Pat Farrell wrote:
Mark Masse wrote:If the REST API designer has chosen to model "buy" using an action/controller resource that "triggered" via POST (a reasonable choice), then it is a client's job to enforce or warn about rePOSTing the "model"? ....
Clients need to understand (and account for) the nature of any HTTP methods that they use to communicate. Page 27 of my book talks a little bit more about this design concern.
I can't comment on the relative values of your approaches, but I have found that:
1) you can not trust the client software to do reasonable things. Browsers are weird, and you may not be talking to a browser.
2) If you assume that the human client has an IQ higher than a turnip, you are making a huge mistake.
Pat Farrell wrote:
Mark Masse wrote: Can you clarify what you mean by "support" for idempotency? Are you encountering many APIs that seem to "violate the contract" specified by HTTP's methods?
Yes, exactly. The classic example is a duplicate send of a "buy items in shopping cart" command, triggered by a POST. You only want the items once, not two or three times.
Pat Farrell wrote:I find that far too many applications have no support for idempotency. Often it appears that the API designers never considered the topic.
Does the book address this?
Kim Baddeley wrote:Hi Mark,
What is your opinion on WADL. Should a RESTful service provide one or is the standard dead in the water?
John M Brown wrote:
Beyond the WRML concept (which does not have to be used to apply most all of the practices in this book), there's a lot of good information and practices contained in a concise format (as the 1st amazon reviewer admits). Much more complete than I've found in any other REST book I've read and recommended (i.e. REST in practice, RESTful service cookbook). It makes a good reference when designing a REST system beyond a sample RESTbucks application.
raj malhotra wrote:Hi Mark,
I dont know much about WRML.May be it is far better then my thought.But just i want to know Does your book has strong coupling with WRML? Can i learn REST full webservices with/without WRML from this book? And who is your target audience- Beginner,Intermediate or Advanced users.
paul nisset wrote:Thanks Mark.
The devil is in the details.
paul nisset wrote:Hi Mark,
How complicated is security using REST ?
Is it just a matter of passing an authenticating token in the request ?
Max Tomlinson wrote:I meant to add that since your book doesn't mention WSO2 and that you haven't heard of them, it is helpful in giving me a view on where they might stand in the bigger scheme.
paul nisset wrote:Is that what your book focuses on, implementing an API for working with the constraints ?
Clarifying your model for REST would be interesting.