This time, in this series about pragmatic RESTful API Design, I'll discuss authentication.
There are many schools of thought - my colleagues at Apigee and I don't always agree on how to handle authentication - but overall here's my take.
Let's look at these three top services. See how each of these services handles things differently:
Permissions Service API
Note that PayPal's proprietary three-legged permissions API was in place long before OAuth was conceived.
What should you do?
Use the latest and greatest OAuth - OAuth 2.0 (as of this writing)
Don't do something *like* OAuth, but different
It will be frustrating to app developers if they can't use an OAuth library in their language because of your variation.
Next time: Versions - how many? Meanwhile, I'd love to hear from you over on the API Craft Google Group.