber, Savas Parastatidis, Ian Robinson

We first saw HTTP POST in Chapter 3, when we used it as an all-purpose transfer mechanism for moving Plain Old XML (POX) documents between clients and servers. In that example, however, the semantics of POST were very loose, conveying only that the client wished to “transfer a document” to the server with the hope that the server would somehow process it and perhaps create a response document to complete the interaction.

As the Restbucks coffee ordering service evolves into a CRUD service, we’re going to strengthen the semantics of POST and use it as a request to create an order resource within the service. To achieve this, the payload of the POST request will contain a representation of the new order to create, encoded as an XML document. Figure 4-4 illustrates how this works in practice.

Figure 4-4. Creating an order via POST

In our solution, creating an order at Restbucks requires that we POST an order representation in XML to the service.^[28] The create request consists of the POST verb, the ordering service path (relative to the Restbucks service’s URI), and the HTTP version. In addition, requests usually include a Host header that identifies the receiving host of the server being contacted and an optional port number. Finally, the media type (XML in this case) and length (in bytes) of the payload is provided to help the service process the request. Example 4-1 shows a network-level view of a POST request that should result in a newly created order.

POST /order HTTP/1.1
Host: restbucks.com
Content-Type: application/xml
Content-Length: 239

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <name>latte</name>
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
</order>

Once the service receives the request, its payload is examined and, if understood, dispatched to create a new order resource.

If the POST request succeeds, the server creates an order resource. It then generates an HTTP response with a status code of 201 Created, a Location header containing the newly created order’s URI, and confirmation of the new order’s state in the response body, as we can see in Example 4-2.

HTTP/1.1 201 Created
Content-Length: 267
Content-Type: application/xml
Date: Wed, 19 Nov 2008 21:45:03 GMT
Location: http://restbucks.com/order/1234

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <name>latte</name>
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
  <status>pending</status>
</order>

The Location header that identifies the URI of the newly created order resource is important. Once the client has the URI of its order resource, it can then interact with it via HTTP using GET, PUT, and DELETE.

While a 201 Created response is the normal outcome when creating orders, things may not always go according to plan. As with any computing system—especially distributed systems—things can and do go wrong. As service providers, we have to be able to deal with problems and convey helpful information back to the consumer in a structured manner so that the consumer can make forward (or backward) progress. Similarly, as consumers of the ordering service, we have to be ready to act on those problematic responses.

Fortunately, HTTP offers a choice of response codes, allowing services to inform their consumers about a range of different error conditions that may arise during processing. The Restbucks ordering service has elected to support two error responses when a request to create a coffee order fails:

With each of these responses, the server is giving the consumer information about what has gone wrong so that a decision can be made on how (or whether) to make further progress. It is the consumer’s job to figure out what to do next.

When the ordering service responds with a 400 status, it means the client has sent an order that the server doesn’t understand. In this case, the client shouldn’t try to resubmit the same order because it will result in the same 400 response. For example, the malformed request in Example 4-3 doesn’t contain the drink that the consumer wants, and so cannot be a meaningful coffee order irrespective of how strict or lax the server implementation is in its interpretation. Since the <name> element is missing, the service can’t interpret what kind of drink the consumer wanted to order, and so an order resource cannot be created. As a result, the service must respond with an error.

POST /order HTTP/1.1
Host: restbucks.com
Content-Type: application/xml
Content-Length: 216

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
</order>

On receiving the malformed request, the server responds with a 400 status code, and includes a description of why it rejected the request,^[30] as we see in Example 4-4.

HTTP/1.1 400 Bad Request
Content-Length: 250
Content-Type: application/xml
Date: Wed, 19 Nov 2008 21:48:11 GMT

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <!-- Missing drink type -->
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
</order>

To address this problem, the consumer must reconsider the content of the request and ensure that it meets the criteria expected by the ordering service before resubmitting it. If the service implementers were being particularly helpful, they might provide a textual or machine-processable description of why the interaction failed to help the consumer correct its request, or even just a link to the service’s documentation. The ordering service won’t create an order in this case, and so retrying with a corrected order is the right thing for the consumer to do.

