Jon Hanna wrote:
> I'm more interested in the wisdom of nouns -> good, verbs -> bad and whether it
> always holds. While I agree with it, I'm wondering just how strong an axiom it
> is, and trying to find any exceptions, caveats or boundaries that might exist.
I think the "Do not put actions in URIs" maxim is not so much about
nouns vs. verbs, as it is about how link traversal is done in REST.
If you have a resource that links to another resource, the RESTful way
for this link to be traversed is for the client to fetch a
representation and then use a generic method on the contained URL.
When the "someuri?action=delete" pattern is used, it typically means
that there is a resource at "someuri" that links to another resource
that can initiate some server-side process, such as a deletion. Having
the client append "action=delete" to "someuri" effectively creates a new
form of link traversal. The client is asking the "someuri" resource to
traverse a link on the client's behalf and deliver an operation to the
target resource. This is a bad thing. Providing a uniform interaction
model across all applications is one of the main virtues of REST. A
particular application should not create unique mechanisms that replace
The "verb in the request" pattern is so common because it mirrors a link
traversal form used in OOP. In OOP, an invocation target is identified
by a pointer and method name pair. The runtime environment implicitly
dispatches on the method name, to determine the invocation target.
Method dispatch is a second form of link traversal in OOP, one that is
always done by the server.
In contrast, REST has only one form of link traversal, that is always
done by the client. Perhaps a more accurate way of stating the "Do not
put actions in URIs" maxim is "In REST, method dispatch happens on the
client side, not the server side". After all, our software doesn't know
verbs from nouns, but must know the difference between link traversal forms.
The web-calculus is the union of REST and capability-based security.