API

[eevee]

Probably a tracking/planning ticket, because this is a big thing. But whatever can be done on the site, should be doable with an API.

• Prefer JSON, because fuck XML.
• I guess we don't have much better than OAuth for auth.
• I forget the blog post where I read about this or what the guy called it, but it's nice for JSON to have embedded links to other resources (like HTML! whoa!) instead of expecting clients to cobble more URLs together. Perhaps this even implies there'd be a top-level entry point useful for exploring the API.
• Oh right it will need hella docs.

Not critically important early on, but really nice to have.

[epii]

Haha, well, the OAuth2 implementation in the oauth branch is fully functional. Unfortunately, the branch assumes the API should be a separate app under /api, and I'm still not sure whether /api/* with a separate auth infrastructure or *.json with a NewRequest hook to use the right auth or what is a better approach.

WRT linking resources, I think I read the same blog post once. One of the other problems with a shared-app approach is URL generation. I'm not really in a hurry to replace Request.route_url. Maybe there is another way?