Using Last.fm's API as an example; let's wrap this call http://www.last.fm/api/show/user.getRecentTracks.
HTTP: http://www.last.fm/api/show/user.getRecentTracks
HTTP/API: lastfm://user/jackyalcine/currentTracks?size=5
Using [Twitter's API][twtr] as an example; let's wrap this call https://api.twitter.com/1.1/statuses/show.json
HTTP: https://api.twitter.com/1.1/statuses/show.json?id=554408034672197632
HTTP/API: twitter://1.1/status?id=554408034672197632
There's no change to the route since authentication is typically done using
headers, notably the Authentication
or Authorization
header. So no
difference, at all. If anything, OAuth2 can work with this by forcing
redirections to a regular HTTPS session for authentication (because we only do
authentication over SSL, right?)
By default, all of this should be done over an encrypted connection like TLS.