In the case of a 500 response, the consumer may have no clear understanding about what happened to the service or whether the request to create an order succeeded, and so making forward progress can be tricky. In this case, the consumer’s only real hope is to try again by repeating the POST request to lodge an order.

On the server side, if the ordering service is in a recoverable state, or may eventually be, its implementation should be prepared to clean up any state created by the failed interaction. That way, the server keeps its own internal order state consistent whether the client retries or not.

protected void doPost(HttpServletRequest request, HttpServletResponse response) {
  try {
    Order order = extractOrderFromRequest(request);
    if(order == null) {
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    } else {
      String internalOrderId = saveOrder(order);
      response.setHeader("Location", computeLocationHeader(request,
                         internalOrderId));
      response.setStatus(HttpServletResponse.SC_CREATED);
    } catch(Exception ex) {
        response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}

We’ve already seen how GET can be used to invoke remote methods via URI tunneling, and we’ve also seen it being used to recover from 500 response codes during order creation. From here onward, we’ll be using GET explicitly for retrieving state information—resource representations—from services. In our case, we are going to use GET to retrieve coffee orders from Restbucks that we’ve previously created with POST.

Using GET to implement the “R” in CRUD is straightforward. We know that after a successful POST, the service creates a coffee order at a URI of its choosing and sends that URI back to the consumer in the HTTP response’s Location header. In turn, that URI allows consumers to retrieve the current state of coffee order resources, as we see in Figure 4-5.

Figure 4-5. Reading a coffee order with GET

Performing GET on an order’s URI is very simple. At the HTTP level, it looks like Example 4-6.

GET /order/1234 HTTP/1.1
Host: restbucks.com

If the GET request is successful, the service will respond with a 200 OK status code and a representation of the state of the resource, as shown in Example 4-7.

HTTP/1.1 200 OK
Content-Length: 241
Content-Type: application/xml
Date: Wed, 19 Nov 2008 21:48:10 GMT

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <name>latte</name>
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
  <status>paid</status>
</order>

The response from the server consists of a representation of the order created by the original POST request, plus some additional information such as the status, and a collection of useful metadata in the headers. The first line includes a 200 OK status code and a short textual description of the outcome of the response informing us that our GET operation was successful. Two headers follow, which consumers use as hints to help parse the representation in the payload. The Content-Type header informs us that the payload is an XML document, while Content-Length declares the length of the representation in bytes. Finally, the representation is found in the body of the response, which is encoded in XML in accordance with the Content-Type header.

A client can GET a representation many times over without the requests causing the resource to change. Of course, the resource may still change between requests for other reasons. For example, the status of a coffee order could change from “pending” to “served” as the barista makes progress. However, the consumer’s GET requests should not cause any of those state changes, lest they violate the widely shared understanding that GET is safe.

Since Restbucks is a good web citizen, it’s safe to GET a representation of an order at any point. However, clients should be prepared to receive different representations over time since resource state—that is, the order—changes on the server side as the barista prepares the coffee. To illustrate the point, imagine issuing the GET request from Example 4-6 again a few minutes later. This time around, the response is different because the order’s status has changed from paid to served (in the <status> element), since the barista has finished preparing the drink, as we can see in Example 4-8.

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: application/xml
Date: Wed, 19 Nov 2008 21:58:21 GMT

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <name>latte</name>
      <quantity>1</quantity>
      <milk>whole</milk>
      <size>small</size>
    </item>
  </items>
  <status>served</status>
</order>

In our CRUD ordering service, we’re only going to consider two failure cases for GET. The first is where the client requests an order that doesn’t exist, and the second is where the server fails in an unspecified manner. For these situations, we borrow inspiration from the Web and use the 404 and 500 status codes to signify that an order hasn’t been found or that the server failed, respectively. For example, the request in Example 4-9 identifies an order that does not (yet) exist, so the service responds with the 404 Not Found status code shown in Example 4-10.

GET /order/123456789012345667890 HTTP/1.1
Host: restbucks.com

HTTP/1.1 404 Not Found
Date: Sat, 20 Dec 2008 19:01:33 GMT

The 404 Not Found status code in Example 4-10 informs the consumer that the specified order is unknown to the service.^[31] On receipt of a 404 response, the client can do very little to recover. Effectively, its view of application state is in violent disagreement with that of the ordering service. Under these circumstances, Restbucks consumers should rely on out-of-band mechanisms (such as pleading with the barista!) to solve the problem, or try to rediscover the URI of their order.

If the consumer receives a 500 Internal Server Error status code as in Example 4-11, there may be a way forward without having to immediately resort to out-of-band tactics. For instance, if the server-side error is transient, the consumer can simply retry the request later.

HTTP/1.1 500 Internal Server Error
Date: Sat, 20 Dec 2008 19:24:34 GMT

This is a very simple but powerful recovery scenario whose semantics are guaranteed by the behavior of GET. Since GET requests don’t change service state, it’s safe for consumers to GET representations as often as they need. In failure cases, consumers simply back off for a while and retry the GET request until they give up (and accept handing over control to some out-of-band mechanism) or wait until the service comes back online and processing continues.

@Path("/order")
public class OrderingService {
  @GET
  @Produces("application/xml")
  @Path("/{orderId}")
  public String getOrder(@PathParam("orderId") String orderId) {
    
      Order order = OrderDatabase.getOrder(orderId);
      
      if (order == null) {
        throw new WebApplicationException(Response.Status.NOT_FOUND);
      } else {
      try {
        return xstream.toXML(order);
      } catch (Exception e) {
    }
  }
  // Remainder of implementation omitted for brevity
}

For the uninitiated, HTTP can be a strange protocol, not least because it offers two ways of transmitting information from client to server with the POST and PUT verbs. In their landmark book,^[34] Richardson and Ruby established a convention for determining when to use PUT and when to use POST to resolve the ambiguity:

This convention has become widely accepted, and the Restbucks ordering service embraces it by generating URIs for orders when they’re created by POST ing to the well-known entry point: http://restbucks.com/order. Conversely, when updating orders via PUT, consumers specify the URIs. Figure 4-6 shows how using different verbs disambiguates the two different cases and simplifies the protocol.

Figure 4-6. PUT request and responses

In Figure 4-6, consumers know the URI of the order they want to update from the Location header received in the response to an earlier POST (create) request. Using that URI, a consumer can PUT an updated order representation to the ordering service. In accordance with the HTTP specification, a successful PUT request won’t create a new resource, but will instead update the state of the identified resource to reflect the data in the request representation.

Example 4-13 shows how a request for an update looks on the wire. While the HTTP headers should look familiar, in this case the HTTP body contains an XML representation of the original order with the contents of the <milk> element for the cappuccino changed to be skim rather than whole.

PUT /order/1234 HTTP/1.1
Host: restbucks.com
Content-Type: application/xml
Content-Length: 246

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <milk>skim</milk>
      <name>cappuccino</name>
      <quantity>1</quantity>
      <size>large</size>
    </item>
  </items>
</order>

When the PUT request is accepted and processed by the service, the consumer will receive either a 200 OK response as in Example 4-14, or a 204 No Content response as in Example 4-15.

Whether 200 is used in preference to 204 is largely an aesthetic choice. However, 200 with a response body is more descriptive and actively confirms the server-side state, while 204 is more efficient since it returns no representation and indicates that the server has accepted the request representation verbatim.

HTTP/1.1 200 OK
Content-Length: 275
Content-Type: application/xml
Date: Sun, 30 Nov 2008 21:47:34 GMT

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
    <item>
      <milk>skim</milk>
      <name>cappuccino</name>
      <quantity>1</quantity>
      <size>large</size>
    </item>
  </items>
  <status>preparing</status>
</order>

HTTP/1.1 204 No Content
Date: Sun, 30 Nov 2008 21:47:34 GMT

On receiving a 200 or 204 response, the consumer can be satisfied that the order has been updated. However, things can and do go wrong in distributed systems, so we should be prepared to deal with those eventualities.

