<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.18 (Ruby 2.6.4) -->
<?rfc tocindent="yes"?>
<?rfc strict="yes"?>
<?rfc compact="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc-ext html-pretty-print="prettyprint https://cdn.rawgit.com/google/code-prettify/master/loader/run_prettify.js"?>
<rfc xmlns:x="http://purl.org/net/xml2rfc/ext"
      category="std"
      consensus="true"
      docName="draft-ietf-httpapi-link-hint-02"
      ipr="trust200902"
      sortRefs="true"
      symRefs="true"
      tocInclude="true">
   <x:feedback template="mailto:quic@ietf.org?subject={docname},%20%22{section}%22\&amp;amp;body=%3c{ref}%3e:"/>
   <front>
      <title>HTTP Link Hints</title>
      <author fullname="Mark Nottingham" initials="M." surname="Nottingham">
         <address>
            <email>mnot@mnot.net</email>
            <uri>https://www.mnot.net/</uri>
         </address>
      </author>
      <date year="2025" month="February" day="25"/>
      <keyword>Internet-Draft</keyword>
      <abstract><?line 39?>
         <t>This memo specifies "HTTP Link Hints", a mechanism for annotating Web links to HTTP(S) resources with information that otherwise might be discovered by interacting with them.</t>
      </abstract>
      <note removeInRFC="true" title="About This Document">
         <t>The latest revision of this draft can be found at <eref target="https://ietf-wg-httpapi.github.io/link-hint/draft-ietf-httpapi-link-hint.html"/>. Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-httpapi-link-hint/"/>.</t>
         <t>Discussion of this document takes place on the Building Blocks for HTTP APIs Working Group mailing list (<eref target="mailto:httpapi@ietf.org"/>), which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/httpapi/"/>. Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/httpapi/"/>.</t>
         <t>Source for this draft and an issue tracker can be found at <eref target="https://github.com/ietf-wg-httpapi/link-lint"/>.</t>
      </note>
   </front>
   <middle><?line 44?>
      <section anchor="introduction">
         <name>Introduction</name>
         <t>HTTP <xref target="HTTP"/> clients can discover a variety of information about a resource by interacting with it. For example, the methods supported can be learned through the Allow response header field, and the need for authentication is conveyed with a 401 (Authentication Required) status code.</t>
         <t>Often, it can be beneficial to know this information before interacting with the resource; not only can such knowledge save time (through reduced round trips), but it can also influence the choices made by the code or user driving the interaction.</t>
         <t>For example, a user interface that presents the data from an HTTP-based API might need to know which resources the user has write access to, so that it can present the appropriate interface.</t>
         <t>This specification defines a vocabulary of "HTTP link hints" that allow such metadata about HTTP resources to be attached to Web links <xref target="WEB-LINKING"/>, thereby making it available before the link is followed. It also establishes a registry for future hints.</t>
         <t>Hints are just that -- they are not a "contract", and are to only be taken as advisory. The runtime behaviour of the resource always overrides hinted information.</t>
         <t>For example, a client might receive a hint that the PUT method is allowed on all "widget" resources. This means that generally, the client can send a PUT to them, but a specific resource might reject a PUT based upon access control or other considerations.</t>
         <t>More fine-grained information might also be gathered by interacting with the resource (e.g., via a GET), or by another resource "containing" it (such as a "widgets" collection) or describing it (e.g., one linked to it with a "describedby" link relation).</t>
         <t>There is not a single way to carry hints in a link; rather, it is expected that this will be done by individual link serialisations (see <xref section="3.4.1" sectionFormat="of" target="WEB-LINKING"/>). However, <xref target="link_header"/> does recommend how to include link hints in the existing Link header field.</t>
         <section anchor="notational-conventions">
            <name>Notational Conventions</name>
            <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/>
               <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t>
         </section>
      </section>
      <section anchor="link_hints">
         <name>HTTP Link Hints</name>
         <t>A HTTP link hint is a (key, value) tuple that describes the target resource of a Web link <xref target="WEB-LINKING"/>, or the link itself. The value's canonical form is a JSON <xref target="JSON"/> data structure specific to that hint.</t>
         <t>Typically, link hints are serialised in links as target attributes (<xref section="3.4.1" sectionFormat="of" target="WEB-LINKING"/>).</t>
         <t>In JSON-based formats, this can be achieved by simply serialising link hints as an object; for example:</t>
         <figure>
            <sourcecode type="json">
{
  "_links": {
    "self": {
      "href": "/orders/523",
       "hints": {
        "allow": ["GET", "POST"],
        "accept-post": {
          "application/example+json":
            {}
        }
      }
    }
  }
}
</sourcecode>
         </figure>
         <t>In other link formats, this requires a mapping from the canonical JSON data model into the constraints of that format. One such mapping is described in <xref target="link_header"/> for the Link HTTP header field.</t>
