RESTful API: how to simulate a new password request?

Question

RESTful API: how to simulate a new password request?

I am developing a RESTful API for a reservation request and was very glad to see that I could match all the details of the application with 4 HTTP methods.

/users - GET, POST /users/({id}|myself) - GET, POST, PUT, DELETE /users/({id}|myself)/bookings - GET, POST /users/({id}|myself)/bookings/{id} - GET, POST, PUT, DELETE

Example. Updating my own user uses PUT for / users / self.

But now I found out that something is missing: the ability to request a new password if I forget my old one. Any idea how I could add this?

+4

rest api

janpio Apr 21 '10 at 14:00

source share

3 answers

Since the action is essentially an update — a new password will be created — I would use the POST verb. You will need to find an alternative way to deliver the password if you have not already organized any request / response protocol based on shared secrets that can be used to verify the requester in the absence of a password. The easiest way is, perhaps, to send an email account to the user with a link that can be used to change and display a new password.

+3

tvanfosson Apr 21 '10 at 14:12

source share

Assuming you are asking for a new password, you refer to a typical system action, assigning a new temporary password, and then letting the user reset it, I would do something like the lines:

POST: / users / myself / resetPassword

then return the temporary password, send an email to the user, or some other method of sending the new temporary password back to the user.

+2

Mike clark Apr 21 '10 at 14:04

source share

Unkwntech · Accepted Answer · 2010-04-21T14:02:53+0000

 /users/({id}|myself)/forgottenpassword/, GET or PUT

or just implement a way to tell the user to go to the website.

RESTful API: how to simulate a new password request?

More articles: