Tim Bray reviews the REST/SOAP debate in light of Dave Sifry’s Technorati API. Dave went with URI-based access, but you need to send a key in the request parameters, and since you’re limited to 500 queries a day, you don’t want to publish the URI you use.
There’s a couple ways to go here. One is to abstract away the Technorati request from the public interface — i.e. your application. So your server-side code talks to Technorati with your key via HTTP GET after getting the request from the user, and processes the result. That’s how I implemented the Google search appliance at work. The end user doesn’t talk to the Google box, we take the search request, construct a URL, talk to the Google box and render the XML the Appliance returns. You write this up as a class, so it’s easier to plug in. Mark Pilgrim’s already built a Technorati interface for Python, so you can use it in your applications.
Another would be for Dave to look for your application key in the HTTP request header. That’s easy enough to implement on either side. The major web languages all have functions or objects to allow you to add your own headers to a request. When I worked with the eBay API a couple of years ago, that’s how eBay expected to receive the key authorizing us to talk to their XML server.
I’ll have to look up if the headers in a HTTPS request are encrypted, since you’d need that in order to keep someone from sniffing for your Technorati key in headers sent in the clear. I’m pretty sure they are.
Possibly Related posts (machine generated):