This morning I created a Web service for the identity management application that I have talked about a few times. We’re rolling out a new application and it needs to authenticate against our centralized user database. After a discussion with the developers who are working on the new application, we came up with a very basic spec for this single API call.
You submit a username, password, and application key (which is used to identify and authorize the calling application) via HTTP POST. If the authentication or application key are invalid, the application returns an HTTP status code of 401 (unauthorized). If the credentials are valid, it returns 200 (success) and an XML document containing the details of the user’s profile.
This is how I’ve been writing web services for the past couple of years, with the exception of taking advantage of HTTP status codes, that’s something new for me. I would have always said that I was writing REST Web services or at least REST-style Web services, but given recent debate, I’m no longer sure if I’m allowed to say that. It’s REST to me, but perhaps not to thee. I am certain that it works, and that it’s really easy to program against.
March 22, 2006 at 3:22 pm
I’m only starting to wrap my head around the specific details of REST, but I think your service is certainly in the spirit, if not the letter.
From what I’ve been reading, that sort of request should have been submitted with GET instead of POST (you’re retreiving data rather than updating it) if you wanted to be all hardcore RESTful, but there’s wiggle room.
I haven’t heard anything (yet?) about using the HTTP status codes as being part of REST, but it certainly strikes me as a good idea to use that part of the protocol.
March 22, 2006 at 5:35 pm
REST is one of those things, like syndication, that engenders debates of gargantuan proportion for no reason; your implementation certainly fits within the idea of REST that I’ve always had inside my thick skull.
Oh, and Amazon certainly uses HTTP status codes as part of its REST implementations; here’s the relevant page for the S3 service, for example. (It’s a framed page broken out of this frameset.)