|
|
|
|
|
|
by danellis
5249 days ago
|
|
|
> Use HTTP verbs: GET to retrieve one or more objects, POST to create a new object, PUT to update an existing object, DELETE to remove an object. You forgot PUT to create a new object and POST to update an existing object. > Address objects by collection and by individual object: /users/#{user_id} is a specific user As far as REST is concerned, that doesn't really matter. The important thing is that the client doesn't generate the "/users/#{user_id}" URLs itself, but rather selects a URL from those it has been told about. > I find it good form to return objects in JSON with the type of object at the top of the data structure, ie {:users => [ #array of users here ]} or {:user => { #single user }} Apart from the fact that doing this allows for gracefully adding extra information, there's also an important security reason for doing this rather than having an array at the root: http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-js... > Use OAuth or some sort of token system for authenticating the calls, don't use HTTP Auth Why not do both? http://oauth.net/core/1.0/#auth_header |
|
|