Hi all,
Not sure how to phrase the subject correctly. Basically I am trying to keep my API as HATEOAS as possible.. finding it difficult at times. I have a service, that provides an entry URL which consumers (supposedly web apps or mobile apps perhaps) would first call to get a response back of links they can then follow. Based on their creds, this list of links they get back would vary. Now, for a mobile app, typically a user launches the app, the app would then make that initial call and go from there. But for a web app that is up 24/7, when it initially deploys (presumably in production) it would make that initial entry call. I would assume in most sites this would occur as each end user logs in if that is how the service is set up. In our case, one of our clients uses our service to pull down some data that is used on their "outside" site BEFORE a user ever logs in. In fact it's used in their registration form, so there is no end user session yet. So, do I
tell consumers, once an hour refresh the entry URIs, just in case we redeploy and change something? Also, it's possible the consumer web app end users themselves may have limited links they can follow once logged in. Our service offers auth levels, so a consumer web app could allow end users to fit within one of these levels, thus allowing the web app to show/hide links based on the end users creds and thus access rights.
So, our service has two uses.. the consumer web app can pull down some data used before any end user logs in, and then there is the end user logging in. Right now the consumer pulls the entry just once and never again.. doesn't refresh it ever, not even when users log in. I am not quite sure how to explain to a consumer that they either need to have separate end user entry calls so that each end user gets their own set of links to follow.. and that their global web app entry can be used for their outside site where they pull some data down.. or if there is some other better way to handle this.
I hope this is not too confusing.
thanks.