WREST [rest] = Website + REST
- A RESTful API service that is made available to its own website. The distinguishing behavior from a regular RESTful API is that calls coming from the client are identified the same way as other calls made by the client’s browser (viz., the client’s cookie(s)) rather than by API keys and secrets/signatures.
I’m currently working on a service that has both a website (usable by the general public), and a RESTful API (currently used by our iPhone app, and later usable by partners). A Flash component of the website also uses the RESTful API when it needs needs data from the server. And while partners will need to obtain an API key, get user approval to make calls on their behalf, and sign calls, it would not be appropriate to expect the same of the Flash component.
So, I made some of the RESTful API calls available in a way such that the client can be identified by cookies instead of an API authorization token.
This results in the service having four classes of HTTP calls:
- Regular website calls – calls made by a client’s web browser, where the response is HTML or a resource such as a JPG, CSS, or JS file. Clients are identified by their cookie(s)
- REST – calls to RESTful API methods made by non-web-based client or via a 3rd-party. Every call must include the caller’s Application API key and be signed with their API secret. The user the call is being made on behalf of (if applicable) is identified by an authorization token included as a request parameter. For us, the response is XML (and for others it may be another data interchange format such as JSON).
- AJAX – calls made by a client’s web browser (typically asynchronously) where the response is XML but the call is not an API call (viz., not RESTful). They are specifically designed to serve website needs, and likely characteristics are that they:
- include HTML fragments to be included in the page dynamically, or
- include other data or parameters specifically to dynamically alter a portion of the current web page.
- WREST – RESTful API calls made by the website. For us, this is primarily used by the Flash component(s). The client is identified using cookies and the session like the website, but respond purely with structured data (in XML) like the ‘REST API’. The controllers that serve these calls are generally the same controllers used by the REST API servlet. A good rule of thumb is that: if the call would not make a good (REST) API call, it is probably an AJAX call and not a WREST call. Thus, WREST is generally a subset of REST.