Let's say I have an order of resource types with a status that can be changed, it can have different statuses (process, accept, reject, expired, successfully).
Warning: if your domain is not document management, you may end up in a tangle if you try to match your resources with the concepts of your domain. Jim Webber warned about this year ago ; in most cases, your resources are part of an integration domain. These are small digital pieces of paper that are used to interact with your domain model.
{ ... "links": { "accept": "http://example.com/order/accept", "decline": "http://example.com/order/decline" } }
The basic idea here is in order - if the client wants to invoke the accept protocol, they know which link to use; similarly for the descent protocol. Anything else, the client knows that he should not try to do it because the links are not available; for example, if a customer’s goal was to expire an order, he would know that he was at an impasse.
Writing a URI here is a little strange; the client does not need to worry about spelling, but the request must be stateless. If order is a type of resource, then how do you tell which order to accept / reject.
And if the above is correct, should the status be changed using PATCH or GET?
None.
GET is incorrect because advertising that the resource supports GET is an expression that the operation is safe, which means that intermediate components can speculatively follow the link, preloading the result to save the client time. Not what you want to do if you understand the message to communicate the decision made by the client.
PATCH has two problems. Firstly, it is designed to manipulate documents; if your application is a document database, then PATCH is fantastic for making one or more changes to the scope. But this is not so good for working with proxies of the business model; instead of having the client communicate its intent to the server, the client reports a side effect that its intention will have in the view, and then the server tries to infer the intent from the side effect.
But you could get around this; in the end, you can choose the media types of your support and potentially limit yourself to those types that allow you to express the intention of the customer.
The second problem is that PATCH is not idempotent; it has the same failure modes as POST - if the request is not confirmed by the server, the client cannot easily determine whether the request can be repeated.
The direct approach is to think about the changes, similar to putting a handwritten note in someone’s inbox
Order 54321 must be accepted. Please do it. Signed, customer.
In other words, we are not trying to directly manipulate the order resource, but instead send a note to the inbox, which will have a side effect when manipulating the order. The client describes the change that he wants, the server makes the change (or not, if you allow the server to be autonomous).
PUT (which is idempotent) or POST (which is not the case) are suitable for this approach. Essentially, you add a new message to your inbox and you can use this idiom to select the appropriate method.
And if it were PATCH, how would you know (defeat the goal of hypermedia)?
How did the client know what to look for links in the link property?
How does the browser know what to do with links in an HTML document?
REST answer: they know, because you have put a lot of effort into developing the type of media itself. In the case of the network, a lot of time and effort was spent developing a text / html media text type, and therefore any client created with HTML in mind can consume a view created by a server that shares this understanding - the client and server are separate from each other, but have common basis.
In the case of HTML, the media type defines the HTTP methods associated with the links (the exception is the forms that allow the view to specify a method from a limited set). Stand on the shoulders of the giants.