REST is still going strong these days, with many companies structuring their HTTP API based on its principles. And yet, I think that REST is a fundamental mistake, that it caused a lot of damage and pain, and that people should just stop creating RESTful HTTP APIs.
Yeah I’m not buying it yet. REST is great from my perspective, and the concern about data leakage seems like it could be curtailed significantly by creating an API contract first and clearly defining field in each object and having a proper security audit performed of the data (whoever that is in your organization). By using code generation on the contract, implementing the client and the server are then very straight forward.