💡 HATEOAS in Spring Boot

Updated on: 13 Nov 2024 - Vivek Singh

Note: As a seasoned software engineer, we should leverage HATEOAS (Hypermedia as the Engine of Application State) extensively to build truly RESTful APIs that are self-discoverable and decoupled. This is a critical principle for robust, scalable microservices.

📚 Table of Contents

📚 Table of Contents
🤔 Introduction
🎯 Purpose and Use Case
📈 Benefits and 🚧 Drawbacks
🛠️ Maven Dependency
💻 Core Implementation in Spring HATEOAS
- Project POC
🏗️ HATEOAS Concept Diagram
🧐 Engineer’s Awareness: Beyond the Basics
🚀 Suggested Improvements

🤔 Introduction

HATEOAS is a constraint of the REST (Representational State Transfer) application architecture. It mandates that a client interacts with a network application entirely through hypermedia provided dynamically by the application’s responses. Instead of hardcoding URIs, the server’s responses include links to all possible actions and resources the client can access next. This makes the API self-descriptive and allows the server to evolve independently of the client.

🎯 Purpose and Use Case

The primary purpose of HATEOAS is to make the API discoverable and decoupled. By embedding links, the client doesn’t need prior knowledge of the next possible URI structure. A typical use case is in a complex workflow, like an e-commerce checkout process: after placing an order, the response includes links for “view details,” “cancel order,” or “track shipment.” If the order is already shipped, the “cancel order” link would be dynamically excluded, reflecting the current state. This makes the client-server interaction driven by the application state (Hypermedia as the Engine of Application State).

📈 Benefits and 🚧 Drawbacks

Aspect	Description
Benefits	Decoupling (Client and server evolve independently), Discoverability (Client learns possible actions from the response), Self-Descriptive (API documentation is partially embedded in the response).
Drawbacks	Increased Payload (Links add data to the response), Client Complexity (Client must parse links dynamically, not just data), Initial Learning Curve (More complex than simple data APIs).

🛠️ Maven Dependency

To enable HATEOAS capabilities in your Spring Boot application, you need the following dependency. The Spring HATEOAS project provides the necessary APIs for link creation and representation assembly.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-hateoas</artifactId>
</dependency>

💻 Core Implementation in Spring HATEOAS

The Spring HATEOAS APIs simplify the creation of REST representations. Key classes used are EntityModel (a container for a domain object and its links) and WebMvcLinkBuilder (a utility to build links pointing to Spring MVC controller methods).

import org.springframework.hateoas.EntityModel;
import org.springframework.hateoas.server.mvc.WebMvcLinkBuilder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;

// ... other imports for User, UserDaoService, UserNotFoundException

@GetMapping(path = "/users/{id}", produces = {"application/json", "application/xml"})
public EntityModel<User> retrieveUser(@PathVariable Integer id) {
    User user = userDaoService.findById(id);

    if (user == null) {
        throw new UserNotFoundException(String.format("No user exists with id : %s", id));
    }

    // Hateoas: Create link to method (using methodOn to reference a controller method)
    var link = WebMvcLinkBuilder.linkTo(WebMvcLinkBuilder.methodOn(this.getClass()).retrieveAllUsers());

    // EntityModel object supports Model and allows to add links
    final EntityModel<User> entityModel = EntityModel.of(user);
    
    //Hateoas: Add link to Model response object with a specific relation (rel)
    entityModel.add(link.withRel("all-users"));
    
    return entityModel;
}

In the code above:

WebMvcLinkBuilder.methodOn(this.getClass()).retrieveAllUsers() intelligently inspects the controller method retrieveAllUsers() to construct the correct URI.
linkTo(...) creates the base Link object.
EntityModel.of(user) wraps the domain object (User) to hold the hypermedia links.
entityModel.add(link.withRel("all-users")) adds the generated link to the response with the relation all-users, which describes what the link points to.

