- Event-Driven: EventEmitters->Events->Event Loop->Event Handlers
- REST的Stateless: 不管谁向服务器请求（通过URL），都得到唯一的结果。e.g. /profile/zhangsan
● A URL identifies a resource
● URLs should include nouns, not verbs.
● Use HTTP verbs (GET, POST, PUT, DELETE) to operate on the collections and elements● Use plural nouns only for consistency (no singular nouns)
● You shouldn’t need to go deeper than resource/identifier/resource
● Put the version number at the base of your URL
● Specify optional fields in a comma separated list
看http status code就知道结果如何
- Advantages of Token Based Authentication
● Stateless, Scalable and Decoupled
Server's only job is to sign tokens on a successful login request and verify that incoming tokens are valid, no lookup
● Cross Domain and CORS
Trivial to expose APIs to different services and domains, while cookies only work with singular domains and sub-domains.
● Store Data in the JWT
Store any type of metadata, as long as it's valid JSON, while cookie can only store session id.
Decoding a token is faster than looking up a session, also storing permission level in token saves extra lookup ops.
● Mobile Ready
A single API can serve both the browser and native mobile platforms like iOS and Android. Native mobile platforms
and cookies do not mix well.