| Time |
S |
Nick |
Message |
| 01:28 |
|
|
igitoor joined #rest |
| 01:30 |
|
|
igitoor joined #rest |
| 03:04 |
|
|
tr3onlin_ joined #rest |
| 03:25 |
|
|
ralphschindler joined #rest |
| 04:05 |
|
|
tr3online joined #rest |
| 04:07 |
|
|
tr3online joined #rest |
| 06:02 |
|
|
lemur_ joined #rest |
| 06:35 |
|
|
_ollie joined #rest |
| 06:37 |
|
|
adaro joined #rest |
| 08:37 |
|
|
blahdeblah_ joined #rest |
| 08:45 |
|
|
azr joined #rest |
| 09:07 |
|
|
azr joined #rest |
| 09:15 |
|
|
daxim joined #rest |
| 09:32 |
|
|
TeddyMurray joined #rest |
| 09:33 |
|
|
Andre-B joined #rest |
| 09:34 |
|
|
shrink0r joined #rest |
| 10:04 |
|
|
xbike joined #rest |
| 10:08 |
|
xbike |
Hi all, I was just involved in some funny discussion with collegues. Is it ok to GET the time from a time server or should it be fetched with POST? |
| 10:10 |
|
trygvis |
why wouldn't it be ok with get? |
| 10:10 |
|
trygvis |
sounds useless but reasonable to me |
| 10:13 |
|
pdurbin |
maybe NTP is blocked or something |
| 10:17 |
|
|
azr joined #rest |
| 10:20 |
|
trygvis |
then HEAD on / would be sufficent, all servers include Date :) |
| 10:21 |
|
trygvis |
but if it's just a discussion I would guess the argument for POST is that the resource is "modified" every time you GET the resource, or that two GETs won't give the same response |
| 10:39 |
|
|
Left_Turn joined #rest |
| 10:46 |
|
pdurbin |
the "design" of a RESTful API: https://github.com/DesignOpen/designopen.github.io/issues/194#issuecomment-83500430 |
| 11:38 |
|
|
SupaHam joined #rest |
| 11:43 |
|
|
azr joined #rest |
| 11:48 |
|
|
vanHoesel joined #rest |
| 12:02 |
|
trygvis |
pdurbin: not quite sure what I am looking at :) |
| 12:07 |
|
pdurbin |
:) |
| 12:11 |
|
t_dot_zilla |
hi |
| 12:11 |
|
t_dot_zilla |
i'm dev'ing a REST API using php + slim framework |
| 12:12 |
|
t_dot_zilla |
im going to implement hmac |
| 12:12 |
|
t_dot_zilla |
but i have a question about client app side of things |
| 12:12 |
|
t_dot_zilla |
basically we went to auth clients with user/password |
| 12:12 |
|
t_dot_zilla |
each user will have an API key |
| 12:13 |
|
t_dot_zilla |
if we were to develop a client web based app, the user would login with user/pass and the api key |
| 12:13 |
|
t_dot_zilla |
would be retrieved |
| 12:14 |
|
t_dot_zilla |
im thinking it wuold be safe to store the apikey in a php $_SESSION ? |
| 12:14 |
|
t_dot_zilla |
rather than a cookie, right? |
| 12:21 |
|
pdurbin |
you gotta put it somewhere |
| 12:30 |
|
t_dot_zilla |
ha ha. just trying to think of most secure setup |
| 12:30 |
|
t_dot_zilla |
since $_SESSION is stored on server, it's probably best route |
| 12:44 |
|
|
interop_madness joined #rest |
| 12:46 |
|
|
azr joined #rest |
| 13:28 |
|
|
azr joined #rest |
| 13:35 |
|
|
aGHz joined #rest |
| 13:48 |
|
|
mezod joined #rest |
| 13:50 |
|
|
nkoza joined #rest |
| 13:50 |
|
|
dEPy joined #rest |
| 13:52 |
|
|
azr joined #rest |
| 13:53 |
|
|
ecraven joined #rest |
| 13:53 |
|
ecraven |
greetings :) |
| 13:53 |
|
ecraven |
I have a job server, with workers. if a worker wants a new job, I've thought about having it POST to the server, which returns a new job. is this ok design-wise? |
| 13:54 |
|
ecraven |
is there a better HTTP verb? |
| 13:54 |
|
ecraven |
I'd update the job status with PUT, and finish it with DELETE (or PUT, really not sure about that). |
| 14:07 |
|
|
vanHoesel joined #rest |
| 14:12 |
|
|
vanHoese_ joined #rest |
| 14:12 |
|
|
ralphschindler joined #rest |
| 14:12 |
|
asdf` |
