So let's look at the Richardson Maturity Model, a quick and easy way to evaluate how RESTful these are.<p>1. Resource - yep, they have this concept to some extent, although additional support for metadata in headers would be nice. (i.e. automatically doing last-modified, etc)<p>2. HTTP verbs - yep, they all do this quite niecly.<p>3. Hypermedia controls. Nope.<p>In my opinion, levels 1 and 2 are really just developer convenience, they make for nicer APIs to develop with, but don't necessarily add a huge amount over RPC or something else as far as the code goes.<p>The massive benefit of REST comes in level 3. When you have APIs that are self-descriptive, and consumers that adapt to changes in APIs in the same way that we (people) adapt to changes in the structure of web pages, that's when things get really interesting, that's where the major advantages lie.<p>Unfortunately, I haven't seen good support for level 3 in a Node.js framework yet, although I'll admit I haven't had a good look for a few months. As far as I can remember, Rails isn't a huge amount better in terms of native support, although I'm sure there are gems which will help.<p>So far, the best I've seen at a framework for making RESTful APIs is the Django Rest Framework: <a href="http://www.django-rest-framework.org/" rel="nofollow">http://www.django-rest-framework.org/</a>. It has really good support for hypermedia controls.<p>Steve Klabnik wrote a good post on the topic of RESTful APIs, and having seen them being used, I really do think they are valuable: <a href="http://www.django-rest-framework.org/" rel="nofollow">http://www.django-rest-framework.org/</a><p>Also, I find the example in this talk about Hypermedia APIs to be an incredibly elegant implementation, and a case of a really well designed API: <a href="http://vimeo.com/20781278" rel="nofollow">http://vimeo.com/20781278</a>
It looks like it handles Authentication and Authorization by providing a standard User model and passing tokens into the data layer. This is better than most REST SDKs, which tend to defer the entire problem to "something else".<p>The downside is all of that unnecessary redundancy that we avoided in the demo now has to be created if we want proper access control. It would be nice to assign roles to users, and declaratively state which roles could access which verbs for which models.
Maybe I'm weird, but I think I actually prefer the Express example. When I used Rails I found the biggest learning curve was actually learning how to get around the magic when necessary, leaving me craving something more like Sinatra, which Express is heavily modelled after.<p>From all I've heard about hapi, I expected the hapi example to be closer to the LoopBack example. Is there a hapi user who can chime in?