| Time |
S |
Nick |
Message |
| 00:13 |
|
|
pezra joined #rest |
| 00:28 |
|
|
JMZ_DMZ joined #rest |
| 00:57 |
|
|
lemur joined #rest |
| 01:12 |
|
|
lemur joined #rest |
| 01:17 |
|
|
lemur joined #rest |
| 01:24 |
|
|
lemur joined #rest |
| 02:11 |
|
|
pezra joined #rest |
| 02:58 |
|
|
qw3rtman joined #rest |
| 03:36 |
|
|
mlilenium_ joined #rest |
| 03:36 |
|
|
mlilenium_ left #rest |
| 04:09 |
|
|
proteusguy joined #rest |
| 04:29 |
|
|
JMZ_DMZ joined #rest |
| 04:45 |
|
krainboltgreene |
Wish t_dot_zilla would come back, I have an answer for him. |
| 05:57 |
|
trygvis |
krainboltgreene: what is the answer? |
| 05:58 |
|
krainboltgreene |
trygvis: Was going to point him to JWT and HTTP signing drafts. |
| 05:58 |
|
krainboltgreene |
And implementations. |
| 05:58 |
|
krainboltgreene |
I just recently used/built ruby gems for both and implemented them in a server/client setup. |
| 06:00 |
|
trygvis |
where is the specification? |
| 06:01 |
|
krainboltgreene |
http://tools.ietf.org/html/draft-cavage-http-signatures-03 |
| 06:01 |
|
krainboltgreene |
https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27 |
| 06:01 |
|
trygvis |
ah |
| 06:02 |
|
krainboltgreene |
Anyone else notice that HTTP spec people tend to have bad naming practices btw? |
| 06:03 |
|
krainboltgreene |
JWT for instance, requires an "typ" and "algo" key, abbreviation of "type" and "algorithm" respectively. Saving a total 6 characters on a protocol that'll compress anyways :P |
| 06:04 |
|
|
rosstuck joined #rest |
| 06:05 |
|
krainboltgreene |
Or the HTTP spec having "Authorization" for something that's actually AuthN instead of AuthR. |
| 06:12 |
|
|
woky joined #rest |
| 06:33 |
|
|
woky joined #rest |
| 06:37 |
|
|
_ollie joined #rest |
| 07:29 |
|
|
interop_madness joined #rest |
| 08:57 |
|
|
`0660 joined #rest |
| 09:41 |
|
|
Jarda joined #rest |
| 09:54 |
|
|
ironChicken joined #rest |
| 10:41 |
|
|
shrink0r joined #rest |
| 11:14 |
|
|
Left_Turn joined #rest |
| 11:46 |
|
|
mezod joined #rest |
| 12:20 |
|
|
rue joined #rest |
| 12:43 |
|
|
daxim joined #rest |
| 12:54 |
|
|
proteusguy joined #rest |
| 13:16 |
|
|
graste joined #rest |
| 13:23 |
|
pdurbin |
ah, t_dot_zilla's question at http://irclog.greptilian.com/rest/2014-10-10 was about http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ |
| 13:30 |
|
|
Left_Turn joined #rest |
| 13:35 |
|
|
JMZ_DMZ joined #rest |
| 13:37 |
|
|
_ollie joined #rest |
| 13:48 |
|
krainboltgreene |
pdurbin: Yeah, but that article didn't have a link to the draft, as far as I could tell. |
| 13:48 |
|
krainboltgreene |
Or JWT style authN. |
| 14:38 |
|
|
shrink0r joined #rest |
| 15:23 |
|
ybit3 |
let's say i have a videogame store and i want to allow customers to purchase games through my api, what would an ideal request look like? |
| 15:23 |
|
ybit3 |
i'm guessing it's a POST |
| 15:25 |
|
ybit3 |
i can't decide if the route should be api.example.com/game/:id or api.example.com/game/:id/purchase |
| 15:26 |
|
ybit3 |
i'm so tired today :| |
| 15:28 |
|
|
JMZ_DMZ joined #rest |
| 15:34 |
|
|
rosstuck joined #rest |
| 15:49 |
|
|
JMZ_DMZ joined #rest |
| 16:00 |
|
|
woky left #rest |
| 16:10 |
|
pdurbin |
ybit3: what did you decide? |
| 16:12 |
|
ybit3 |
pdurbin: i didn't, my mom called me |
| 16:12 |
|
ybit3 |
so i've been distracted unfortunately |
| 16:13 |
|
ybit3 |
