On 6/02/2014 23:27, Quoth Bjorn Reese:
On 02/02/2014 11:05 PM, Gavin Lambert wrote:
The way to handle that, I would think, would be to have the "public" API be more limited in scope (not an identical copy that mostly returns not-authenticated errors), and to provide an "async_authenticate" request that calls back (single-shot) with an interface that provides the complete API.
Authentication is just one example of how the API may need to change its operational mode dynamically. You could also have a maintenance mode, a defensive mode (against denial-of-service attacks), a budget vs premium mode, and so on.
How do I change from defensive mode back to normal mode?
How are you imagining that the modes change? For example if a client can dynamically upgrade from budget to premium mode then that's just another case of authentication. If it's a global server state change, then probably it would disconnect all currently subscribed clients (calling them back with an error code) and let them reconnect to its new API provider, which might refuse certain operations entirely or place different limits on them.