Articles/etc | Protocols - REST
Get flash to fully experience Pearltrees
This is a follow-up post to my post here . You probably want to read that first. UPDATE: Please note that ' REST is over' . 'Hypermedia API' is the proper term now. A few words on standards versus pragmatism
Some People Understand REST and HTTP
Since I've posted this, I've refined a few of my positions on things. Everyone learns and grows, and while I still stand by most of what I said, I specifically don't agree that versioning the media type is how to properly version APIs. Hypermedia APIs should not actually use explicit versioning, but I'd rather see a version in the URI with HATEOAS than no HATEOAS and versioned media types.
Nobody Understands REST or HTTP
A Brief Introduction to REST
Posted by Stefan Tilkov on Dec 10, 2007 Sections Enterprise Architecture , Architecture & Design Topics
Posted by Stefan Tilkov on Mar 13, 2008 Sections Enterprise Architecture , Architecture & Design Topics WS-ReliableMessaging ,
Addressing Doubts about REST
Interview and Book Excerpt: RESTful Web Services
Posted by Stefan Tilkov on Jun 01, 2007 Sections Enterprise Architecture , Architecture & Design Topics Web Services ,
Buzzwords can be a funny thing. I’ve been writing (what I thought were) ‘RESTful’ web apps and APIs for five years now, and it wasn’t until a couple of weeks ago that I really began to understand what that meant. I’d like to share my ‘ AHA ’ moment, and give a concrete example of why following the REST style correctly can save you headaches in the long run. TL;DR: A RESTful API should provide hypertext links to drive traversal through itself, instead of forcing the client to craft their own URIs. Many have complained about the font on my site, but I personally like it. If you’re having trouble with it though, just click here .
How I learned to stop worrying and love REST - Mike Mayo
Peter Williams - Versioning REST Web Services
Managing changes to APIs is hard. That is no surprise to anyone who has ever maintained an API of any sort.Designing a Secure REST (Web) API without OAuth
Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “ pass the credentials in the query ” approach… or something equally-as-easy for people to use, but it needs to be secure . You are a smart guy, so you start to think… Problem You realize that literally passing the credentials over HTTP leaves that data open to being sniffed in plain-text; After the Gawker incident , you realize that plain-text or weakly-hashed anything is usually a bad idea . You realize that hashing the password and sending the hash over the wire in lieu of the plain-text password still gives people sniffing at least the username for the account and a hash of the password that could (in a disturbing number of cases) be looked up in a Rainbow Table .
Yesterday there has been a popular post on Hacker News about Designing Secure REST API without OAuth . I don’t agree that OAuth is unsuitable and I’ll introduce my way shortly. This post is intented to be a reply on this topic . In our new startup ( ollaa.com ), we (3 undergrad co-founders) are basically developing a mobile social network that has iOS/Android clients communicating the server via a REST API .