Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Designing URI for current logged in user in REST applications

Tags:

rest

http

url

I need a URI in my REST API to retrieve the current logged in user. Usually I use GET on resource with ID, but the client doesn't know the ID of the user.

I found the following solutions:

  • By user name

    This solution uses the user name instead of the ID of the user.

    Example:

    • Bitbucket REST API: GET /user/{userSlug}

  • With own resource

    This solution has one resource for users and one additional resource for logged in user.

    Examples:

    • JIRA REST API: GET /myself

    • GitHub REST API: GET /user

    • Stack Exchange REST API: GET /me

  • With symbolic link

    This solution has a symbolic link for the ID of the user.

    Example:

    • Confluence REST API: GET /user/current

  • With filter

    This solution uses a filter for the user name.

    Example:

    • JIRA REST API: GET /user?username={username}

Which one is most RESTful? What are the pros and cons?

like image 300
dur Avatar asked Apr 09 '16 17:04

dur

People also ask

How do you write URI in REST API?

Constructing a Standard URIAvoid using spaces − Use underscore (_) or hyphen (-) when using a long resource name. For example, use authorized_users instead of authorized%20users. Use lowercase letters − Although URI is case-insensitive, it is a good practice to keep the url in lower case letters only.

What is the URI of REST API?

URI. REST APIs use Uniform Resource Identifiers (URIs) to address resources. REST API designers should create URIs that convey a REST API's resource model to the potential clients of the API. When resources are named well, an API is intuitive and easy to use.

Which rest URI is used to retrieve all the users?

Make a request to UserManagement to get list of all the users. Put http://localhost:8080/UserManagement/rest/UserService/users in POSTMAN with GET request and see the following result. Congratulations, you have created your first RESTful Application successfully.

Should URI be constructed by the client?

In RESTful HTTP the client should never construct URIs. The service should be well-connected, which means that the client should only ever follow URIs given by the server and make requests to those URIs.

2 Answers

It's up to you. All the approaches are perfectly fine from a REST perspective.

According to Roy Thomas Fielding's dissertation*, any information that can be named can be a resource:

5.2.1.1 Resources and Resource Identifiers

The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]

When using /me, /users/me, /users/myself, /users/current and similars, you have a locator for the authenticated user and it will always identify the concept of an authenticated user, regardless of which user is authenticated.

For more flexibility, you also can support /users/{username}.

By the way, a similar situation was addressed in Is using magic (me/self) resource identifiers going against REST principles?

* If you are interested in REST, the chapter 5 of Fielding's dissertation is a must-read.

like image 187
cassiomolin Avatar answered Oct 06 '22 17:10

cassiomolin

I think REST URIs should uniquely identify the resource, no matter it' using userId/email/ssn or username, whichever attribute uniquely identify user in your system.

So, resource can be users (plural /users) and to make it singular we have below options,

If client has userId, resource should be something like,

GET - /users/{user-id}

If client doesn't have userId, but has username, then

GET - /users/{username}

So, as long as uri uniquely identifies user, we can use above uri patterns as a REST resource.

If, client doesn't have userId, username or email or any other attribute which uniquely identifies user in your system, then, we can have resource uri something like,

GET- /users/current

OR

GET- /users/me

But, in this case, client needs to have user specific TOKEN or session enabled, so that server can find user from active session or token passed in headers. Note, we should consider this a last option.

like image 44
Amit Patil Avatar answered Oct 06 '22 17:10

Amit Patil
Sign in to Comment

Related questions

Is a response-body allowed for a HTTP-DELETE-request?
Place API key in Headers or URL
Examples of HTTP API Rate Limiting HTTP Response headers
What are the best/common RESTful url verbs and actions?
How can I return a custom HTTP status code from a WCF REST method?
REST api: requesting multiple resources in a single get [duplicate]
What is the recommended project structure for spring boot rest projects?
How to understand "RESTful API is stateless"?
How to test REST API using Chrome's extension "Advanced Rest Client"
HATEOAS: absolute or relative URLs?
Difference between servlet and web service
How to access the services from RESTful API in my angularjs page?
Groovy built-in REST/HTTP client?
Generate a controller with all the RESTful functions
REST API using POST instead of GET
Rest error message in HTTP Header or Response Body?
How can I deal with HTTP GET query string length limitations and still want to be RESTful?
Jersey client: How to add a list as query parameter
Pagination response payload from a RESTful API
Spring MVC @RestController and redirect

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!