I looked at this a while ago and started to reply, but looks like I lost my draft.
This is a pretty interesting approach, and I like that you're going out of your way to explain it and open source your ideas. (I read through some of the work on github, mainly skimming the docs on API Chaining in particular).
I can see how there are situations where an API Object like you describe could be useful. I question some of the specifics though, it sounds like you're describing a specific problem and a specific solution rather than a general one. (In your first video you make claims about where things like authorization and validation can happen/must happen and how the API Object makes this better; I'm not sure I agree that your description of the problem applies to web services in general, but presumably it's an accurate description of a system/set of systems you've worked with.)
But all of that is basically a pit stop on the way to the API Chaining idea. My initial reaction to the description you give of API Chaining is that it's not the best solution to the problem, but it's possible I simply don't fully understand the purpose or the problem you're trying to solve.
Some things that concerned me:
- If you have a chain that ends in an unsafe method ("postchain"), then you're performing unsafe methods through requests you don't expect to be unsafe (i.e. a GET triggers actual changes on the server), and I'm wary of this because it opposes HTTP semantics and could easily cause problems for less-informed clients.
- I don't understand the reasoning for why the only options for a chain are "postchain" and "prechain". If you're chaining operations already, I don't see why you couldn't chain a group of unsafe operations together as well (I see why you probably shouldn't, but I see no technical limitations in play).
The purpose of chaining, as I understand it, is to reduce the number of API calls needed to perform a specific task. I think I would assert that are at least two other reasonable solutions to this:
1. Depending on how your responses are structured, you could reduce a "postchain" and "prechain" to simply two requests: one GET and one unsafe method, assuming that you could expand links in requests through parameters. Your chaining example from the video could be GET /persons/1/?expand=purchase or even just GET /persons/1/purchase
2. As the service provider, you could write the "chain" yourself and expose that as a new endpoint. From your example in the video, instead of chaining GET > GET -> POST as one GET request, you could simply have a POST /purchases/ with content { "personId" = 1 }, and then it's up to you, the service provider, to get the purchase associated with that person and update it appropriately. (Although I would model this specific case as a GET followed by a PUT).
This second approach is the one I tend to take in general with API design: Expose what seems to me to be the most useful/basic endpoints, and then as time goes on and specific use-cases become apparent, add "shortcut" endpoints to address them. For example: if I have a service that lets you post to a forum either anonymously or with a user account, then I might have endpoints for making a post and making an account. If I then see that people using my API use them in conjunction (say, have an option to create an account at the same time as posting your first post), I might make a new endpoint that lets you simultaneously create a post and a user at the same time.
If I've somehow missed the point of this work please correct me. It seems interesting, but from what I can tell, not something that I would personally use (because I like the other solutions I've described better; though they do trade some flexibility for ease of implementation and cachability).