ansaurus

Question

Answer 1

+2 A:

Incorrect use of HTTP verbs: Flicker uses the verb "replace" instead of HTTP PUT in http://api.flickr.com/services/replace/. Another example: http://api.flickr.com/services/rest/?method=flickr.test.echo&name=value "method" should be one of the HTTP methods (GET in this case).
Flicker doesn't use HTTP status codes correctly.
Authentication is not RESTful

deamon 2010-02-05 09:46:44

Does this mean you can't authenticate a RESTful API? My client needs authentication for some parts of the API. Does the need for authentication mean you should ditch REST all together?

Richard 2010-02-05 09:58:05

REST can be used with authentication. To conform with REST principle the authentication should be stateless (without session). Common authentication mechanisms are HTTP Basic and Digest authentication and TLS client certificates.

deamon 2010-02-05 10:44:51

With REST the authentication information should be sent with each request, so that each request is independent of previous requests. What you want to avoid is passing some form of session id or token that the server uses to verify if the user was previously authenticated.

Darrel Miller 2010-02-05 14:26:20

That's true for Basic Auth, but something like Digest Auth blurs the line a bit.

Mike 2010-02-05 14:40:25

Answer 2

+3 A:

Another important reason this API would be deemed unRESTful is because it doesn't make use of 'hypertext'. Hypertext is simply using links (and link relations) to move clients along in your applications, rather than requiring them to programatically 'construct' a URI.

This is not RESTful:

GET /collection
200 OK

<collection>
  <item>
    <id>1</id>
  </item>
</collection>

This is RESTful:

GET /collection
200 OK

<collection>
  <item href="/collection/1" />
</collection>

The benefit of the latter, RESTful, approach is that your server can move the item resource wherever it wants - e.g. move it to /item/1 - change the href value, and know that all clients will manage the change. The former approach is not capable of this because the server cannot guarantee that all clients will acknowledge the change; this is part of what is referred to as client/server coupling, and in large distributed systems where your API has lots of clients you want to keep this to a minimum - this is the primary objective of REST.

Roy Fielding refers to this part of REST as the 'hypertext constraint', and he wrote the following blog post about it:

http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

Mike 2010-02-05 11:04:57

Maybe you could qualify that the first option is not RESTful if the client uses the representation to construct the url '/collection/1' and the media-type retrieved does not specifically allow that kind of URI construction.

Darrel Miller 2010-02-05 14:44:32

I wouldn't promote media types being designed that way

Mike 2010-02-05 15:20:36

ansaurus

tags:

views:

answers:

Why isn't the Flickr API RESTful?

related questions