Jens Alfke, “commenting on the new Rdio API”:http://jens.mooseyard.com/2011/03/dudes-this-is-so-not-rest/:
“Maybe we should just give up on the term REST, since it’s become so diluted as to mean nothing more than ‘HTTP API that’s not as hard to use as SOAP’?”
Sounds right. “Pure REST”:http://en.wikipedia.org/wiki/Representational_State_Transfer was never strictly followed, and the advantage to consistent HTTP methods — being able to abstract parts of the client details away, as with “ActiveResource”:http://api.rubyonrails.org/classes/ActiveResource/Base.html — don’t seem like significant savings to me. Now that XML-RPC and SOAP are mostly dead, we assume that new APIs are going to be usable from any language without much effort. I won’t object to having one less acronym in the world.
“Dave Winer proposes”:http://www.scripting.com/stories/2009/01/05/rethinkingAuthentication.html a simple solution to revoking authentication in web services:
“Now imagine that Twitter had a page that showed all the IP addresses that have used your login in the last 30 days, with a start date for each and a count of calls made. I bet you could figure out which one was The Greasy Spoon Group, pronto. Further suppose there was a checkbox next to each IP address. You could uncheck that one, click Submit, and voila, no more spam from your account.”
There are important things missing here, such as not sharing your credentials, but I have to admit I do like the simplicity. If the hostnames were grouped by user agent, the UI wouldn’t even be half bad. If nothing else, maybe this will light a fire under OAuth implementors to get moving. (And I count myself in that group too, since I’m involved with some services that need OAuth pretty badly.)
If you “string together tweets from Alex Payne”:http://search.twitter.com/search?q=&ands=oauth&phrase=&ors=¬s=&tag=&lang=all&from=al3x&to=&ref=&near=&within=15&units=mi&since=&until=&rpp=50, it makes for an interesting narrative about OAuth too.