The Restful Objects specification defines a set of RESTful resources, and corresponding JSON representations, for accessing and manipulating a domain object model.
Should the list of available services that are returned be filtered based on the user's permissions? I believe they should be because no links should be returned that are not accessible based on the user's permissions.
If the answer is yes, then the caching headers should be short-term. I would recommend using USER_INFO because the list of available services are specific to the user.
Should the list of available services that are returned be filtered based on the user's permissions? I believe they should be because no links should be returned that are not accessible based on the user's permissions.
If the answer is yes, then the caching headers should be short-term. I would recommend using USER_INFO because the list of available services are specific to the user.