Mark
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
Mark
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+unsubscribe@googlegroups.com.
I don't think the way you use DELETE violates the words of the new definition. It is still an odd usage, considering the "spirit" of the definition. Most importantly: it is confusing. Many API clients have well-established understanding of what HTTP DELETE should do in an API, and you are not doing that.
I would replace the usage of DELETE with an HTTP PUT, to avoid confusion, if nothing else.
On 1 Sep 2014, at 21:43, Philippe Mougin wrote:
Dynamically changing the list of allowed methods on a resource is fine; it is even described as a possibility in the HTTP spec.
I see that HTTPbis clarified that actually, and added an extra "current state" reference.
However your usage of DELETE as a mean to turn a resource into read-only state is not compliant with HTTP semantics.
We've discussed this at work and don't agree, HTTPbis also was clarified/updated to leave the what "delete" means to your application content rather ambiguous:
"The DELETE method requests that the origin server remove the
association between the target resource and its current
functionality."
which seems fine with what where doing, but then it does also follow that with:
"...it expresses a deletion operation on the URI mapping of the
origin server, rather than an expectation that the previously
associated information be deleted."
Which does imply a read-only version may still exist, but maybe not via the same URI.
Cheers
Mark
On 1 Sep 2014, at 21:43, Philippe Mougin wrote:
Dynamically changing the list of allowed methods on a resource is fine; it is even described as a possibility in the HTTP spec.
I see that HTTPbis clarified that actually, and added an extra "current state" reference.
However your usage of DELETE as a mean to turn a resource into read-only state is not compliant with HTTP semantics.
We've discussed this at work and don't agree, HTTPbis also was clarified/updated to leave the what "delete" means to your application content rather ambiguous:
"The DELETE method requests that the origin server remove the association between the target resource and its current functionality."
which seems fine with what where doing,
but then it does also follow that with:
"...it expresses a deletion operation on the URI mapping of the origin server, rather than an expectation that the previously associated information be deleted."
Which does imply a read-only version may still exist, but maybe not via the same URI.