Time  Nick     Message
02:48 irctc174 hello anyone here?
20:24 foist    I keep seeing this `/me` endpoint in more and more APIs. Is this not a violation of REST?
20:25 foist    For example: https://developer.spotify.com/web-api/endpoint-reference/ (/v1/me Get current user's profile, /v1/me/following Get Followed Artists)
20:27 pdurbin  foist: why would it be?
20:27 foist    It’s not stateless.
20:28 foist    Requires information about the current state of the session — the user.
20:28 foist    pdurbin: ^
20:28 * foist  is not a resource
20:28 foist    lol */me is not a resource
20:29 pdurbin  https://developer.spotify.com/web-api/get-followed-artists/ requires an access token. seems fine
20:30 foist    pdurbin:  What about requiring an access token makes it okay?
20:31 trygvis  ../me endpoints are useful for checking your communication level and authentication setup
20:31 trygvis  foist: what makes it not ok?
20:31 foist    Just what I said before. It’s not a stateless request.
20:31 trygvis  there is no state, you can do that call at any time
20:32 foist    `/me/following` requires state.
20:33 trygvis  that is a different resource
20:33 trygvis  but it's not necessarily a violation, but it is not good for caching
20:34 trygvis  the important part is that it is discovered by the client
20:34 foist    Could you describe the impact on caching, as well as why it isn’t a violation, seeing as it requires state?
20:34 trygvis  you're the one saying it requires state
20:35 trygvis  but caching will suffer as many clients will access the same resource which requires the endpoint to set cache headers that disables caching
20:35 trygvis  if it was /<user id>/followers the resource could have been cached
20:38 foist    trygvis: so basically each time that a new user requests `me/following` the cache is replaced with that particular user’s collection of artists they’re following?
20:40 trygvis  no, it can't be cached at all
20:41 trygvis  as in the server will say "no intermediate or client can cache this"
20:42 foist    I see. Why do you say that it _doesn’t_ require state? `me` can only be defined given a particular state, no?
20:51 trygvis  no, I can access /me whenever I want to. there is no restrition on when I can call it
20:52 trygvis  I don't have to access /foo, then /bar and wait until it the wind comes from the south before I can call /me
20:53 foist    trygvis: in this case `/me` is used to "Get current user's profile”. Given your foo/bar example, to use `/me` you do have to first retrieve your access token by authenticating. That is a valid analog to the wind blowing from the south, isn’t it?
20:55 trygvis  there is no access token, there is only www-authentiate and you will provide the token when requested to do so (on a 403 respose)
20:55 trygvis  the 403 can instruct you to do some other operations, but that is not relevant for the /me resource
20:56 foist    There is an access token required to access the resource https://developer.spotify.com/web-api/get-followed-artists/
20:56 foist    the `Authorization` header field.
20:59 trygvis  yes, sorry. the server sends www-authenticate with the possible mechanisms, and the client uses Authentication for the next request
21:37 foist    trygvis: thank you.