Prior to OpenAM 11.0, there is a set of RESTful APIs for developers to use to perform various operations like Authentication, Logout, Token Validation, Token Attributes Retrieval (See Use OpenAM RESTful Services).
In OpenAM 11.0, there is an enhanced set of RESTful APIs. These are JSON-based APIs. (See Using RESTful Web Services)
The proper use of RESTful Web Services can be briefly illustrated like the following flowchart:
2 days ago when I visited one of my customers, I came to know that their developers have somehow mis-interpreted the original intention of RESTful Web Services. They have a hybrid way of using RESTful Web Services.
Of course, it works previously as the application resides in the same domain as the OpenAM servers. But it would not work when we start to change the domain name of the application, which the higher management has the intention to do so for branding purpose.
Please … if one is to use RESTful Web Services, please do not work with cookie. Make it a pure RESTful experience!