In which OSI layer is the REST API paradigm?

Question

During an interview I was asked to classify the REST API paradigm between OSI Layers.

I thought it would have been between 5 and 7 layer; however, the interviewer said that it belongs only to the 5th layer because it is similar to RPC.

In my opinion, it can't be at 5 Session Layer only, because true REST API is stateless unlike session (HTTP session), so it could be placed as protocol on the 7th layer (application) because it is like HTTP (but why not in 6th as well?).

I searched online but I didn't find a clear answer (I know that some protocols are distributed ambiguously in OSI layers).

Maybe other people have a clearer opinion on this?

Answer 1

REST is an API (Application Programming Interface) in the Application Layer. Don't let the "Session" title of Layer 5 confuse you. REST is squarely Layer 7. What is below the Application? The Operating System. Does the OS care about REST? Let's look at the response headers from this very page.

$ curl -svo /dev/null https://stackoverflow.com/q/29264855 2>&1 | grep '^[<>]'
> GET /q/29264855 HTTP/2
> Host: stackoverflow.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/2 200
< cache-control: private
< content-type: text/html; charset=utf-8
< last-modified: Sat, 05 Dec 2020 07:07:50 GMT
< set-cookie: prov=9bbe6161-8a11-c618-c487-ff38f7c65f3b; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
<

The qualities which make this REST lies entirely in the HTTP headers you see here. Does the operating system do anything with any of that other than deliver it to the "client application"? No it doesn't.

Answer 2

REST is not a protocol for two systems to communicate. REST is an architecture style. It is mostly atop HTTP, the application layer.

Answer 3

REST architecture is stateless in a sense that the server does not store the state of the client, but state of the objects are transferred back and forth. After all, REST stands for Representational State Transfer. So, I'd think REST belongs to Layer 5 - Session Layer, which is commonly described as the layer where continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes.

It's hard to see how REST API could belong to the Layer 6 or Layer 7 of the OSI Model. The Presentation layer provides for negotiation of the form of representation or syntax of the data that will be transferred. Usually mechanisms like character encoding (UTF, ASCII), data encryption and decryption are part of presentation layer. Application layer provides application specific services like FTP, HTTP, Telnet that support end user processes.