[nickyp]

It's not 'compliancy' as much as they're reinventing the wheel.

REST was born out of a philosophy that the HTTP protocol already solved much of what you wanted to do. HTTP not only solved this, but solved this a long time ago and with 'great success' (aka The Interwebs ;-)

- Authentication mechanism

- Operations (CRUD) -> GET, PUT, POST, DELETE, ...

- Caching -> Use HTTP caching mechanisms...

- Resources -> URL's

- Formats -> mime-types + use a HTTP Accept: header

- ...

They reinvent the wheel on many of the bullet points above: custom operations, custom format handling, custom authentication mechanisms, ... That's why this really is one of the worst implementation of an 'RESTful' API

[SomeOtherGuy2]

I'm not saying it is a nice API, or that it is in any way a REST API. Just that unless I am missing something, it is HTTP compliant.

[alexchamberlain]

It isn't compliant, it doesn't use the verbs properly.

[SomeOtherGuy2]

Would you care to point out where in the HTTP RFCs it requires the use of certain methods for certain operations? The reality is, you can do whatever you like as far as HTTP is concerned. In fact, only GET and HEAD are required to be implemented, all the other methods are optional.

HTTP does not have "verbs". That is REST. Just because they aren't using a REST API, doesn't mean they are not HTTP compliant.

[spacemanaki]

I'm not sure that it actually violates the letter of the law of the spec, but I think it definitely violates the spirit, based on this section: http://tools.ietf.org/html/rfc2616#page-51.

I thought that GET (along with a few other methods) were supposed to be "safe" and not result in any action on the server except possibly logging and stuff like that? Is this required to be HTTP compliant or is this more of a recommendation?

[alexchamberlain]

RFC 2616

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html