         <t>The information in a link hint SHOULD NOT be considered valid for longer than the freshness lifetime (<xref section="4.2" sectionFormat="of" target="HTTP-CACHING"/>) of the representation that the link occurred within, and in some cases, it might be valid for a considerably shorter period.</t>
         <t>Likewise, the information in a link hint is specific to the link it is attached to. This means that if a representation is specific to a particular user, the hints on links in that representation are also specific to that user.</t>
      </section>
      <section anchor="hints">
         <name>Pre-Defined HTTP Link Hints</name>
         <section anchor="allow">
            <name>allow</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: allow</t>
                  <t>Description: Hints the HTTP methods that can be used to interact with the target resource; equivalent to the Allow HTTP response header.</t>
                  <t>Content Model: array (of strings)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of strings, containing HTTP methods (<xref section="9" sectionFormat="of" target="HTTP"/>).</t>
         </section>
         <section anchor="formats">
            <name>formats</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: formats</t>
                  <t>Description: Hints the representation type(s) that the target resource can produce and consume, using the GET and PUT (if allowed) methods respectively.</t>
                  <t>Content Model: object</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an object, whose keys are media types (<xref section="8.3.1" sectionFormat="of" target="HTTP"/>), and values are objects.</t>
            <t>The object MAY have a "links" member, whose value is an object representing links (in the sense of <xref target="WEB-LINKING"/>) whose context is any document that uses that format. Generally, this will be schema or profile (<xref target="RFC6906"/>) information. The "links" member has the same format as the "links" hint.</t>
            <t>Furthermore, the object MAY have a "deprecated" member, whose value is either true or false, indicating whether support for the format might be removed in the near future.</t>
            <t>All other members of the object are under control of the corresponding media type's definition.</t>
         </section>
         <section anchor="links">
            <name>links</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: links</t>
                  <t>Description: Hints at links whose context is the target resource.</t>
                  <t>Content Model: object</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>The "links" hint contains links (in the sense of <xref target="WEB-LINKING"/>) whose context is the hinted target resource, which are stable for the lifetime of the hint.</t>
            <t>Content MUST be an object, whose member names are link relations (<xref target="WEB-LINKING"/>) and values are objects that MUST have an "href" member whose value is a URI-reference (<xref target="URI"/>, using the original link as the base for resolution) for the link hint's target resource, and MAY itself contain link hints, serialised as the value for a "hints" member.</t>
            <t>For example:</t>
            <figure>
               <sourcecode type="json">
"links": {
  "edit-form": {
    "href": "./edit",
    "hints": {
      "formats": {
        "application/json": {}
      }
    }
  }
}
</sourcecode>
            </figure>
         </section>
         <section anchor="accept-post">
            <name>accept-post</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: accept-post</t>
                  <t>Description: Hints the POST request format(s) that the target resource can consume.</t>
                  <t>Content Model: object</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an object, with the same constraints as for "formats".</t>
            <t>When this hint is present, "POST" SHOULD be listed in the "allow" hint.</t>
         </section>
         <section anchor="accept-patch">
            <name>accept-patch</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: accept-patch</t>
                  <t>Description: Hints the PATCH <xref target="RFC5789"/> request format(s) that the target resource can consume; equivalent to the Accept-Patch HTTP response header.</t>
                  <t>Content Model: array (of strings)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of strings, containing media types (<xref section="8.3.1" sectionFormat="of" target="HTTP"/>) that identify the acceptable patch formats.</t>
            <t>When this hint is present, "PATCH" SHOULD be listed in the "allow" hint.</t>
         </section>
         <section anchor="accept-ranges">
            <name>accept-ranges</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: accept-ranges</t>
                  <t>Description: Hints the range-specifier(s) available for the target resource; equivalent to the Accept-Ranges HTTP response header <xref target="HTTP"/>.</t>
                  <t>Content Model: array (of strings)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of strings, containing HTTP ranges-specifiers (<xref section="14.1.1" sectionFormat="of" target="HTTP"/>).</t>
         </section>
         <section anchor="accept-prefer">
            <name>accept-prefer</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: accept-prefer</t>
                  <t>Description: Hints the preference(s) <xref target="RFC7240"/> that the target resource understands (and might act upon) in requests.</t>
