google iam resources list

31
down vote
accepted

Both forms are valid. However, for an API, I would recommend the second form. The reason is that it gives you a path for expansion of your API.

For example, if you have an API getUsersInGroup which returns an array of user objects, and later you decide you want to include, say, some aggregate statistics about the users being returned, there's no easy way to do that without breaking existing clients (or including lots of redundant data in each user object). If you use an object, you simply add another field to the object which is silently ignored by clients on a previous version of the API.

In short, try to avoid top-level primitives wherever possible in your API, and you'll find it easier to expand in the future.

via Doo

Compliquées ces api.. je me mets ça de côté pour plus tard car j'ai mis du temps à capter :

http://getpocket.com/developer/docs/authentication

D'abord il faut une consumer_key : voir la doc pour ça, c'est facile (= une api key)

Grâce à cette clé on peut avoir un TOKEN comme ça :

curl -X POST https://getpocket.com/v3/oauth/request --verbose --header 'Content-Type: application/json; charset=UTF8' --header 'X-Accept: application/json' --data '{"consumer_key":"CONSUMER_KEY","redirect_uri":"http://wallabag.org"}'

On utilise ce token pour dire à pocket qu'on autorise l'application

https://getpocket.com/auth/authorize?request_token=TOKEN&redirect_uri=http://wallabag.org

+

curl -X POST https://getpocket.com/v3/oauth/authorize --verbose --header 'Content-Type: application/json; charset=UTF8' --header 'X-Accept: application/json' --data '{"consumer_key":"CONSUMER_KEY","code":"TOKEN"}'

donne un ACCESS_TOKEN

on a enfin l'ACCESS_TOKEN, on peut requeter l'api :

curl -X POST https://getpocket.com/v3/get --verbose --header 'Content-Type: application/json; charset=UTF8' --header 'X-Accept: application/json' --data '{"consumer_key":"CONSUMER_KEY","access_token":"ACCESS_TOKEN"}'