* The REST API will be implemented using HTTPS and REST principles
* The REST API uses JSON as the primary data interchange format (serialization of data structures should be abstracted), other formats should be possible in the future.
* Authentication via Basic HTTP-Auth* Multiple authentication methods are possible** can be added in the future (possibly Web-Server assisted):*** Basic HTTP-Auth*** X509 Certificate based authentication*** Kerberos
** API key with shared secret
** Access tokens
** OAuth
* versioned API (either via URI or the Accept-Header)
* All API calls need to be fully nonblocking. If an expensive call has to be made to a backend system, the client needs to be provided with a status URI which can be checked for the current status or preferably be notified via [http://en.wikipedia.org/wiki/WebSocket WebSockets].