                  <t>Content Model: array (of strings)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of strings, contain preferences (<xref section="2" sectionFormat="of" target="RFC7240"/>). Note that, by its nature, a preference can be ignored by the server.</t>
         </section>
         <section anchor="precondition-req">
            <name>precondition-req</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: precondition-req</t>
                  <t>Description: Hints that the target resource requires state-changing requests (e.g., PUT, PATCH) to include a precondition, as per <xref section="13.1" sectionFormat="of" target="HTTP"/>, to avoid conflicts due to concurrent updates.</t>
                  <t>Content Model: array (of strings)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of strings, with possible values "etag" and "last-modified" indicating type of precondition expected.</t>
            <t>See also the 428 Precondition Required status code (<xref target="RFC6585"/>).</t>
         </section>
         <section anchor="auth-schemes">
            <name>auth-schemes</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: auth-schemes</t>
                  <t>Description: Hints that the target resource requires authentication using the HTTP Authentication framework <xref section="11" sectionFormat="of" target="HTTP"/>.</t>
                  <t>Content Model: array (of objects)</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be an array of objects, each with a "scheme" member containing a string that corresponds to a HTTP authentication scheme (<xref section="11.1" sectionFormat="of" target="HTTP"/>), and optionally a "realms" member containing an array of zero to many strings that identify protection spaces that the resource is a member of.</t>
            <t>For example:</t>
            <figure>
               <sourcecode type="json">
  {
    "auth-req": [
      {
        "scheme": "Basic",
        "realms": ["private"]
      }
    ]
  }
</sourcecode>
            </figure>
         </section>
         <section anchor="status">
            <name>status</name>
            <t>
               <list style="symbols">
                  <t>Hint Name: status</t>
                  <t>Description: Hints the status of the target resource.</t>
                  <t>Content Model: string</t>
                  <t>Specification: [this document]</t>
               </list>
            </t>
            <t>Content MUST be a string; possible values are:</t>
            <t>
               <list style="symbols">
                  <t>"deprecated" - indicates that use of the resource is not recommended, but it is still available.</t>
                  <t>"gone" - indicates that the resource is no longer available; i.e., it will return a 410 (Gone) HTTP status code if accessed.</t>
               </list>
            </t>
         </section>
      </section>
      <section anchor="security-considerations">
         <name>Security Considerations</name>
         <t>Clients need to exercise care when using hints. For example, a naive client might send credentials to a server that uses the auth-req hint, without checking to see if those credentials are appropriate for that server.</t>
      </section>
      <section anchor="iana-considerations">
         <name>IANA Considerations</name>
         <section anchor="hint_registry">
            <name>HTTP Link Hint Registry</name>
            <t>This specification defines the HTTP Link Hint Registry. See <xref target="link_hints"/> for a general description of the function of link hints.</t>
            <t>Link hints are generic; that is, they are potentially applicable to any HTTP resource, not specific to one application of HTTP, nor to one particular format. Generally, they ought to be information that would otherwise be discoverable by interacting with the resource.</t>
            <t>Hint names MUST be composed of the lowercase letters (a-z), digits (0-9), underscores ("_") and hyphens ("-"), and MUST begin with a lowercase letter.</t>
            <t>Hint content MUST be described in terms of JSON values (<xref section="3" sectionFormat="of" target="JSON"/>).</t>
            <t>Hint semantics SHOULD be described in terms of the framework defined in <xref target="WEB-LINKING"/>.</t>
            <t>New hints are registered using the Expert Review process described in <xref target="RFC8126"/> to enforce the criteria above. Requests for registration of new resource hints are to use the following template:</t>
            <t>
               <list style="symbols">
                  <t>Hint Name: [hint name]</t>
                  <t>Description: [a short description of the hint's semantics]</t>
                  <t>Content Model: [valid JSON value types; see RFC627 Section 2.1]</t>
                  <t>Specification: [reference to specification document]</t>
               </list>
            </t>
            <t>Initial registrations are enumerated in <xref target="hints"/>. The "rel", "rev", "hreflang", "media", "title", and "type" hint names are reserved, so as to avoid potential clashes with link serialisations.</t>
         </section>
      </section>
   </middle>
   <back>
      <references anchor="sec-combined-references" title="References">
         <references anchor="sec-normative-references" title="Normative References">
            <reference anchor="HTTP">
               <front>
                  <title>HTTP Semantics</title>
                  <author fullname="R. Fielding"
                           initials="R."
