Great video! But missing important PATCH? Also woulde be important mentioning authorisation... with userId, where do we handle this (HEADER - usually with bearer token) and how to handle the not authorised response ... but in all, very quick, to the point video... cheers!

Very concise and high quality. Love it!

Yes, finally, more.

Quick question, why was Patch skipped? I don't think it was mentioned in the video and it is a http method I see being used by several applications by different companies.

Love this video Amichai, very concise, and a great refresher for everyone!

Nice content!! Can't wait for more of this!

quality video thank You

Nice overview, but this raises a question for me: If you should use plural nouns and some level of nesting, given a game, should moves for a player in a specific game then be POSTed to /games/{gameId}/players/{playerId}/moves, or should you do a POST to /moves with a json in the request body? Functionally both would work, but I can't figure out which is dogmatic..

Mantappp

Finally

Is 201 created response okay if we are creating a collection of objects as the location header can only have the route for only one object created with the object's id but not the collection. Can you shed some light on it?

I'm having doubts about DELETE being idempotent. It's counterpart (POST) is not, as it creates new entities, so unless you're soft-deleting (so basically - updating some deletion timestamp - a common practice) an entity, DELETE will not be idempotent. It will remove the entity on the first request, responding 204 and it should do nothing on the second request (with the same ID), returning 404, as it shows the true state the server is in after the first request. Different states and responses on the first and next requests for the same parameters. EDIT: For anyone confused, as I was: with DELETE the idempotency is kind of "delayed". The first request changes the server state, as it should, but the subsequent requests with the same ID parameter will not change the server state (as in: will not add/remove entities). In that way DELETE is idempotent. "Soft-delete" should still be treated on the same level as UPDATE request, though.

Nice video! I'm thinking about DDD and CQRS integration. Is there any standard similar to REST but for task-oriented interfaces? Something like a task-oriented API? Or is it generally recommended to use just a task-oriented UI but a REST API under the hood?

if someone ask me to explain the http again i will send it this url without subject or title. :D :D Tnx. Amichai for the content.

Would be nice to have PATCH auth etc ... :

With REST API design I always ask myself "why oh why?". Why using it, when there are so much simpler solutions. I use JsonRPC and is so much simpler, so much easier to understand and so much more natural to use. So, why? Don't get me wrong, one can build really bad APIs with RPC, therefore the API design is VERY important. I usually try to design APIs where a RPC request always targets an object. It's like calling an action on an object from the domain model. I think that HTTP is abused in REST and that API design is adapted to fit to HTTP instead of adapting API design to our domain. There is simply too much mapping needed between domain code and API code in REST and requires lots of documentation to understand it. We developers have more than enough complexity elsewhere to deal with. Also all mentioned for REST apply also to RPC: nesting, versioning, idempotency, even HATEOAS.

I disagree with the /products/{productId}/reviews/{reviewId} URL. If you have reviewId it goes under /reviews/{reviewId}. Why make the user provide 2 different IDs? What happens if they mismatch? Why allow a situation where we need to answer these questions at all?