Project POC

Check this app for reference - SpringBoot HATEOAS POC

🏗️ HATEOAS Concept Diagram

This diagram illustrates how the client navigates the application state using links provided in the server’s response, the core concept of HATEOAS.

graph TD
    A[Client sends GET /users/1] -->|Request| B(API Gateway/Controller);
    B -->|Response with User Data| C{User Resource};
    C -->|Embeds Link| D[Link: /users Rel: all-users];
    C -->|Embeds Link| E[Link: /users/1/orders Rel: user-orders];
    D --> F[Client chooses to retrieve all users];
    E --> G[Client chooses to view user's orders];
    F -->|Sends GET /users| B;
    G -->|Sends GET /users/1/orders| B;
    style C fill:#f9f,stroke:#333
    style D fill:#ccf,stroke:#333
    style E fill:#ccf,stroke:#333
    style F fill:#9ff,stroke:#333
    style G fill:#9ff,stroke:#333
    linkStyle 0 stroke:#0f0,stroke-width:2px;
    linkStyle 1 stroke:#0f0,stroke-width:2px;
    linkStyle 2 stroke:#f66,stroke-width:2px;
    linkStyle 3 stroke:#f66,stroke-width:2px;
    linkStyle 4 stroke:#009,stroke-width:2px;
    linkStyle 5 stroke:#009,stroke-width:2px;

🧐 Engineer’s Awareness: Beyond the Basics

An experienced engineer must be aware of the following advanced aspects of HATEOAS:

Media Types: HATEOAS requires the use of Hypermedia-Enabled Media Types like HAL (Hypertext Application Language), which defines a standard JSON/XML format for embedding links (_links) and embedded resources (_embedded). Spring HATEOAS supports HAL out-of-the-box.
Conditional Linking: Links should be generated conditionally based on the current resource state and the authenticated user’s permissions. For example, an “Edit” link should only be added if the user has the ROLE_ADMIN and the resource is in an editable state. This ensures a secure and state-driven experience.
Link Relations (Rels): Use standardized and meaningful link relation names (e.g., self, next, prev, first, last, or custom domain-specific ones) instead of arbitrary strings. This improves machine readability and client consistency.
Integration with Paging: For collection resources, HATEOAS integrates seamlessly with pagination, where links for next, prev, first, and last pages are automatically included in the response.

Concept	Key Detail	Implementation Focus
Media Types	Utilizes Hypermedia-Enabled Media Types like HAL (Hypertext Application Language) to structure responses.	HAL defines standard fields: `_links` (for embedded links) and `_embedded` (for nested resources), ensuring client-server decoupling. `Spring HATEOAS natively supports HAL.`
Conditional Linking	Links should be generated conditionally based on the resource’s current state and the authenticated user’s permissions.	Ensures a secure and state-driven experience. An “Approve” link, for instance, is only visible to users with `ROLE_MANAGER` and if the order status is `PENDING`.
Link Relations (Rels)	Employs standardized and meaningful link relation names (e.g., `self`, `next`, `prev`).	Promotes machine readability and client consistency. Custom domain-specific relations can also be defined for unique actions.
Integration with Paging	Seamlessly integrates HATEOAS with pagination for collection resources.	Links for navigating pages (`next`, `prev`, `first`, `last`) are automatically included, allowing clients to traverse large datasets without hardcoding URLs.

🚀 Suggested Improvements

The current implementation is a great start, but here are a few suggestions to make it more robust and industry-standard:

Use HAL: While EntityModel is fine, consider returning a CollectionModel for lists of resources, and structure your response according to the HAL standard for better client adoption. Spring HATEOAS makes this easy.
Automate Link Generation: For standard CRUD operations, you can use Spring Data REST, which automatically applies HATEOAS principles to repositories, significantly reducing boilerplate code.
Self-Link: Always include a self link in the resource representation to explicitly point back to the resource itself. This is a common HATEOAS convention.