pdurbin: have you ever had to deal with something like this, curious what you did and what your thoughts are if so |
| 16:17 |
|
pdurbin |
we sort of follow the :id/purchase pattern, I guess: https://github.com/IQSS/dataverse/tree/master/scripts/api |
| 16:29 |
|
|
JMZ_DMZ joined #rest |
| 17:21 |
|
|
heath joined #rest |
| 17:21 |
|
|
ybit3 left #rest |
| 17:23 |
|
heath |
ramsey had a good quote in another channel |
| 17:23 |
|
heath |
"In attempting to set up something like a POST to /games/:id or /games/:id/purchase, then you’re thinking in terms of verbs or actions you can take on that game, and you’re overloading HTTP to do that. I like to think in terms of resources, so I would create a transaction (or cart) resource to represent the purchase. |
| 17:23 |
|
heath |
" |
| 17:25 |
|
ramsey |
:-) |
| 17:34 |
|
pdurbin |
hmm. ok |
| 17:52 |
|
|
JMZ_DMZ joined #rest |
| 18:02 |
|
krainboltgreene |
Argh, I always come late. |
| 18:02 |
|
krainboltgreene |
Though heath basically said what I was going to say. |
| 18:02 |
|
krainboltgreene |
I've found if you ever type a / after the id of a url, you've gone too far. |
| 18:04 |
|
dreamdust |
Is POST'ing an array of resources RESTful ? |
| 18:05 |
|
dreamdust |
like POST'ing an array of items to /items to create multiple resources? |
| 18:08 |
|
krainboltgreene |
dreamdust: Semantically it was defined I believe as replacing the array. |
| 18:08 |
|
krainboltgreene |
dreamdust: Basically, no one would fault you if that's what you did. |
| 18:11 |
|
dreamdust |
yeah I didn't think it was an issue but it introduces error handling problems |
| 18:11 |
|
dreamdust |
For example, if one record fails to create, but other succeed, do you return an error status code or a 201 hehe |
| 18:11 |
|
dreamdust |
it seems if you do that you need to make the thing transactional to still use HTTP status codes properly |
| 18:12 |
|
trygvis |
yep |
| 18:12 |
|
heath |
krainboltgreene: hmm.. |
| 18:13 |
|
dreamdust |
so it seems to me POST'ing multiple resources cannot be restful |
| 18:13 |
|
heath |
games/:id/images |
| 18:13 |
|
heath |
you don't think that's too far do you? |
| 18:13 |
|
heath |
that's a sub-resource collection |
| 18:13 |
|
heath |
i think that's a nice way accessing such a thing |
| 18:13 |
|
|
JMZ_DMZ left #rest |
| 18:15 |
|
|
ph88 joined #rest |
| 18:35 |
|
krainboltgreene |
dreamdust: The JSONAPI.org way is if one fails, they all fail. |
| 18:35 |
|
krainboltgreene |
heath: Yes, it's too far in my opinion. |
| 18:36 |
|
dreamdust |
krainboltgreen: Yeah, if its transactional its fine... |
| 18:36 |
|
krainboltgreene |
heath: Flat HTTP APIs just tend to be easier to manage, both in writing the code and handling the interface. |
| 18:37 |
|
dreamdust |
krainboltgreen: Unfortunately, the company I work for uses mongo :( |
| 18:38 |
|
heath |
python-eve by default uses mongo, and that's what i'm using for writing this api |
| 18:38 |
|
heath |
haven't looked into switching yet |
| 18:39 |
|
krainboltgreene |
dreamdust: My framework has a validation step before hitting the database, so I can say yes or no to the request before any sort of transaction phase. |
| 18:39 |
|
krainboltgreene |
Mongo doesn't have much to do with it, if you're willing to add that layer to requests. |
| 18:45 |
|
|
shrink0r joined #rest |
| 18:48 |
|
|
digitalsanctum joined #rest |
| 20:53 |
|
|
fumanchu_ joined #rest |
