Clear up some concepts to provide a RESTful Web service with Rails 3

Question

I want to build a Rails application that expose a RESTful web service used by a mobile application. I wanna create something maintainable and scalable, but I'm a little bit confused about best practises to achieve a good result.

First things first, API versioning. Over time my APIs will grow up and I want to keep them as smooth as possible. I've read this post: Best practices for API versioning? and I completely agree with it.

An excerpt of my routing strategy is:

/api/v1/ .. all sorts of controllers (api v1) ...
/api/v2/ .. (api v2) ..
/api/    .. controllers of the latest mainstream API

As a development strategy, I take advantage of JSON data formats, also to create new resources.

Another important aspect I'm afraid of is security: I cannot generate an authenticity token from the mobile APP, so I'm wondering how to protect the Rails API controllers. Should I use standard HTTP authentication? Are there better ways to do that?

Last but not least, I'm trying to improve overall performances: remove unnecessary rack middlewares, inherit from ActionController::Metal and get rid of ActiveResource. Should I consider some pitfalls?

Any suggestion to build such a RESTful application will be appreciated.

Answer 1

You seems to be on right track, there are few things I want to mention:

1. Decide the input and output format. JSON is a faster choice but XML provides schema validation and more control. Chose depending on your need.

2. Use simple HTTP Basic authentication for security to start with. If you want more control, then introduces token based authentication such as OAUTH.

3. Make sure you use the plurals for the REST entities in URL. As plurals are good for a single or multiple entries fetch.

4. Decide about the synchronous and asynchronous nature of REST APIs. If an operation takes too long then make it asynchronous. Return a ref URL to user for polling as part of 202 Accepted response.

Hope it helps!