Sam asks

Now it turns out that the Google API has a limit of a 1,000 queries per day. This means that the 1,001st query will not have the same result as the 1,000th query. The query itself has a (GASP!) side effect. It is most decidedly not idempotent. So what do you do? Call back the Hobbits and recode to use POST, or do you make the pragmatic decision to slightly bend the rules a bit?

Well, first of all, that part of 2116 that you referred to earlier in your blog (presumably you meant 9.1.1 not 9.1.2) says “SHOULD NOT”, not “MUST NOT”. The reason this is so, is because unsafe GETs won’t break the Web; web page counters demonstrated that. What will break the Web is if people who click on a URI get blamed for causing the side-effect, as 9.1.1 points out when it says “The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.”. Also, it’s not a fundamental axiom, in the same way that a uniform interface is – it’s derivate (though lots of other important principles are too).

But with that said, your example is an excellent one, because clearly a counter such as the one you describe would be “blaming” the user for bumping it up by one. So IMO, no, this service should not use GET, at least for those queries. It should be bootstrapped with GET though, so that you GET the HTML form, but the form results should be POSTed back.

Also, in case you were going to suggest that this somehow makes the Google API “ok” because it uses POST, it should be noted that it doesn’t use POST, it tunnels through it. A client needs to know more than just the URI, the form structure, and the POST method. It needs to know what the string “doGoogleSearch” means.

And as for RSS, I welcome any suggestions for a blogging tool/service that provides free RSS feeds and lets me edit from a browser (something that Dave Winer seems dead set against providing – or at least he was in the past).


no comment until now

Add your comment now