Yep, OPTIONS isn’t cacheable and you will need two HTTP roundtrips in case the operation is supported instead of one. I would either include/remove a link dynamically depending on the users permissions or add a flag like editable if you are really concerned about the overhead of adding/removing the links.
--
Markus Lanthaler
@markuslanthaler
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to a topic in the Google Groups "API Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/api-craft/g30AfGiC-Tk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
Yep, OPTIONS isn’t cacheable
1) can your application efficiently calculate all of the possible links/options? Often it can be as computationally intensive to work out whether someone can call an API in the first place as it is to actually carry out the call.
[example] they currently work within a group that has "budget management access"; and that group is currently active OR they are an admin user OR they are temporarily working on behalf of someone else who has such permissions.
In a human-driven/browsing scenario (like when you will be rendering all of those budgets on a web page and building up a dropdown menu next to each of them with all possible options) then it can be valuable to have the information you are talking about.
But in many application scenarios it's not that useful - maybe people don't tend to go poking around trying to perform random operations on budgets they don't have access to, and therefore its perfectly fine to hit them with a 403 or whatever.
But, assuming that you do indeed need to make available this Hateoas-type information along with your resource, maybe you could decouple it? i.e. include a link in the resource leading to the valid options, which you could fetch using a separate request?
That is similar to your OPTIONS idea, in that its up to the client whether they fetch it or not (and thus whether you take the hit in calculating it), but maybe using plain GET gives you a bit more flexibility if its possible for you to cache the valid options, even for a short time.
just as in direct-human interfaces(HTML), place the most-commonly used API options directly in the response and include a "more options over here..." link to cover all the others
Especially when the answers can possibly (probably?) be different by the time the subsequent request is made.
--
First I dont see any reason to use JSON since the Link Header has enough power to convey what you need.
Why are you liking so much all these double quotes guys?
Link: </budgets/25/incomes>; rel=incomes;allow=POST;allow=GET
or
Link: </budgets/30/incomes>; rel=incomes; allow=GET
Your trick with Options is specially awful and breaks the URI opacity principle, while imposing anyway an additional request.
An additional request is simply unavoidable if you want to avoid the error.
Another point is that you should not expose the template
</budgets/{id}/income>
precisely for the reason above.
Note: I still dont understand the purpose of HAL and all the equivalent formats: there are no ways to reasonably describe in advance what will happen during an hypermedia navigation.
Hello David,
There is also a draft extending the Link parameters
http://tools.ietf.org/html/draft-nottingham-link-hint-00
It mentions the "allow" convention which seems quite natural.
It mentions also the "accept-post" and "accept-patch" conventions which can also be very useful.
I consider that a simple use of the parameter is allowed (no need for this ugly JSON, although possible).
About HAL, UBER etc
data contained in Headers is cached as well as the content, it is not an argument for using JSON content.
You cannot say that this awful set of private different formats is "standardized" in any way: they are just multiple instances of the same bad idea, in competition for obscure reasons.
I'd like to this the antisocial tone of this email is inadvertent, although my assumption is that it is not.
You haven't done a good job of explaining exactly why including links in the body is "ugly" or all of the formats that afford that are "awful" and based on a "bad idea".
I'd like to this the antisocial tone of this email is inadvertent, although my assumption is that it is not.Well, I agree, but this is due to some irritation: JSON impose to quote attribute names for obscure reasons, this is painful and ugly (not beautiful). At the same time, you have the Link Header spec, almost fully standardized, available and strangely unknown: why? This is irritating.
You haven't done a good job of explaining exactly why including links in the body is "ugly" or all of the formats that afford that are "awful" and based on a "bad idea".- JSON is awful (double quoted attribute names)
- JSON based formats are not type checked in general
- The formats are multiple (instead of being unique)
- They are used to duplicate existing things (HTML itself and it is irritating, the Link Header, irritating too, and WADL now considered bad).
HTTP + its headers + HTML+RDFa is a way to express EVERYTHING in a clean and standard way.
Why considering something else ?
Another good practice, very useful and comparable in its simplicity with the use of the Link header:
the text/uri-list media type, allowing to transfer resources by reference in a very simple way.
Using JSON to duplicate this simplicity is an absolute scandal !
On Feb 5, 2015 5:50 PM, "Mark Derricutt" <ma...@talios.com> wrote:
>
>
> Personally, as someone whose often working more at a library/framework level, I'd consider exposing a consistent API for looking for links that abstracted both the HAL + Header level and treat header based links as being the same as top level <resource/> links.
Exactly this! That is the approach my angular-hy-res (and hy-res core library) takes. The exact mechanism of link delivery can in some regards be treated as an unimportant implementation detail.
-pete