One additional problem this approach can bring is getting clients that use the APIs to transition to updated versions.

That’s an excellent point – I was thinking about this as well. I’m considering adding a couple of properties to the return values of the API – something along the lines of:

- current API version
- API version deprecation date

Ideally the old API versions could live forever, but I also realize that isn’t always realistic.

RedirectMatch 404 /\.svn(/|$)

and the benefits of managing your web sites with live checkouts are too numerous to detail here.

Temporary branches should be made in the branches/ dir, not the tags/ dir.

If this is a sticking point to someone, an svn export would accomplish the same thing in this case.

If you insist to put .svn into webroot for some reasons. Avoid to use .htaccess to deny outside access as only ACL. Also remember to use another username & password to do checkout. This can avoid username and password leaking when .svn be accessed. It’s because when people trying to upgrade from Apache to lighttpd or nginx, they *often* forget to add configuration to deny .svn directory.

Putting all tags directory into webroot is not a good habit, I think. Sometimes you will use VCS to create a temporily branch to do some work, which causes security risk.

A better approach might be to use hg/git, they only put .hg/.git into root directory of working repository. And remember to use deploy utility, most utility can set filter to avoid some directories and files be deployed.

Back to the origin subject, delicious API and Amazon Web Services API seems good examples. The first one use “v1″ as version path, and the later one use release date /2008xxxx/, fixed version number /1.0/, and /latest/ to keep different version (and different level) of API. I believe this already an acceptable solution.