The communication between the client and the server is stateless. Each request from the client to the server contains all of the information about the server that's needed to understand that request. The server should not take advantage of any stored context on its side to fully understand the request.

A common question with this constraint is—should a system that stores session IDs on the server-side for authenticated requests be called RESTful? And should we change it to make such a system RESTful? We will talk about this later in this chapter.