Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> and the ACME API is pretty enthusiastic about being RESTful

Without looking at it, are you sure about that?

I once used to know what REST meant. Are you doing REST as in HATEOAS or as in "we expose some http endpoints"?




Everything is an object, identified by a URL. You start from a single URL (the directory), and you can find all the rest of the resources from URLs provided from there.

ACME models everything as JSON objects, each of which is identified by URL. You can GET them, and they link to other objects with Location and Link headers.

To quote from the blog post:

> Dig around in the headers of the response, looking for one named "Location". Don't follow it like a redirection. Why would you ever follow a Location header in a HTTP header, right? Nope, that's your user account's identifier! Yes, you are a URL now.

I don't know if it's the pure ideal of HATEOS, but it's about as close as I've seen in use.

It has the classic failing though: it’s used by scripts which know exactly what they want to do (get a cert), so the clients still hardcode the actions they need. It just adds a layer of indirection as they need to keep track of URLs.

I would have preferred if it was just an RPC-over-HTTP/JSON with fixed endpoints and numeric object IDs.


That's pretty good! Better than 99% claims of REST for sure! Thanks for the long reply.


REST has for a long long time meant "rpc via json over http". HATEOAS is a mythical beast nobody has ever seen in the wild.


Eh, I think that’s what it meant for a while. I’ve now interacted with enough systems that have rigor about representing things as resources that have GET urls and doing writes with POST etc that I don’t think it’s always the ad hoc RPC fest it once was. It may be rare to see according-to-hoyle HATEOAS but REST is definitely no longer in the “nobody actually does this” category.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: