Hi Poul,
>> growing on me quickly
yes, that's what happened to me as well. It's a lot simpler and cleaner than what SOAP has become.
>> but i have yet to find definitive documentation
That's probably because REST is not a "standard" but a "concept". Actually it's a mix of ideas, and each server is basically free to implement things however they like. There's no REST standard, and thus no way to say that this service is definitively REST, and that service is definitively not.
>> so long as i can still call it REST (and be somewhat politically and technically correct).
yes, the goal here is to write the server, and be able (with a straight face) to call it a REST server. To do that you should mostly follow REST conventions as closely as possible. But that doesn't preclude it being different here and there (*). I've certainly seen some variation from one server to the next.
>> ... keep it simple for the client.,
yes. So you can set the response code if you wish, but don't necessarily make this the _only_ way the client knows something went wrong. Send an error in the response as well. The client can then parse the number, or the reply, whichever is easier for them.
I found this;
https://msdn.microsoft.com/en-us/library/azure/dd179357.aspx(*) - for example, the use of a session cookie is not very RESTy. Some might argue quite un-resty. On the other hand it can make your API faster if you don't have to re-authenticate on each request. So many services allow a "token" to be issued to the client which allows a login to "persist" for a while. and whether the token is a session cookie, or just text re-sent with every request it's the same thing. But one would not call a service that had this feature "not REST" simply because it had this feature.
Cheers
Bruce