I don't think we want this... why can't we use an existing codec for this? Any of them should be able to handle unversioned objects, right?

If we use the Scheme codec, I think it would probably fail here and here.

Even if the Scheme can handle the unversioned objects, I feel it's less robust to use such a complex codec when we only need a simple one. What do you think?

I don't have a strong opinion. If we find ourselves adding anything more complicated than straight json calls here, we should consider not using this.

But consider changing the name to jsonCodec, and making a func NewCodec() jsonCodec {...} so people can make one? Or a public variable var Codec = jsonCodec{}.

fixed.

A secured 1.0 server could easily return a forbidden error here

I'm not familiar with the secured server. Could you point me to the related code? Thanks.

A server that limits users' access to URLs outside their namespace or specifically whitelisted exceptions (for 1.0, that would likely include /api, but definitely wouldn't include /apis. This is close to possible with the abac authorizer (#13097 is open to make it work completely), but real installations would be likely to deny requests outside the expected URL paths. TL;DR: either a NotFound or Forbidden error could easily be received for /apis from a 1.0 installation.

@deads2k I would actually be very tolerant of errors when requesting /apis if we got a usable response from /api, if we ever expect this to work against a 1.0 server

Now it ignores 403 error as well.