Is a REST method which returns dynamically generated random data each time that it is accessed considered safe?
According to RFC 2616 (emphasis mine):
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe”. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.
My understanding from this is that the method should be considered safe as the only action is retrieval. The state of the server is not changing with multiple calls (though the result may be different) as any side effects generated would be the same (such as logging that the endpoint was accessed).
I’m not sure if this is the case though as there is no true resource being accessed since the data is generated dynamically. I also could be misunderstanding the concepts of safe methods, idempotence, and how these concepts relate to REST APIs. Any information is very much appreciated!