All geek questions in one place

Is it legal to have a REST resource like / currentUser, from a RESTful point of view and stateless?

From a RESTful point of view and without citizenship, it is completely legal to have a resource such as

/ users / 123

But the question arises: is it legal to have a resource that skips the user ID and assumes that it is implicitly allowed on the server from the user session? For instance:

/ loggedUser

This resource will point to / users / 123 when the user with the identifier 123 is authorized.

+6
source share
5 answers

Resource Locator Selection

/me, /users/me, /users/myself, /users/current URI , , REST. , , , :

5.2.1.1

REST - . , , : , (, " -" ), , (, ) .., , , , . , , . [...]

URI, , , , , .

, . - . , .

. Fielding:

5.1.3

[...] , , . , . [...]

, , , /.

.

+5

, ( HTTP ). , , .

+2

. ReST . , . , .

REST , . , , , .

HTTP-, , , , ReST. , "".

, - , .

+1

, . , HTTP-, .

, GET /current-user Authentication, JWT. JWT .

URI. , .

, , , API .

+1

@n00b, REST - , , .

. - , , Roy, RESTful. -, - , . "" , . Microsoft. , .

, - ...

, API . , , : , - . API - : " API, ", , HTTP- .

, RESTful API , . GET - /users/123, /loggedUser.

I believe that there is a logical difference with the authentication and authorization actions (I registered, was verified who I am, and therefore got access to specific resources in the system), unlike "I am a 123 user."

The reason you can disagree with this is because it makes your API more difficult to detect for people - someone who is trying to figure out how to get information about the current user needs to log in and then remember their user ID .

+1
source

Source: https://habr.com/ru/post/1670514/

More articles:


All Articles