Menu
I'm implementing a RESTfull API to talk to AWS RDS, security_groups resource supports the typical CRUD verbs. When it comes to "authorize" and "revoke" i'm not sure what's the best practice, which one do you think is best?
Custom action, params in url
PUT agifog:3000/rds/security_groups/:security_group/authorize?ec2name='default'&ec2owner='0123456789'
Custom action, passing params
PUT agifog:3000/rds/security_groups/:security_group/authorize
{
"ec2name": "default"
"ec2owner": "0123456789"
}
Standard update
PUT agifog:3000/rds/security_groups/:security_group
{
"operation": "authorize"
"ec2name": "default"
"ec2owner": "0123456789"
}
878
PUT does not mean "update" any more than POST means "insert". PUT means "put this here".
RESTful practises revolve around treating your URLs as resources, entities which have some meaning in your domain, which you perform actions against (the verb of the HTTP request).
What you could do is consider the security group to be the resource on which you are acting and PUT users into the group or DELETE them from the group:
PUT agifog:3000/rds/security_groups/:security_group/default
{
"ec2owner": "0123456789"
}
DELETE agifog:3000/rds/security_groups/:security_group/default
These could then correspond to authorize and revoke actions, plus makes it easy to see how a GET on the group could produce a list of all the users currently in the group.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
