GET and SMILES interference



When reviewing our old web services documentation (https://www.ebi.ac.uk/chemblws/docs), you will notice some methods can be accessed by both: GET and POST. One thing these methods have in common is that they all accept SMILES as search parameter. Why? Well, it turns out there are some SMILES, that can not be handled via GET, when using old web services. Take this SMILES as an example: [Na+].CO[C@@H](CCC#C\C=C/CCCC(C)CCCCC=C)C(=O)[O-] and you will see, that you can't construct a valid URL using 'https://www.ebi.ac.uk/chemblws/compounds/smiles/' as a base. To 'GET' around this issue, you will need to use POST. This is a bit sad, as it means you can not put a link to such a compound on your blog or ask about it on chemistry forum or send it to your friend via Skype :( What's more, if you would like to use POST for a non-SMILES method (e.g. get all assays by ChEMBL ID), you would also be out of luck.

When reviewing the documentation of the new web services (as we asked you in the previous blog post), you will probably notice, that none of the methods mention POST support. What does it mean? First of all, it means that you can achieve everything using GET. You can easily retrieve data for the SMILES string above using GET, you just have to be careful. Placing a SMILES strings in URLs can be tricky. This is because they often contain characters that are not allowed in URLs and should be encoded, according to the URI standard. Encoded how? The standard mechanism to encode URLs is called percent-encoding and it is widely accepted by modern web browsers and other web tools, such as curl or wget.

In fact, some browsers hide the percent-encoding from users, as we will see soon. So the percent-encoded URL of our molecule looks like this:

https://www.ebi.ac.uk/chembl/api/data/molecule/%5BNa+%5D.CO%5BC@@H%5D%28CCC%23C%5CC=C/CCCC%28C%29CCCCC=C%29C%28=O%29%5BO-%5D

Not very readable... But try to open this link in Firefox and in the address bar you will see this:

https://www.ebi.ac.uk/chembl/api/data/molecule/[Na+].CO[C@@H](CCC%23C\C=C/CCCC(C)CCCCC=C)C(=O)[O-]

Much better, only one sign, #, is encoded! What if you try to open the second link in browser? In Firefox this should work. All other popular browsers will return 404 - not found and curl will complain:


So what to do?


1. These are characters, that always have to be encoded: 
  • % change to %25, because percent is a special 'escape' character in percent encoding.
  • # change to %23, because not encoded hash sign is an indicator of the Fragment identifier part of URL, which is only used in browser and is not send to server.
  • \ change to %5C, because all browsers apart from Firefox are changing not encoded backslash to forward slash as explained here.
2. This is a character, that can not be encoded:
  • Forward slash / can not be encoded as %2F because our Apache server configuration will return a 404 for URLs containing %2F. The security reasons are described in the Apache documentation. This is particularly annoying, as it means that you can not use online percent-encoders if your SMILES contain forward slashes.

 

How to make your life with SMILES simpler?

 

1. Use Firefox - this browser does a great job when it comes to encoding. Although FF is unable to guess in which context you are using % and #, so you will still encode those two characters before pasting it into the address bar, but the rest of special characters will be encoded correctly, so then you can copy the URL from Firefox to other browsers and it will just work.

2. Use cURL - just as with Firefox, you have to encode % and #, but the rest will be handled properly, you just have to use '-g' flag, which switches off the URL globbing parser:

 

How long?


You might ask yourself, will I get a valid response from the server, when I search with a really long SMILES? We can find out by first using our new web service filters to obtain the SMILES of the biggest compound in ChEMBL, the URL will be:
https://wwwdev.ebi.ac.uk/chembl/api/data/molecule?molecule_structures__isnull=False&order_by=-molecule_properties__full_mwt

And SMILES of the first molecule is:

CC.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC1OC(CO)C(O)C(O)C1O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC2OC(CO)C(O)C(O)C2O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC3OC(CO)C(O)C(O)C3O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC4OC(CO)C(O)C(O)C4O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC5OC(CO)C(O)C(O)C5O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC6OC(CO)C(O)C(O)C6O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC7OC(CO)C(O)C(O)C7O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC8OC(CO)C(O)C(O)C8O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC9OC(CO)C(O)C(O)C9O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%10OC(CO)C(O)C(O)C%10O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%11OC(CO)C(O)C(O)C%11O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%12OC(CO)C(O)C(O)C%12O)C(O)CO.CCCCCCCCCC(C(=O)NCCc%13ccc(OP(=S)(Oc%14ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%14)N(C)\N=C\c%15ccc(Op%16(Oc%17ccc(\C=N\N(C)P(=S)(Oc%18ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%18)Oc%19ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%19)cc%17)np(Oc%20ccc(\C=N\N(C)P(=S)(Oc%21ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%21)Oc%22ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%22)cc%20)(Oc%23ccc(\C=N\N(C)P(=S)(Oc%24ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%24)Oc%25ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%25)cc%23)np(Oc%26ccc(\C=N\N(C)P(=S)(Oc%27ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%27)Oc%28ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%28)cc%26)(Oc%29ccc(\C=N\N(C)P(=S)(Oc%30ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%30)Oc%31ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%31)cc%29)n%16)cc%15)cc%13)P(=O)(O)[O-]