The most difficult of the three failure response codes from Figure 4-6 is where a request has failed because of incompatible state. An example of this kind of failure is where the consumer tries to change its order after drinks have already been served by the barista. To signal conflicting state back to the client, the service responds with a 409 Conflict status code, as shown in Example 4-16.

HTTP/1.1 409 Conflict
Date: Sun, 21 Dec 2008 16:43:07 GMT
Content-Length:271

<order xmlns="http://schemas.restbucks.com/order">
  <location>takeAway</location>
  <items>
     <item>
      <milk>whole</milk>
      <name>cappuccino</name>
      <quantity>1</quantity>
      <size>large</size>
    </item>
  </items>
  <status>served</status>
</order>

In keeping with the HTTP specification, the response body includes enough information for the client to understand and potentially fix the problem, if at all possible. To that end, Example 4-16 shows that the ordering service returns a representation of the current state of the order resource from the service. In the payload, we can see that the <status> element contains the value served, which indicates that the order cannot be altered. To make progress, the consumer will have to interpret the status code and payload to determine what might have gone wrong.

As with errors when processing POST and GET, a 500 response code is equally straightforward when using PUT—simply wait and retry. Since PUT is idempotent—because service-side state is replaced wholesale by consumer-side state—the consumer can safely repeat the operation as many times as necessary. However, PUT can only be safely used for absolute updates; it cannot be used for relative updates such as “add an extra shot to the cappuccino in order 1234.” That would violate its semantics.

If the service recovers, it simply applies any changes from any of the PUT requests to its underlying data store. Once a PUT request is received and processed by the ordering service, the consumer will receive a 200 OK response.

[ServiceContract]
public interface IOrderingService
{
  [OperationContract]
  [WebInvoke(Method = "PUT", UriTemplate = "/order/{orderId}")]
  void UpdateOrder(string orderId, Order order);

  // Remainder of service contract omitted for brevity
}

[DataContract(Namespace = "http://schemas.restbucks.com/order", Name = "order")]
public class Order
{

  [DataMember(Name = "location")]
  public Location ConsumeLocation
  {
    get { return location; }
    set { location = value; }
  }

  [DataMember(Name = "items")]
  public List<Item> Items
  {
    get { return items; }
    set { items = value; }
  }

   [DataMember(Name = "status")]
   public Status OrderStatus
   {
     get { return status; }
     set { status = value; }
   }
   // Remainder of implementation omitted for brevity
}

public void UpdateOrder(string orderId, Order order)
{
  try
  {
    if (OrderDatabase.Database.Exists(orderId))
    {
      bool conflict = OrderDatabase.Database.Save(order);
      if (!conflict)
      {
        WebOperationContext.Current.OutgoingResponse.StatusCode =
        HttpStatusCode.NoContent;
      }
      else
      {
        WebOperationContext.Current.OutgoingResponse.StatusCode =
        HttpStatusCode.Conflict;
      }
    }
    else
    {
      WebOperationContext.Current.OutgoingResponse.StatusCode =
      HttpStatusCode.NotFound;
    }
  }
  catch (Exception)
  {
    WebOperationContext.Current.OutgoingResponse.StatusCode =
    HttpStatusCode.InternalServerError;
  }
}

When a consumer decides that a resource is no longer useful, it can send an HTTP DELETE request to the resource’s URI. The service hosting that resource will interpret the request as an indication that the client has become disinterested in it and may decide that the resource should be removed—the decision depends on the requirements of the service and the service implementation.

Figure 4-7 highlights the use of DELETE in the Restbucks ordering service where DELETE is used to cancel an order, if that order is in a state where it can still be canceled. For example, sending DELETE to an order’s URI prior to preparation should be successful and the client should expect a 204 No Content response from the service as a confirmation.

Figure 4-7. DELETE request and responses

Conversely, if the order has already been prepared, which means it can’t be deleted, a 405 Method Not Allowed response would be used. If the service is unavailable to respond to our DELETE request for some other reason, the client can expect a 503 Service Unavailable response and might try the request again later.

On the wire, DELETE requests are simple, consisting only of the verb, resource URI, protocol version, and HOST (and optional PORT) header(s), as shown in Example 4-20.

