REST: Headers & Versioning
Published by Damon Clinkscales (@damon) —
#API geeks: does reliance on HTTP headers make an API not RESTful or less RESTful than one which includes key in the URL? /cc @steveklabnik
@damon almost entirely irrelevant. It depends on the specifics, really.
@damon what does your header do?
@steveklabnik identifies the client by API key in an X- header
@damon @steveklabnik I always thought HTTP headers were pivotal to RESTful APIs. The URL is supposed to be specific to a resource.
@damon @steveklabnik Ex. API version should be in headers and not URL
@howardr REST apis should not be versioned in the first place. /cc @damon
@damon as a means of authentication? I don't see a problem with that.
@damon as long as it doesn't affect the _addressability_, you should be fine.
@howardr @damon If the resource is significantly different due to an API change, I think a version # in the URL is valid.
@hayesdavis @damon I agree. It is a very pragmatic approach which IMO is good. However it was the only example I could think of
@damon I would think including the key in the URL would be less restful because the key isn't a part of the resource identifier.
@hayesdavis @howardr Agree. I like Howard's word 'pragmatic' to describe it. It's less 'pure' but helps clients to know what to expect.
@garrettdimon a good point. to me, the key seems completely irrelevant to the resource itself. it's purely for access control in this case.
@damon Keeping things in headers is tidy and easy to develop against. Not sure about “RESTful”, but that’s usually not my goal.
@damon Basically just copy GitHub and/or Heroku when doing API design. Therein lives goodness.