All geek questions in one place

Context sensitive REST API strategies

What strategies would you suggest for creating a context-sensitive RESTful API?

Let me clarify.

In the project I'm working on, we show the Team resource. Users can create their own teams, which results in a POST /teams API request. The request is checked using a set of rules designed for user-created commands.

We also have an administration interface that is used by some users to create the same type of Team resource, however this is regulated by a slightly different set of verification rules.

Administrators can use either our public or administrative interface, and therefore, verification should be performed depending on their context, and not on user capabilities.

To rephrase the question above for this particular situation: how do we separate these two contexts with RESTful? Are we creating two different resources, even if the "result" is of the same type, and if so, what naming conventions would you suggest?

+5
source share
2 answers

I believe that you need to create a β€œuser level” token or just a user for each administrator, which they should use when they need an open interface.

There is only one interface, namely / commands in terms of the REST API, and your token can define validation rules.

Or, if each administrator is responsible for the team, I would construct / admins / x / teams endpoint to check in a different way and accept only x authentication. subresources are still RESTful.

+1
source

Nothing in REST guarantees that a resource will behave the same for different clients. In addition, since authorization information is attached to each request, it is natural for a resource to analyze it and apply specific logic to the client for the request.

But! If some operations on your resource introduce complex resource invariants with dependent lifetimes of parts of the resource, you better reorganize it in the early stages into smaller resources. For example, if the Administrator needs to add member to team , and then RegularUser should fill in the details of member in team ... You probably noticed that there are two resources - team and member .

TIP: When decomposing a complex resource that participates in different operations, you can get new ideas by imagining future scaling problems caused by different clients. What if you are overloaded with one client of the resource, how would you achieve a stable response for another client? It’s easier to scale different resources than different parts of the same resource, so look at your operations and think about scaling.

+1
source

Source: https://habr.com/ru/post/1266645/

More articles:


All Articles