All geek questions in one place

A RESTful way to check for usernames, emails, etc.

Recently, I tried very hard to think as soon as possible, and I am at a standstill along non-obvious routes.

In this particular case, I'm curious how RESTful checks for a username and email for a user or something else that is unique.

My gut tells me that I would like to execute a GET on /users/email or /users/username/ each with the required parameter or something like the GET /users/search/ lines with optional email and username parameters. If you get 200 , then username or email not available; if you get 404 then it is available.

I prefer the first option, since it is more explicit, but that’s not how I appreciated Roy Fielding's thesis to know well what to do.

What is the most sound approach here?

+6
source share
4 answers

The first approach seems more "RESTful". You are trying to get a specific resource (by username or e-mail) and get it, if it exists, or receive a status message "inaccessible resource". It will be:

  • GET / users / username / johnwayne (to "gain" access to the resource / username johnwayne ...)

This should generate:

  • 200: if a resource exists
  • 404: if the resource does not exist

The second looks more like a “SOAP” -like web service where you define a “function” (/ users / search /) with some “parameters” (username, email address) ...

+4
source

For unique fields, the first option is suitable (/ users / email or / users / username /), it will be more suitable for searching for unique fields.

+1
source

I would recommend you use a HEAD request instead of a GET.

Using GET can be a security concern. A hacker can use the combination to determine a valid username, as GET will either result in 200 or 404.

0
source

You should try to get a list of users with your mail.

 GET / users?query=asd@gmail.com

And here you can find 1 item or 0 items. In the first case, the address is not unique. In another it’s unique

0
source

Source: https://habr.com/ru/post/951974/

More articles:


All Articles