1

There is a push in modern scripting frameworks to use RESTful request routing instead of a one-size-fits-all URL path routing.

respond('GET',    '/posts',       callback);
respond('POST',   '/post/create', callback);
respond('PUT',    '/post/[i:id]', callback);
respond('DELETE', '/post/[i:id]', callback);

vs

respond('/posts',       callback);
respond('/post/create', callback);
respond('/post/[i:id]', callback);
respond('/post/[i:id]', callback);

I must confess that I am still using the old-and-busted method where the resource is accessible at the given URL regardless of the request type.

Is there anything I'm missing by using the old format?

Improve this question
2
  • Are people able to make GET requests against your URL that is responsible for deleting data? I believe that can leave you open to certain types of cross site forgery attacks. Commented Aug 24, 2011 at 20:52
  • "Nonces" or "Tokens" are always used to prevent that type of thing. Even though GET is easy to spoof, it's also posible to spoof a POST/DELETE. Use action tokens. Commented Aug 24, 2011 at 21:01

1 Answer 1

Reset to default
0

In my view what you are missing on, is the inherent architecture of a RESTful API. From an implementation point of view, the separation of request, resource and callback function, that REST imposes, encourages you to use an architecture which, by design, is clear and understandable. Separation of concepts in distinct parts is very important, especially when dealing with security-sensitive applications like web APIs. It reduces the complexity of development, testing and maintentance, and thus makes them quite easier to handle.

Improve this answer
2
  • How does it reduce the complexity of development, testing, and maintenance? From clarity? The slight increase in explicitness? Commented Aug 24, 2011 at 23:19
  • Exactly. The explicitness makes things much easier to deal with, since there's such clear separation and isolation of the role of every callback. Of course the fact that REST imposes this inherent design princisples, doesn't stop anyone from having a terrible implementation. However I just think that it's a tad more difficult to mess up than other more fuzzy architectures :) Commented Aug 25, 2011 at 7:44

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.