I am a strong believer of the value of REST , especially when it comes to being able to offer an API “for free”. Consolidating logic so that your web application and your API use the same service layer is certainly helpful.
The problem I face is being able to separate specific functions between the two. For example, when you log into the web app we generate a session for a dropdown list in the app. Obviously this is not needed for the API calls. This is just one of the examples where separation of logic has become tricky between the API and the WEb application.
How have people been handling using 1 common code base used for both API and Web app where these challenges come up?