ecraven, sure, post is the thing to use for creating stuff |
| 14:13 |
|
ecraven |
asdf`: even if the server creates it, and not the client? |
| 14:16 |
|
asdf` |
ecraven, hmm, i'm not sure that's a useful distinction? |
| 14:19 |
|
ecraven |
asdf`: I am not either :-) |
| 14:19 |
|
ecraven |
asdf`: what about finishing or aborting a job with DELETE. is that strange? |
| 14:21 |
|
asdf` |
ecraven, you're just handling "resources" and getting a representation of it back; the server can do anything it wants when a resource is deleted, eg. stop a process, no problems there |
| 14:22 |
|
asdf` |
basically, yes, that's how it's supposed to work, it's simple, yes |
| 14:22 |
|
ecraven |
what about finishing a job by PUTting to it with some parameter progress=100% or something like that? |
| 14:22 |
|
asdf` |
note however when you DELETE a thing, it's supposed to not be reachable anymore, so for 'finishing' you might wanna update a status attribute on it instead |
| 14:22 |
|
asdf` |
right |
| 14:22 |
|
|
vanHoesel joined #rest |
| 14:22 |
|
ecraven |
ah, thanks for that hint |
| 14:35 |
|
|
fumanchu joined #rest |
| 14:44 |
|
|
pindonga joined #rest |
| 14:55 |
|
t_dot_zilla |
PUT is used for "updating" |
| 14:55 |
|
t_dot_zilla |
? |
| 14:56 |
|
t_dot_zilla |
are their different reasons to use PUT/POST/GET? |
| 14:56 |
|
t_dot_zilla |
(isn't UPDATE another one anyway?) |
| 14:56 |
|
_ollie |
good read: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html |
| 14:56 |
|
t_dot_zilla |
thanks :) |
| 15:03 |
|
|
ralphschindler joined #rest |
| 15:08 |
|
t_dot_zilla |
is it common or acceptable to use hyphens in the URL ? |
| 15:08 |
|
t_dot_zilla |
like /password-reset |
| 15:08 |
|
t_dot_zilla |
or is something like this better |
| 15:09 |
|
t_dot_zilla |
/password/reset, /password/update, etc.... |
| 15:09 |
|
_ollie |
in REST nobody cares what URIs look like |
| 15:09 |
|
asdf` |
t_dot_zilla, it largely doesn't matter but hyphens are preferable to underscores due to browsers underlining links |
| 15:10 |
|
t_dot_zilla |
what about in-comparison to using forward slashes |
| 15:10 |
|
t_dot_zilla |
i think /password/reset, /password/update, etc... looks better and more comprehensible |
| 15:10 |
|
_ollie |
a URI is a URI… don't care what it looks like… |
| 15:10 |
|
t_dot_zilla |
okay, thanks |
| 15:11 |
|
|
_ollie joined #rest |
| 15:14 |
|
saml |
PUT /password/1 will reset password 1 |
| 15:15 |
|
saml |
update |
| 15:37 |
|
|
shrink0r joined #rest |
| 16:09 |
|
|
lemur joined #rest |
| 16:59 |
|
|
16WAAIC9Z joined #rest |
| 17:30 |
|
|
_ollie joined #rest |
| 18:37 |
|
|
tr3online joined #rest |
| 19:13 |
|
|
Andre-B joined #rest |
| 19:15 |
|
|
fumanchu_ joined #rest |
| 19:58 |
|
|
shrink0r joined #rest |
| 19:58 |
|
|
vanHoesel joined #rest |
| 20:14 |
|
|
TeddyMurray joined #rest |
| 21:23 |
|
|
Andre-B_ joined #rest |
| 21:50 |
|
|
vanHoesel joined #rest |
| 22:41 |
|
|
tr3online joined #rest |
| 22:49 |
|
|
hackel joined #rest |
| 22:52 |
|
|
adaro joined #rest |
| 22:56 |
|
hackel |
It seems to me that in order to follow REST principles, when writing an authenticcation API that accepts a username and password and returns a token, this should be a GET request, since it is makes no changes on the server (aside from logging). Yet I don't see many people doing this. Any thoughts? |
| 23:01 |
|
|
mezod joined #rest |
| 23:21 |
|
|
adaro joined #rest |
| 23:32 |
|
|
shrink0r_ joined #rest |
| 23:34 |
|
|
warehouse13 joined #rest |
| 23:42 |
|
|
fumanchu joined #rest |
