Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

REST numeric or string resource identifiers?

I'm doing some research to help me develop a REST API and this is one topic I haven't seen discussed in depth anywhere.

If I have a user in the system, is it better to identify the user using a numeric identifier

/users/1

Or using a string identifier?

/users/RSmith

I can see hypothetical potential pros and cons to each approach, string identifiers are more human readable, less discoverable (can't be incremented to find valid users), and don't require storing another numeric id in the database (I wouldn't want to expose database ids through the API). Numeric identifiers have no inherent meaning and due to that, can be guaranteed to be immutable, whereas with a string id the user might want to rename the resource, thus changing the resource URI.

Is there a REST best practice here or does the best approach vary to system to system? If the latter, are there any additional pros and cons associated with each method?

like image 688
James McMahon Avatar asked Jun 05 '12 19:06

James McMahon


People also ask

What is resource identifier in rest?

Each REST API resource can be accessed by using a Uniform Resource Identifier (URI). The URI must contain the correct connection information to successfully call the API. The connection information consists of the host name where the web management service is running, and the port number that the service is using.

What are the two formats of the restful API?

The REST API supports the following data formats: application/json. application/json indicates JavaScript Object Notation (JSON) and is used for most of the resources. application/xml indicates eXtensible Markup Language (XML) and is used for selected resources.

CAN REST API use XML?

Data types that REST API can return are as follows:JSON (JavaScript Object Notation) XML. HTML.


2 Answers

As you know, strictly speaking, there is no advantage between both approaches. Yes, string identifies may be easier for people to remember, but apart from that, REST does not enforce "pretty" URLs (or IDs), because most of the time URLs are accessed by programs following the hyperlinks.

Thus, human friendly URLs should only be used for bootstrapping resources that may be remembered by humans. Also, ID guessing should not be a problem because either:

  1. You have to restrict access to URLs based on any authentication method, or:
  2. You have to use randomized/unguessable URLs that are not "public".

So which one to use? Most of the time, it does not matter, as IDs are not accessed directly. If you have to ensure people remember their URLs for some reason, try to do them human-friendly, but try to avoid resource-name change and apply some other means of authentication so that even guessed URLs don't get access to unauthorized places.

like image 108
Diego Sevilla Avatar answered Oct 29 '22 21:10

Diego Sevilla


Only advantage of this: /users/RSmith is that it's more human friendly. From RESTfull perspective it doesn't matter because both are valid resource identifiers. Everything else depends on your system requrements.

like image 43
ioseb Avatar answered Oct 29 '22 19:10

ioseb