Aug 25, 2011

Api Design: Key vs Session

During discussion of our new API an question come up, why session is better than a simple key.
Session concept is to have per connection object with details on customer, it's preferences, etc.
Key concept is to have passive key and number of services that uses it.
I came up with following:
Session Key
Holds request specific data Need to hold request specific data in api objects
More agile approach, you can make you session active, have one master instance for actions or session-specific actors Managing class and a collection of keys are needed for two way communication
Visible list of services available You should knew about service existence before use it
It's complex to fake system It's easy to confuse keys
It's subject to update. Please place you thoughts about it.

No comments: