I found the book an excellent read as a start and noticed that some additional practices for production env. on the following would be great to have.
#. How do you create a “secured” stateless REST APIs using expressJS
While session management in Chapter 7 is a great read for web applications in general,we do see the need that same data services is required by mobile applications along with web applications.
Check out Restify for a API-specific HTTP service module.
People use REST and RESTful in varying degrees of ‘RESTness’, I am not quite sure which degree you are coming from. Read this interesting article, “Your API is not RESTful“, to get the context.
Implementing a truly and wholly RESTful API in any platform is going to be a substantial effort. However, resourceful routing (Chapter 3, page 73) is very REST-like. You can secure it by the use of session or API token, depending on the nature of your client.