Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is using magic (me/self) resource identifiers going against REST principles?

Tags:

I've seen URIs that support magic ids for the authenticated user like below:

GET /user/me - list my profile GET /user/me/photos - list my photos 

where the ones below use the actual user id

GET /user/742924 GET /user/742924/photos 

The problem I see is that the same resource id points to a different resource depending on the authenticated user.

Is this going against any REST principles?

like image 817
Emanuel George Hategan Avatar asked Mar 01 '16 09:03

Emanuel George Hategan


People also ask

What is resource identifier in rest?

Each REST API resource can be accessed by using a Uniform Resource Identifier (URI). The URI must contain the correct connection information to successfully call the API. The connection information consists of the host name where the web management service is running, and the port number that the service is using.

Which rest URI is used to retrieve all the users?

Last Updated October 27, 2022. This REST API is used to retrieve all the users of CA NIM SM.


1 Answers

Using /me to name a resource that corresponds to the authenticated user is perfectly fine from a REST perspective. According to Roy Thomas Fielding's dissertation, any information that can be named can be a resource:

5.2.1.1 Resources and Resource Identifiers

The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]

When using /me, you have a locator for the authenticated user and it will always identify the concept of an authenticated user, regardless of which user is authenticated.

like image 83
cassiomolin Avatar answered Oct 02 '22 17:10

cassiomolin