As reported in the previous blog item, an important element of the new inventory system will be the RESTful API. Currently, the invquery and invedit commands use SQL directly to perform queries and updates. This has integrity “issues”, means that changing behaviour can be laggy (code needs updated on clients), and means that other code that wants to do queries or updates must duplicate the code. A RESTful API will overcome these problems.
After reading numerous web articles and blogs on REST API design, and being confused by the differing views on what constitutes good API design, I have produced a draft API design. The API will be available in two forms – one which is completely un-authenticated but allowing only queries, the other being GSSAPI authenticated for both queries and updates. (The original intention had been for the GSSAPI authenticated tree to provide a login method issuing a short-lived token to be used by the client for subsequent operations (which wouldn’t be GSSAPI authenticated). However it turns out that GSSAPI for every operation isn’t that expensive and has the benefit of significantly simplifying the code.
The intention is to use perl-Catalyst-Action-REST to implement the API.