[rumanator]

> Most of the time, those “things” are dumb business logic applications that can’t explore the hypermedia to discover new functionality and furthermore are not designed to do anything with it anyway.

Dumb business logic is not the point. One of the benefits of HATEOAS is that it allows REST clients to be loosely coupled with REST services, in a way that APIs can change freely change (i.e., change endpoints around, break away functionalities into other services, etc.) without requiring clients to be updated under the penalty of breaking compatibility.

The main reason why no one does REST and everyone does RPC-over-HTTP is that while REST clients require tracking and updating state to support service discovery, RPC-over-HTTP just requires a single HTTP request to achieve the same purpose, albeit without the resilience and future-proof.

[dozzman]

> One of the benefits of HATEOAS is that it allows REST clients to be loosely coupled with REST services, in a way that APIs can change freely change

My point is that even though they're loosely coupled, the API actually cannot change freely because the actual consumer of the API, the business logic, is still tied to the API through the client. If your API changes and the client/browser is still able to traverse it fine, but your business logic breaks, does that actually mean that the API is free to change? I don't believe so.

[rumanator]

> My point is that even though they're loosely coupled, the API actually cannot change freely because the actual consumer of the API, the business logic, is still tied to the API through the client.

The main promise of REST is that following that particular application style does indeed allow the API to freely change without breaking backwards compatibility.

The main drawback of REST is that no one actually follows those principles.

With REST, the client is not tied to an API. The client seeks resources, and relies on content discovery processes to determine how to access those resources. The only endpoint that may be hard coded is a home/root endpoint, and all other resources are accessible through it by following hypermedia. With REST you care about the what, not the where.

> If your API changes and the client/browser is still able to traverse it fine, but your business logic breaks

This is where you're getting it wrong. REST is all about the interface. The interface has zero to do with the business logic. If you have an interface that allows you to access the same data but for some reason your business logic breaks due to non-opersrional reasons (i.e. extra latency from the content discovery process) you need to have a talk with whoever screwed that up.

[gridlockd]

> Dumb business logic is not the point. One of the benefits of HATEOAS is that it allows REST clients to be loosely coupled with REST services, in a way that APIs can change freely change (i.e., change endpoints around, break away functionalities into other services, etc.) without requiring clients to be updated under the penalty of breaking compatibility.

There is a very limited amount of useful things that you can do here without breaking "conforming clients", at the cost of forcing those clients to implement much more expensive and error-prone logic in order to not break.

In reality, clients aren't going to conform, they're going to hardcode logic and they're going to break if you do any of the things that "shouldn't break conforming clients".

This means that in practice, on top of being more annoying to use and implement, REST APIs are more likely to break than RPC-APIs, which you can trivially extend with optional parameters or additional procedures.

[cryptos]

That is true, but I would argue that typical applications are hard to implement in a RESTful way, since there is always some kind of understanding necessary. A human could understand that "inbox" was renamed to "incoming mail" in an email application. But what should some kind of RESTful client without understanding the semantics do?