Skip to content

Instantly share code, notes, and snippets.

@jalcine

jalcine/HTTP_API.markdown

Last active August 29, 2015 14:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jalcine/ba75349969c20da3437f to your computer and use it in GitHub Desktop.
Save jalcine/ba75349969c20da3437f to your computer and use it in GitHub Desktop.
Download ZIP
A bunch of ideas for using HTTP as a API platform.
Raw
HTTP_API.markdown

Leveraging HTTP as a Basis for Interacting with APIs

Unauthenticated Requests

Using Last.fm's API as an example; let's wrap this call http://www.last.fm/api/show/user.getRecentTracks.

HTTP: http://www.last.fm/api/show/user.getRecentTracks
HTTP/API: lastfm://user/jackyalcine/currentTracks?size=5

Authenticated Requests

Using [Twitter's API][twtr] as an example; let's wrap this call https://api.twitter.com/1.1/statuses/show.json

HTTP: https://api.twitter.com/1.1/statuses/show.json?id=554408034672197632
HTTP/API: twitter://1.1/status?id=554408034672197632

There's no change to the route since authentication is typically done using headers, notably the Authentication or Authorization header. So no difference, at all. If anything, OAuth2 can work with this by forcing redirections to a regular HTTPS session for authentication (because we only do authentication over SSL, right?)

Securing Transport

By default, all of this should be done over an encrypted connection like TLS.

Raw
idea.markdown

Leveraging HTTP as a Basis for Interacting with APIs

Unauthenticated Requests

Using Last.fm's API as an example; let's wrap this call http://www.last.fm/api/show/user.getRecentTracks.

HTTP: http://www.last.fm/api/show/user.getRecentTracks
HTTP/API: lastfm://user/jackyalcine/currentTracks?size=5

Authenticated Requests

Using [Twitter's API][twtr] as an example; let's wrap this call https://api.twitter.com/1.1/statuses/show.json

HTTP: https://api.twitter.com/1.1/statuses/show.json?id=554408034672197632
HTTP/API: twitter://1.1/status?id=554408034672197632

There's no change to the route since authentication is typically done using headers, notably the Authentication or Authorization header. So no difference, at all. If anything, OAuth2 can work with this by forcing redirections to a regular HTTPS session for authentication (because we only do authentication over SSL, right?)

Securing Transport

By default, all of this should be done over an encrypted connection like TLS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment