http://oreilly.com/catalog/9780596805838 chapter 2
http://oreilly.com/catalog/0636920028468 chapter 5
RESTful Web APIs (http://shop.oreilly.com/product/0636920028468.do) was a good starting point for understanding RESTful HTTP APIs.
1. Explicit versioning, stuffed into each resource's URI
This is really bad, it shows the designer has only experience with RPC, but not resource-oriented. Bumping the server version breaks all clients for no good reason. Imagine if the Web sites worked that way: you have to upgrade your browser before you can visit an updated site. The correct way to do it is to version gradually, and express a changed semantic for a resource type by coining a new link relation for it. Do not put semantics in a resource URI as the article advises!
2. Utter lack of hypermedia controls
The article mentions CSV as possible media type for that entity. As we all know, CSV does not have or support hyperlinks, forms or any other hypermedia control. This is a serious oversight because it's not possible to have a RESTful architecture without those controls. Remedy: the designer must implement controls in the message body where natively supported by an entity type (e.g. XLink or XForms for XML) or else fall back to the message header (e.g. Link header/URI templates for CSV).
3. Fixed URI structuring
This is related to point 2 above. Example: How does the client know how to construct this URI? The article mentions no hyperlinks or other controls. It does say "define the right endpoint names" which I surmise go into some sort of specification document, which is wrong. Doing so makes the server lose control over its URI space and creates unnecessary tight coupling, which is brittle. Express typed resources with link relations, not with the resource URI structure! There must be only exactly one entry point (bookmark) for the client to know, all other URIs are derived by traversing the resources through controls!
4. Lack of clue about security
The article talks about authentication with OAuth or HTTP basic authentication. OAuth is chiefly for 3rd party authorization, no wonder the article's author is confused. Implementing this is workable, but overkill if all you need is authentication, making it much more difficult for a programmer to implement client software correctly, but brings no benefit. HTTP basic authentication is either clear text or susceptible to replay attacks. <http://www.xml.com/pub/a/2003/12/17/dive.html> Remedy: it's 2014, just use TLS. Let the transport layer take care of authenticating a user, the application code on the server is free of authentication.
5. Reinvents the wheel for error handling
Established draft standards exist. Use them. <http://www.mnot.net/blog/2013/05/15/http_problem> <https://github.com/blongden/vnd.error>
tl;dr Article is pretty much amateur hour, I advise the interested reader to get one of the classic books on REST instead to learn it properly. <http://oreilly.com/catalog/9780596529260> <http://oreilly.com/catalog/9780596805838> <http://oreilly.com/catalog/9781449358068>
Update: angle brackets are reserved characters for delimiting a URI, not part of a URI. Hackernews, you are out of compliance with RFC 3986, please fix your shit.
If you think that consumers of the API would like to see the orders, embed them.
If you think that consumers would like to see an attribute like `total` for the order, embed it.
If you think that consumers would like to see some user_account information, embed it.
If you think that the total size of a collection is too big, paginate.
Tell your users that `X` may be embedded in `Y` and `Y` may be embedded in `Z`.
Write the code that consumes the API to expect the API to change.
HEATEOS is the constraint that matters in REST, all else is provided by the http spec etc.
If you want to paginate, use link realtions: http://www.iana.org/assignments/link-relations/link-relation...
If you want to describe a relationship, use a link relation.
Watch this: http://vimeo.com/20781278 Read this: http://shop.oreilly.com/product/0636920028468.do
[1] https://www.oreilly.com/library/view/restful-web-apis/978144...
[2] https://htmx.org/essays/hateoas/