Your API is pretty strange. Some initial things that pop out on me:<p>json=true to specify the content type. Ideally, this should be from the accept header, but at the very least it should be possible to only specify one content type. Right now, I can specify json=true&xml=true.<p>Only using GET.<p>Session management on the client. Why would I want to log someone out?<p>Not using meaningful keys. s and t? Why not status and token?<p>HTTP codes should be used instead of status codes.