This is huge! But, more importantly, the SMILES looks like it's already url-encoded, as it contains %23 and %29, which will be interpreted as reserved characters and translated to # and ), when  pasted into a browser address bar. To prevent this from happening, we must first percent-encode the percent sign, to ensure they are interpreted literally. Percent is encoded as %25 and after conversion our URL will look like this (this URL contain many backslashes so it will only work in Firefox):

https://www.ebi.ac.uk/chembl/api/data/molecule/CC.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC1OC(CO)C(O)C(O)C1O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC2OC(CO)C(O)C(O)C2O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC3OC(CO)C(O)C(O)C3O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC4OC(CO)C(O)C(O)C4O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC5OC(CO)C(O)C(O)C5O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC6OC(CO)C(O)C(O)C6O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC7OC(CO)C(O)C(O)C7O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC8OC(CO)C(O)C(O)C8O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC9OC(CO)C(O)C(O)C9O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%2510OC(CO)C(O)C(O)C%2510O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%2511OC(CO)C(O)C(O)C%2511O)C(O)CO.CCCCCCCCCCCCCCCC[NH2+]OC(CO)C(O)C(OC%2512OC(CO)C(O)C(O)C%2512O)C(O)CO.CCCCCCCCCC(C(=O)NCCc%2513ccc(OP(=S)(Oc%2514ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2514)N(C)\N=C\c%2515ccc(Op%2516(Oc%2517ccc(\C=N\N(C)P(=S)(Oc%2518ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2518)Oc%2519ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2519)cc%2517)np(Oc%2520ccc(\C=N\N(C)P(=S)(Oc%2521ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2521)Oc%2522ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2522)cc%2520)(Oc%2523ccc(\C=N\N(C)P(=S)(Oc%2524ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2524)Oc%2525ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2525)cc%2523)np(Oc%2526ccc(\C=N\N(C)P(=S)(Oc%2527ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2527)Oc%2528ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2528)cc%2526)(Oc%2529ccc(\C=N\N(C)P(=S)(Oc%2530ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2530)Oc%2531ccc(CCNC(=O)C(CCCCCCCCC)P(=O)(O)[O-])cc%2531)cc%2529)n%2516)cc%2515)cc%2513)P(=O)(O)[O-]

It should be noted, that the URL is 1666 characters long, which is below the maximum allowed URL length in our Apache setup (4000 if your were wondering). Even if we encode all the special characters, we will end up with the following URL (this time valid in all modern browsers):

https://www.ebi.ac.uk/chembl/api/data/molecule/CC.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC1OC%28CO%29C%28O%29C%28O%29C1O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC2OC%28CO%29C%28O%29C%28O%29C2O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC3OC%28CO%29C%28O%29C%28O%29C3O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC4OC%28CO%29C%28O%29C%28O%29C4O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC5OC%28CO%29C%28O%29C%28O%29C5O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC6OC%28CO%29C%28O%29C%28O%29C6O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC7OC%28CO%29C%28O%29C%28O%29C7O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC8OC%28CO%29C%28O%29C%28O%29C8O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC9OC%28CO%29C%28O%29C%28O%29C9O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC%2510OC%28CO%29C%28O%29C%28O%29C%2510O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC%2511OC%28CO%29C%28O%29C%28O%29C%2511O%29C%28O%29CO.CCCCCCCCCCCCCCCC%5BNH2+%5DOC%28CO%29C%28O%29C%28OC%2512OC%28CO%29C%28O%29C%28O%29C%2512O%29C%28O%29CO.CCCCCCCCCC%28C%28=O%29NCCc%2513ccc%28OP%28=S%29%28Oc%2514ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2514%29N%28C%29%5CN=C%5Cc%2515ccc%28Op%2516%28Oc%2517ccc%28%5CC=N%5CN%28C%29P%28=S%29%28Oc%2518ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2518%29Oc%2519ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2519%29cc%2517%29np%28Oc%2520ccc%28%5CC=N%5CN%28C%29P%28=S%29%28Oc%2521ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2521%29Oc%2522ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2522%29cc%2520%29%28Oc%2523ccc%28%5CC=N%5CN%28C%29P%28=S%29%28Oc%2524ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2524%29Oc%2525ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2525%29cc%2523%29np%28Oc%2526ccc%28%5CC=N%5CN%28C%29P%28=S%29%28Oc%2527ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2527%29Oc%2528ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2528%29cc%2526%29%28Oc%2529ccc%28%5CC=N%5CN%28C%29P%28=S%29%28Oc%2530ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2530%29Oc%2531ccc%28CCNC%28=O%29C%28CCCCCCCCC%29P%28=O%29%28O%29%5BO-%5D%29cc%2531%29cc%2529%29n%2516%29cc%2515%29cc%2513%29P%28=O%29%28O%29%5BO-%5D

which is 2478 characters long and still lower than 4000 limit. This means we can use GET to retrieve every ChEMBL compound based on its SMILES string.

 

What about POST?


OK, so SMILES can be passed via GET, can POST still be used? Yes! For every single method you can use POST as well. This is important, as it is possible to create very long URLs, by chaining together multiple filters and other parameters, such us pagination and ordering. This is why all new web services methods (even those, which don't expect any SMILES), can be executed using POST. In fact, our updated Python client (blog post coming soon!), is using POST for almost everything.  Just keep in mind, that in order to use POST to retrieve data, you have to add X-HTTP-Method-Override:GET header.

If the earlier discussion around SMILES encoding all seems a bit too complicated (hence the xkcd comic strip) or just too much hassle, you can always use POST. But remember you won't be able to share SMILES links in your blog posts or Skype conversations :(

 

Is using POST to retrieve data 'breaking the web'?


There was a recent discussion about this topic after Dropbox team announced (just like us), that they see some limitations in GET compared to POST and will start to allow POST methods to retrieve data (original article). There were some critical opinions about allowing POST access to data, stating that this is a poor API design. This is turn has triggered a long discussion on hacker news page, from which one comment is particularity important:
  
"I really like how the Google Translate API handles this issue.  The actual HTTP method can be POST, but the intended HTTP method must always be GET (using the "X-HTTP-Method-Override" header)." 

And this is exactly what we are doing, and we also believe this is the right way to use POST in order to allow retrieval of data from RESTful web interface. 


The ChEMBL Team