Time Nick Message 02:48 irctc174 hello anyone here? 20:24 foist I keep seeing this `/me` endpoint in more and more APIs. Is this not a violation of REST? 20:25 foist For example: https://developer.spotify.com/web-api/endpoint-reference/ (/v1/me Get current user's profile, /v1/me/following Get Followed Artists) 20:27 pdurbin foist: why would it be? 20:27 foist It’s not stateless. 20:28 foist Requires information about the current state of the session — the user. 20:28 foist pdurbin: ^ 20:28 * foist is not a resource 20:28 foist lol */me is not a resource 20:29 pdurbin https://developer.spotify.com/web-api/get-followed-artists/ requires an access token. seems fine 20:30 foist pdurbin: What about requiring an access token makes it okay? 20:31 trygvis ../me endpoints are useful for checking your communication level and authentication setup 20:31 trygvis foist: what makes it not ok? 20:31 foist Just what I said before. It’s not a stateless request. 20:31 trygvis there is no state, you can do that call at any time 20:32 foist `/me/following` requires state. 20:33 trygvis that is a different resource 20:33 trygvis but it's not necessarily a violation, but it is not good for caching 20:34 trygvis the important part is that it is discovered by the client 20:34 foist Could you describe the impact on caching, as well as why it isn’t a violation, seeing as it requires state? 20:34 trygvis you're the one saying it requires state 20:35 trygvis but caching will suffer as many clients will access the same resource which requires the endpoint to set cache headers that disables caching 20:35 trygvis if it was /<user id>/followers the resource could have been cached 20:38 foist trygvis: so basically each time that a new user requests `me/following` the cache is replaced with that particular user’s collection of artists they’re following? 20:40 trygvis no, it can't be cached at all 20:41 trygvis as in the server will say "no intermediate or client can cache this" 20:42 foist I see. Why do you say that it _doesn’t_ require state? `me` can only be defined given a particular state, no? 20:51 trygvis no, I can access /me whenever I want to. there is no restrition on when I can call it 20:52 trygvis I don't have to access /foo, then /bar and wait until it the wind comes from the south before I can call /me 20:53 foist trygvis: in this case `/me` is used to "Get current user's profile”. Given your foo/bar example, to use `/me` you do have to first retrieve your access token by authenticating. That is a valid analog to the wind blowing from the south, isn’t it? 20:55 trygvis there is no access token, there is only www-authentiate and you will provide the token when requested to do so (on a 403 respose) 20:55 trygvis the 403 can instruct you to do some other operations, but that is not relevant for the /me resource 20:56 foist There is an access token required to access the resource https://developer.spotify.com/web-api/get-followed-artists/ 20:56 foist the `Authorization` header field. 20:59 trygvis yes, sorry. the server sends www-authenticate with the possible mechanisms, and the client uses Authentication for the next request 21:37 foist trygvis: thank you.