Best practices for REST API design

Over on the StackOverflow blog: Best practices for REST API design. Some of it is good but I disagree with a bunch of things. I made some notes:

* Use singular

https://www.example.com/comment/list

Not:

https://www.example.com/comments


* Use multidimensional selectors, not path/hierarchical selectors:

https://www.example.com/comment/list?artist=nirvana&album=nevermind

Not:

https://www.example.com/album/nirvana/nevermind/comments


* Use noun/verb format:

https://www.example.com/comment/list
https://www.example.com/comment/register
https://www.example.com/comment/edit/54688
https://www.example.com/comment/view/54688
https://www.example.com/comment/reply/54688


* The [ noun, verb ] pairs map to Facilities for implementation:

[ comment, list ] => CommentLister
[ comment, edit ] => CommentEditor
[ comment, view ] => CommentViewer

Facilities have submit/render functionality and round-trip view state.


* HTTP success 30x's not 2xx's.


* Include a 'submission ID' on <form> elements for idempotent operations


* GET and POST only, don't CRUD URLs, rather invoke business processes

Password Best Practice

I read Password Primer today:

  1. Use at least 8-10 characters.
  2. Interchange upper and lower case letters with numbers and symbols.
  3. Consider a “Passphrase” like “Every good band deserves fans”: “!eGbAdfns2”
  4. Change your password every 6 to 8 months and immediately if you believe it’s been compromised.
  5. NEVER share your password with anyone you don’t trust – some would say never share your password PERIOD.
  6. Don’t write your password(s) on sticky notes and then post them to your monitor!
  7. Avoid using the same passwords for all of your accounts.
  8. Never send your password to someone in an e-mail.
  9. Don’t use the “Remember Password” option in browsers or websites
  10. NEVER make your login and your password the same thing.