DELETE /order/1234 HTTP/1.1
Host: restbucks.com

Assuming the ordering service is able to satisfy the DELETE request, it will respond affirmatively with a 204 No Content response, as shown in Example 4-21.

HTTP/1.1 204 No Content
Date: Tue, 16 Dec 2008 17:40:11 GMT

Failure cases tend to be intricate with DELETE requests, since they might have significant side effects! One such failure case is shown in Example 4-22, where the client has specified a URI that the server cannot map to an order, causing the ordering service to generate a 404 Not Found response.

HTTP/1.1 404 Not Found
Content-Length: 0
Date: Tue, 16 Dec 2008 17:42:12 GMT

Although this is a simple response to understand—we see it all too often on the human Web, after all—it’s troubling from a programmatic perspective because it means the consumer has stale information about order resource state compared to the service.

We might take one of several different recovery strategies when we get a 404 Not Found response. Ordinarily, we might prefer a human to resolve the problem through some out-of-band mechanism. However, in some situations, it may be practical for the consumer to recompute application state by retrieving representations of the resources it knows about and attempt to make forward progress once it’s synchronized with the service.

Restbucks archives all orders after they have been served for audit purposes. Once archived, the order becomes immutable, and any attempts to DELETE an archived order will result in a 405 Method Not Allowed response from the ordering service, as shown in Example 4-23.

HTTP/1.1 405 Method Not Allowed
Allow: GET
Date: Tue, 23 Dec 2008 16:23:49 GMT

The response in Example 4-23 informs the client that while the order resource still exists, the client is not allowed to DELETE it. In fact, the Allow header is used to convey that GET is the only acceptable verb at this point in time and that requests using any other verb will be met with a 405 Method Not Allowed response.

An implementation for DELETE using the HttpListener from the .NET Framework is shown in Example 4-24. Like the servlet implementation in Example 4-5, this example shows that it’s possible to develop services with just an HTTP library, and that we don’t always have to use sophisticated frameworks.

static void DeleteResource(HttpListenerContext context)
{
  string orderId = ExtractOrderId(context.Request.Url.AbsolutePath);

  var order = OrderDatabase.Retrieve(orderId);

  if (order == null)
  {
    context.Response.StatusCode = HttpStatusCode.NotFound;
  }
  else if (order.CanDelete)
  {
    OrderDatabase.archive(orderId);
    context.Response.StatusCode = HttpStatusCode.NoContent;
  }
  else
  {
    context.Response.StatusCode = HttpStatusCode.MethodNotAllowed;
  }

  context.Response.Close();
}

In Example 4-24, an HTTPListenerContext instance provides access to the underlying HTTP request and response messages. Using the request URI, we extract an order identifier and then determine whether it corresponds to a valid order. If no order is found, we immediately set the HTTP response to 404 and call Close() on the response object to return control to the web server, which in turn returns a well-formed 404 Not Found response message to the consumer.

If we can find the resource, we check whether we’re allowed to delete it. If we are, we logically remove the associated order before returning a 204 No Content response to the client. Otherwise, we set the response code to 405 and let the client know they can’t delete that resource.

We saw in Chapter 3 that GET is special since it has the properties of being both safe and idempotent. PUT and DELETE are both idempotent, but neither is safe, while POST is neither safe nor idempotent. Only GET returns the same result with repeated invocations and has no side effects for which the consumer is responsible.

With GET, failed requests can be repeated without changing the overall behavior of an application. For example, if any part of a distributed application crashes in the midst of a GET operation, or the network goes down before a response to a GET is received, the client can just reissue the same request without changing the semantics of its interaction with the server.

In broad terms, the same applies to both PUT and DELETE requests. Making an absolute update to a resource’s state or deleting it outright has the same outcome whether the operation is attempted once or many times. Should PUT or DELETE fail because of a transient network or server error (e.g., a 503 response), the operation can be safely repeated.

However, since both PUT and DELETE introduce side effects (because they are not safe), it may not always be possible to simply repeat an operation if the server refuses it at first. For instance, we have already seen how a 409 response is generated when the consumer and service’s view of resource state is inconsistent—merely replaying the interaction is unlikely to help. However, HTTP offers other useful features to help us when state changes abound.

