It's no accident that many public web APIs don't implement HATEOAS. Conceptually, HATEOAS is fantastic. Practically, it often stumbles.
As an example, 90+% of the web APIs I've designed and worked with are heavily used by mobile clients, which often suffer low bandwidth and high latency. Using proper HATEOAS URIs bloats payloads. Similarly, high latency for requests means that traversing hypermedia links across the API space is untenable.
In the real world, we design a structured API with well-known endpoints, and clients directly retrieve the resources they need. If the API needs to diverge from the specification substantially, then it gets versioned. The result is small, simple JSON payloads and nice, responsive clients.
If I'm missing something obvious here, I'd love to be educated.
Sure, but I'm sure Roy Fielding would argue you can't have REST without HATEOAS. So on some level yes, it is great in theory, but on another level I would also argue that's where the 'ful' comes in ala 'RESTful'. I guess you could look at it in a 'spirit of the law vs letter of the law' kind of way - REST without HATEOAS is certainly in the spirit, but perhaps so is XML-RPC with HATEOAS. Neither are the letter though.
The website example below is a good one, but as I'm and infrastructure oriented kind of guy I'll give another one which is the Sun Cloud API, under the now defunct project Kenai http://kenai.com/projects/suncloudapis/pages/Home. For example, doing a GET on a VM resource will return a payload that contains a URI for a power operation on the VM. What that power operation is obviously depends on what the power state of the VM at the time of the GET. The AWS API's provide a SOAPy interface, but they return information about objects that much more adheres to HATEOAS than the Rackspace API for example, which goes to _great_ lengths to espouse it's RESTy virtues (even consisently, and incorrectly, lowering the 'E' in the API docs lol).
So yeh, of course it all comes down to the infinite scales of grey, I wasn't trying to imply that I know any better than anyone or that REST-without-HATEOAS is wrong or suboptimal or whatever (and I know you're not interpreting it that way either), just that I have sometimes wondered how many REST implementors actually took the time to understand what Fielding was/is on about. And I certainly don't believe you or the author of the post fall into that category!
The important quality that HATEOAS gives you is the freedom to evolve the application on the server without changing the client. It's the reason that the web can be used for things that TBL didn't anticipate when he invented it. If an API can't adopt new functionality without breaking clients then there is no sense in calling it RESTful.
As other commenters, and Fielding himself, have pointed out, REST is inefficient in terms of both computer and human resources. It's an architecture optimized for wide scale and long term use. That's why most APIs don't turn out very RESTful.
As an example, 90+% of the web APIs I've designed and worked with are heavily used by mobile clients, which often suffer low bandwidth and high latency. Using proper HATEOAS URIs bloats payloads. Similarly, high latency for requests means that traversing hypermedia links across the API space is untenable.
In the real world, we design a structured API with well-known endpoints, and clients directly retrieve the resources they need. If the API needs to diverge from the specification substantially, then it gets versioned. The result is small, simple JSON payloads and nice, responsive clients.
If I'm missing something obvious here, I'd love to be educated.