I am developing an API, and I would like to ask a few questions about how best to provide access to data.
Assume the API allows access to artists. Artists have albums that have songs.
API users have access to a subset of all artists. If a user calls an API that requires an executor, it is easy to check whether the user is allowed to do this.
Further, if the user requests an album, the API must check whether the album belongs to the artist to which the user has access. Access to songs means that the API must check the album, and then the artist, before access can be granted.
In terms of the database, I am considering an increasing number of joins between tables for each additional layer added. I do not want to make all these connections, and I also do not want to store the user ID everywhere, in order to limit the number of joins.
To get around this, I came up with the following approach.
The API gives the user a reference to an object, such as an artist object. The user can then ask about this artist object for albums, which returns a list object. The list object can be moved, and album objects can be retrieved from it. Similarly, a song list object can be obtained from an album object and individual song objects can be obtained from it.
API , ( ), , . . / .
, , , , , , "".
-, , API RESTful? .