restfulness | Because REST APIs are all about resources | REST library

As you said; keeping guest shopping cart items and maybe things like favorites(if you have) in LocalStorage is good solution; that way you wont keep your backend busy, and wont lose client's data, lets say, if you want guest to be registered to finalize their purchase.

For analytics part; you can run seperate analytics logic and send it to Google Analytics(If writing your own is too much work). Check out react-ga package. You can track events like scroll positions on items page, how many times an item added to shopping cart etc.

https://www.freecodecamp.org/news/performance-and-user-tracking-in-react-with-google-analytics/

Apart from Scaling as an advantage of micro-services, it also provides you with the flexibility to choose polyglot architecture i.e (using the right programming language, framework, database for the right job).

If you use spring sessions(which off-course provides session replication across nodes), internally it uses Redis/gemfire/hazelcast as a replicated session store, but you will have to stick to one programming language & framework for all your services i.e Java & Spring resp.(You can off course write your own implementation in other languages to read from session store, but its re-inventing the wheels) And this will take away Benefit of Polyglot Architecture.

So typically in microservices architecture, you have a token-service(and it should be able to scale individually) implementation to generate tokens(aka sessionIds) which are used for Authentication & Authorization in each service and you should try to avoid storing the session information. It will also help to avoid "Single point of Failure".

it is based on the nature of the front end

if you use mobile application deployed in a public store where anyone downloads it and auto register using social ID, then your technology is not good

Usually for a enterprise mobile application, the session Data should be encrypted and sent back and forth in the request response and maintained in the mobile code

if this is simply a web page and the REST also available in the same sever where the HTML is deployed then session can be stored in DB

If the REST is separated in another computer and you invoke it from the front end server side code via internal ip/host address which is not exposed to public, then your logic is not good

front end server side code - means you can have a dedicated server which responsible for react js execution which does not contains the database access code - only AJAX service it will have which is obviously REST, there can be another server which will again receive another REST call which will talk to another computer where MySQL or Oracle is installed

means 1 web server 1 app server and 1 database server - like real world enterprise applications

if your DB is not configured in the same computer then storing session in DB is not a good idea, create a cache DB server like redis or couchbase in the first computer and store the session there, leave the business DB alone separated from your UI logic and needs

You don't. What you describe is still having a single monolith and putting 100 microservices as a facade. That makes about as much sense as ordering a large pizza and a dozen small salads as dessert because you were told that having a small salad for a meal would help you lose weight. That's not how that works.

Either look into microservices and what you gain by using that architecture, or go with your single service that does it all. Both might be valid choices, just don't pretend you are doing the other one too.

Statelessness in REST specifically refers to the self-descriptiveness of messages.

That means each request must contain all the information necessary for the server to process the message. The request can not refer to previous requests for context. The linked document (Fielding's dissertation, the origin of REST) details quite well why that restriction is useful for distributed systems.

So in the end it does not matter whether something is in the database or in memory on the server, the client must not rely on previously established conversation state for followup requests.

Think of it this way: The client may delay its next requests for days, or the client may execute a request from some form of bookmarks, or the request may go to a different server than all previous requests. Or it may be the first request the client makes. This all should work exactly the same way.

Another important point is that "session state" is different from business-related things stored in the databases (that you seem to refer to). Of course the server may store business-related things in its database, it may even store or cache (in memory) login data or conversational state if it wants to, that's all fine. What the client and server may not do however is "enrich" a request with context from previous requests.

So the client may request to execute a query against some database, which obviously has some "state". What it may not do is to say: execute this query with additional parameters (like login) specified in some previous request I've made.

This line may blur in certain cases, for example when the server allows to create "transactions" for clients as resources. But when in doubt, always know why you need this property and what value you want to have from it in your specific architecture.

Restful server is separate from the database. Restful server, if there is such a thing, is just a web server. REST is just an architecture, say a methodology, that delivers information from server to client and vice versa over HTTP.

It's a non-trivial constraint on JS code. JS should be thought of as a client rather than a resource representation. It's true that it's both, but only from 2 different points of view. When the JS is wearing it's "resource representation" hat, it's inert and doesn't do anything. When it's wearing it's "REST client" hat, it no longer matters that it came as part of a resource representation.

Hard coded links aren't the only problem: JS code concatenating strings to build links using inside information is a problem too. These violations of REST affect the property of "modifiability". This might not seem like a problem when you consider that the JS code and server implementation are typically developed as part of the same project. The URIs and the client URI-building logic can easily be kept in sync, right? But what if you have multiple apps with their own JS clients that share a single server API implementation? Any change to the URIs, you break lots of clients.

JS code should be bound by the same rules as any other client: the links should come from resources provided by the server, and the semantics should come from the common understanding of the media type.

A Concrete Example

Suppose we have a resource /readinglist/ which is defined as a collection of books, and looks like this:

I not sure 'RESTFULness' affect what you are asking here. It is perfectly fine to have different matching pattern as long as it make sense.

In the example given, usually we do not have /api/game/222 as a generics.ListCreateAPIView. This is because List return a list of all game, we do not pass a id in. Create is trying to create a new Game. You do not have id yet because it is not in database, therefore both of the matching pattern should usually be /api/game/ instead.

/api/game/222 - such pattern, we usually use for generics.RetrieveUpdateDestroyAPIView because with a given id in url, we can get the correct Game object to either retrieve, update or delete it.

Regarding the Restful API, the answers in this stack overflow question explain more about 'Restfulness'.

Use jquery ajax

Lets say