

A spec for Humanized web APIs, aka HAPI - rdoherty
https://github.com/jheising/HAPI

======
mbleigh
I have a humanized version of my API. It's called the web interface for my
application.

This is a tremendously ill-considered idea that throws away decades of hard-
learned lessons in API design under the auspices of "human friendliness" and
isn't really anyway. Tell me, how do I know what types of resources are
available, and what parameters they accept?

The structure is overwrought, the "GET for all actions" is INCREDIBLY
dangerous, the entire thing is INCREDIBLY vulnerable to all kinds of attack
vectors (no, I don't think "don't use cookies" is an acceptable solution to
the problem). All so that you can have URLs that kinda-sorta resemble
sentences?

Do not build your API this way. Please.

~~~
mbleigh
After my blood cooled off a little, I feel a bit bad about posting such a
harsh response. I stand behind all the points I raised, but should have made
them in a more constructive way.

We build RESTful APIs using HTTP verbs and current conventions for a reason.
APIs are made for machines, not for people. There's always a balance because
hands-on poking around is nice to have, but curl isn't very "hard" and with
CORS you can build documentation with live examples right into the browser.

------
lupinglade
Don't do it!