                           role="editor"
                           surname="Fielding"/>
                  <author fullname="M. Nottingham"
                           initials="M."
                           role="editor"
                           surname="Nottingham"/>
                  <author fullname="J. Reschke"
                           initials="J."
                           role="editor"
                           surname="Reschke"/>
                  <date month="June" year="2022"/>
               </front>
               <seriesInfo name="STD" value="97"/>
               <seriesInfo name="RFC" value="9110"/>
               <seriesInfo name="DOI" value="10.17487/RFC9110"/>
            </reference>
            <reference anchor="HTTP-CACHING">
               <front>
                  <title>HTTP Caching</title>
                  <author fullname="R. Fielding"
                           initials="R."
                           role="editor"
                           surname="Fielding"/>
                  <author fullname="M. Nottingham"
                           initials="M."
                           role="editor"
                           surname="Nottingham"/>
                  <author fullname="J. Reschke"
                           initials="J."
                           role="editor"
                           surname="Reschke"/>
                  <date month="June" year="2022"/>
               </front>
               <seriesInfo name="STD" value="98"/>
               <seriesInfo name="RFC" value="9111"/>
               <seriesInfo name="DOI" value="10.17487/RFC9111"/>
            </reference>
            <reference anchor="WEB-LINKING">
               <front>
                  <title>Web Linking</title>
                  <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
                  <date month="October" year="2017"/>
               </front>
               <seriesInfo name="RFC" value="8288"/>
               <seriesInfo name="DOI" value="10.17487/RFC8288"/>
            </reference>
            <reference anchor="JSON">
               <front>
                  <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
                  <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/>
                  <date month="December" year="2017"/>
               </front>
               <seriesInfo name="STD" value="90"/>
               <seriesInfo name="RFC" value="8259"/>
               <seriesInfo name="DOI" value="10.17487/RFC8259"/>
            </reference>
            <reference anchor="URI">
               <front>
                  <title>Uniform Resource Identifier (URI): Generic Syntax</title>
                  <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
                  <author fullname="R. Fielding" initials="R." surname="Fielding"/>
                  <author fullname="L. Masinter" initials="L." surname="Masinter"/>
                  <date month="January" year="2005"/>
               </front>
               <seriesInfo name="STD" value="66"/>
               <seriesInfo name="RFC" value="3986"/>
               <seriesInfo name="DOI" value="10.17487/RFC3986"/>
            </reference>
            <reference anchor="RFC2119">
               <front>
                  <title>Key words for use in RFCs to Indicate Requirement Levels</title>
                  <author fullname="S. Bradner" initials="S." surname="Bradner"/>
                  <date month="March" year="1997"/>
               </front>
               <seriesInfo name="BCP" value="14"/>
               <seriesInfo name="RFC" value="2119"/>
               <seriesInfo name="DOI" value="10.17487/RFC2119"/>
            </reference>
            <reference anchor="RFC8174">
               <front>
                  <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
                  <author fullname="B. Leiba" initials="B." surname="Leiba"/>
                  <date month="May" year="2017"/>
               </front>
               <seriesInfo name="BCP" value="14"/>
               <seriesInfo name="RFC" value="8174"/>
               <seriesInfo name="DOI" value="10.17487/RFC8174"/>
            </reference>
            <reference anchor="RFC5789">
               <front>
                  <title>PATCH Method for HTTP</title>
                  <author fullname="L. Dusseault" initials="L." surname="Dusseault"/>
                  <author fullname="J. Snell" initials="J." surname="Snell"/>
                  <date month="March" year="2010"/>
