For those people:
- REST is not SOAP
- REST means GET and POST, maybe HEAD, but likely not PUT or DELETE.
- REST means using URIs to identify some, but not all things
- RESTful API authentication involves OAuth or something similar - what, after all, is the other "officially" RESTful way of doing API authentication?
- REST usually means putting "custom HTTP header" information in GET query parameters or the POST body, to avoid defining... custom HTTP headers. Which method is best? The answer varies, depending on your situation.
- What is HATEOAS again?
- REST is most usefully practiced on rest-discuss
But maybe the real problem is that no significant application design problem can be solved simply by "using REST". The answer involves actually understanding your design constraints, and meeting real requirements with real solutions.