Thoughts on the sample-test

[bschwind]

These are just the notes I wrote down as I implemented my solution:

• Some confusion on HTTP status codes. Some tests expect 200 OK, but also expect data.code to be 401. Should both agree?
• Why is the companies/events endpoint a POST instead of a GET?
• Some way to add comments to fields in the API specs would be nice
• Generating nicely formatted HTML from the specs would make it easier to understand the API rather than looking at the raw text

Overall the test was pretty enjoyable. It was simple enough that you can do it in a day, but long enough that you can get a feel for the person's coding style. Though it is a "short-term" project, and engineers will treat projects differently when they know it's short-lived.

I enjoyed it though, and learned something new! I was wondering how to get by without storing the tokens server-side. Turns out this was a pretty good use case for JSON Web Token

[shunjikonishi]

@bschwind

Thank you for taking our test.

I made this test based on our current service.
Unfortunately it has some confusing specs.
Your points are exactly some of these.

About companies/events endpoint. I used POST.
Because its parameter has token field in body.
I don't like putting such a sensitive parameters in query parameter.

if token is stored in cookie or other custom http header, I might use GET method.

I'm glad to hear you enjoyed this test. We are going to make a web service which allows engineers to making and solving such a tests.

About tokens, I didn't think respondent bothers about it. I've imagined they use something that framework has.

You use JWT. I think it is very nice solution.

I hope to talk more next time.