               </front>
               <seriesInfo name="RFC" value="5789"/>
               <seriesInfo name="DOI" value="10.17487/RFC5789"/>
            </reference>
            <reference anchor="RFC7240">
               <front>
                  <title>Prefer Header for HTTP</title>
                  <author fullname="J. Snell" initials="J." surname="Snell"/>
                  <date month="June" year="2014"/>
               </front>
               <seriesInfo name="RFC" value="7240"/>
               <seriesInfo name="DOI" value="10.17487/RFC7240"/>
            </reference>
            <reference anchor="RFC6585">
               <front>
                  <title>Additional HTTP Status Codes</title>
                  <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
                  <author fullname="R. Fielding" initials="R." surname="Fielding"/>
                  <date month="April" year="2012"/>
               </front>
               <seriesInfo name="RFC" value="6585"/>
               <seriesInfo name="DOI" value="10.17487/RFC6585"/>
            </reference>
         </references>
         <references anchor="sec-informative-references" title="Informative References">
            <reference anchor="RFC6906">
               <front>
                  <title>The 'profile' Link Relation Type</title>
                  <author fullname="E. Wilde" initials="E." surname="Wilde"/>
                  <date month="March" year="2013"/>
               </front>
               <seriesInfo name="RFC" value="6906"/>
               <seriesInfo name="DOI" value="10.17487/RFC6906"/>
            </reference>
            <reference anchor="RFC8126">
               <front>
                  <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
                  <author fullname="M. Cotton" initials="M." surname="Cotton"/>
                  <author fullname="B. Leiba" initials="B." surname="Leiba"/>
                  <author fullname="T. Narten" initials="T." surname="Narten"/>
                  <date month="June" year="2017"/>
               </front>
               <seriesInfo name="BCP" value="26"/>
               <seriesInfo name="RFC" value="8126"/>
               <seriesInfo name="DOI" value="10.17487/RFC8126"/>
            </reference>
         </references>
      </references>
      <?line 273?>
      <section anchor="link_header">
         <name>Representing Link Hints in Link Headers</name>
         <t>A link hint can be represented in a Link header (<xref section="3" sectionFormat="of" target="WEB-LINKING"/>) as a link-extension.</t>
         <t>When doing so, the JSON of the hint's content SHOULD be normalised to reduce extraneous spaces (%x20), and MUST NOT contain horizontal tabs (%x09), line feeds (%x0A) or carriage returns (%x0D). When they are part of a string value, these characters MUST be escaped as described in <xref section="7" sectionFormat="of" target="JSON"/>; otherwise, they MUST be discarded.</t>
         <t>Furthermore, if the content is an array or an object, the surrounding delimiters MUST be removed before serialisation. In other words, the outermost object or array is represented without the braces ("{}") or brackets ("[]") respectively, but this does not apply to inner objects or arrays.</t>
         <t>For example, the two JSON values below are those of the fictitious "example" and "example1" hints, respectively:</t>
         <figure>
            <artwork>
"The Example Value"
1.2
</artwork>
         </figure>
         <t>In a Link header, they would be serialised as:</t>
         <figure>
            <sourcecode type="http-message">
Link: &lt;/&gt;; rel="sample"; example="The Example Value";
      example1=1.2
</sourcecode>
         </figure>
         <t>A more complex, single value for "example":</t>
         <figure>
            <sourcecode type="json">
[
  "foo",
  -1.23,
  true,
  ["charlie", "bennet"],
  {"cat": "thor"},
  false
]
</sourcecode>
         </figure>
         <t>would be serialised as:</t>
         <figure>
            <sourcecode type="http-message">
Link: &lt;/&gt;; rel="sample"; example="\"foo\", -1.23, true,
      [\"charlie\", \"bennet\"], {"cat": \"thor\"}, false"
</sourcecode>
         </figure>
      </section>
      <section anchor="acknowledgements">
         <name>Acknowledgements</name>
         <t>Thanks to Jan Algermissen, Mike Amundsen, Bill Burke, Graham Klyne, Leif Hedstrom, Jeni Tennison, Erik Wilde and Jorge Williams for their suggestions and feedback.</t>
      </section>
   </back>
</rfc>