In the Java world, we might use the Apache Commons HTTP client^[36] to implement the Create part of the protocol by POSTing an order to the ordering service, as shown in Example 4-31.

  public String placeOrder(Order order, String restbucksOrderingServiceUri)
                                throws BadRequestException, ServerFailureException,
                                       HttpException, IOException {

  PostMethod post = new PostMethod(restbucksOrderingServiceUri);
  // Use an existing XStream instance to generate XML for the order to transmit
  RequestEntity entity = new ByteArrayRequestEntity(
                                xstream.toXML(order).getBytes());
  post.setRequestEntity(entity);

  HttpClient client = new HttpClient();

  try {
    int response = client.executeMethod(post);

    if(response == 201) {
      return post.getResponseHeader("Location").getValue();
    } else if(response == 400) {
      // If we get a 400 response, the caller's gone wrong
      throw new BadRequestException();
    } else if(response == 500 || response == 503) {
      // If we get a 5xx response, the caller may retry
      throw new ServerFailureException(post.getResponseHeader("Retry-After"));
    }
    // Otherwise abandon the interaction
    throw new HttpException("Failed to create order. Status code: " + response);
  } finally {
    post.releaseConnection();
  }
}

The implementation in Example 4-31 shows the construction of a POST operation on the ordering service, using a PostMethod object. All we need to do is to populate the HTTP request with the necessary coffee order information by setting the request entity to contain the bytes of an XML representation of the order. To keep things simple for ourselves, we use the XStream library to encode the order resource representation in XML.

Having populated the HTTP request, we instantiate an HttpClient and execute the PostMethod, which POSTs the order to the Restbucks ordering service. Once the method returns, we examine the response code for a 201 Created status and return the contents of the Location header, which will contain the URI of the newly created order. We can use this URI in subsequent interactions with Restbucks. If we don’t get a 201 response, we fail by throwing an HTTPException, and assume that order creation has failed.

On the .NET platform, we can opt for the framework’s built-in XML and HTTP libraries. The code in Example 4-32 represents how a client can send an order update to the Restbucks ordering service via HTTP PUT.

public void UpdateOrder(Order order, string orderUri)
{
  HttpWebRequest request = WebRequest.Create(orderUri) as HttpWebRequest;
  request.Method = "PUT";
  request.ContentType = "application/xml";

  XmlSerializer xmlSerializer = new XmlSerializer(typeof(Order));
  xmlSerializer.Serialize(request.GetRequestStream(), order);

  request.GetRequestStream().Close();

  HttpWebResponse response = (HttpWebResponse)request.GetResponse();

  if (response.StatusCode != HttpStatusCode.OK)
  {
    // Compensation logic omitted for brevity
  }
}

In Example 4-32, we use an HTTPWebRequest instance to handle the HTTP aspects of the interaction. First we set the HTTP verb PUT via the Method property and subsequently set the Content-Type header to application/xml through the ContentType property. We then write an XML-serialized representation of the order object that was given as an argument to the UpdateOrder() method. The XmlSerializer transforms the local object instance into an XML document, and the Serialize() method writes the XML to the request’s stream. Once we’re done populating the request stream, we simply call Close(). Under the covers, the framework sets other headers such as Content-Length and Host for us, so we don’t have to worry about them.

To send the request we call the GetResponse() method on the request object, which has the effect of transmitting an HTTP PUT to the URI supplied as an argument to the updateOrder() method. The response from the ordering service is returned as an HttpWebResponse and its StatusCode property triggers any further processing.

One final job that we need to undertake is to mark up the Order type so that the XmlSerializer knows how to transform Order instances to and from XML representations. The code snippet in Example 4-33 shows the .NET attributes that we need to apply for our client-side plumbing to be complete.

 [XmlRoot(Namespace = "http://schemas.restbucks.com/order")]
 [XmlType(TypeName = "order")]
 public class Order
 {

 [XmlElement(ElementName = "location")]
 public Location ConsumeLocation
 {
   get; set;
 }
 // Remainder of type omitted for brevity
}