Do I understand the principles of REST?

Based on information I learned, the points below are not necessarily restful, and if you are not, you are the result of this architectural approach. So, I need a single page web application with RESTful backend. If I broke something or acted irrationally, correct me. Here's how I do it:
  1. SSL
  2. Sessions are not, and the backend is not provided in the corresponding logic.
  3. After the authorization token is issued.
    1. Which allowed (?) to set the expiration period.
    2. Who is allowed to write to the cookie storage from the client
    3. But which must be explicitly transferred in each request that requires appropriate permissions.
    4. Unlike session, which records data about the logged in user and God knows what the data stay where they belong — in the database (or cache requests), and the token is the key to access these data.
  4. To write and read cookies can only frontend.
  5. I need the ACL, and, of course, will respond to the server, if necessary, denying the client the relevant headers and message in the response body. The server accepts the request and the token and determines the user rights for the requested operation, of course, applicable to the specified resource or instance.
  6. Total — the logic of the backend is only in the interaction with the database in the ACL, nothing more.
  7. All business logic at the front.
  8. Maybe the frontend if necessary, will store their own status, and I may be in this place simply will manage the caching of HTTP requests. But, in any case, caching should be (where it may be desirable).
Please no holivar — it is not about the merits or shortcomings of the REST and about how he meet these provisions. And the huge request to moderators to be lenient to the question of uniqueness of the possible answers, because this question is of great practical importance.
July 8th 19 at 16:06
2 answers
July 8th 19 at 16:08
To write and read cookies can only frontend.


No, because it is a stateless mechanism. It acts as a token.

I need the ACL, and, of course, be reply server


403 status code. Everything else is optional.

Total — the logic of the backend is only in the interaction with the database in the ACL, nothing more.


depends on the project.

All business logic — at the front


Depends on the project. If you have users have no interaction with each other and no shared data, then Yes. In this case, you even the backend does not require special. Enough to turn in Midler rest interface to a Monge.

And if there is common to multiple users, as you will have part of the business logic to make the server. It will act as a single source of truth.

Maybe the frontend if necessary, will store their own status,


Rest only about the interaction of client and server. It makes no difference that there the client does or what the server is doing.

Pretty well the principles and limits describing restful is described here:

www.restapitutorial.ru/lessons/whatisrest.html

unfortunately the rest of the information is not complete. For example there is no mention how to work with the PATCH method.
> And if there is a common for multiple users, as you will have part of the business logic to make the server. It will act as a single source of truth.

I see the need for this only for the ACL or for the logic that will use something like websockets. That is, data sharing is the jurisdiction of the ACL. and the exchange as is, in an abstract view, conditionally-P2P-interaction, where the backend if necessary, must be supplied only a proxy (and possibly validating) logic, but not beyond necessity. Or have I missed something? - drake.Wolff59 commented on July 8th 19 at 16:11
: again. There are different projects and different requirements. In my projects to make all the p2p will be very difficult and easier to take out the business logic on the client. On the other hand in some projects you can do without the backend to do just as you describe.

You're talking about a project where the backend does not require anything more complicated CRUD and. such projects, perhaps 90% percent. - Allene_Crona78 commented on July 8th 19 at 16:14
July 8th 19 at 16:10

Find more questions by tags RESTful API