I rolled out my production REST api Sunday night based on PowerNap 0.9
and everything is going great. It definitely needs more logging/
debugging to assist when things go wrong but it's working quite well.
We're primarily using it right now to log payment processing. We have
a payment "proxy" server managed by a third party hosting company in a
PCI DSS compliant environment. Our web app has a payment form that
sets the <form action=""> to point at the proxy server
(
secure.foo.com) rather than our stack of servers (
www.foo.com). On
the proxy is a REST client which first POSTs a new payment record with
a status of "pending" to my PowerNap-based API (
api.foo.com), then
processes the payment with our merchant account against Braintree, and
finally updates the payment record with a PUT again to our API
(
api.foo.com). It's a bucketload of work for what is essentially
logging but PCI DSS is nothing if not a set of hoops to jump through.
Thought folks might be interested to hear how I'm using it.
Brian