I have put together an API that responds to a POST request by putting the content of the new resource in the response body, and the URL of the new resource in the Location HTTP response header.
Sample request:
POST /api/v1/widgets HTTP/1.1
Content-type: application/json;
Accept: application/json;
{
"name": "[email protected]",
"price": "10",
}
Sample response:
HTTP 201 Created
Location: http://example.com/api/v1/widgets/123456
{
'widget':
{
'id': "123456",
'created': "2012-06-22T12:43:37+0100",
'name': "[email protected]",
'price': "10",
},
}
Someone has raised an issue that the URL should also be in the body of the response. Is there a best practice on this?
Rather, the response should include the actual URL with each item: http://www.acme.com/product/001263, etc. Yes, this means that the output is larger. But it also means that you can easily direct clients to new URLs as needed, without requiring a change in client code.
A RESTful web service request contains: An Endpoint URL. An application implementing a RESTful API will define one or more URL endpoints with a domain, port, path, and/or query string — for example, https://mydomain/user/123?format=json .
PUT should never return a body, but must return a response code in the header. Just choose 200 if it was successful, and 4xx if not. There is no such thing as a null return code.
REST API Best Practices: Prioritize Nouns over Verbs in URI Since REST API is mostly developed for resources like services, it is essential to use Nouns and not verbs. So it is better to use only Nouns to represent an entity in REST endpoint paths. This is because the HTTP request method already consists of verbs.
There is a reason for not putting the location (URL) of the newly created resource) in the body: the URL is metadata needed for the message interaction among service consumers and services, it's not "business data". There is a SOA Design Pattern called "Messaging Metadata" that suggests that URLs, security credentials, correlation identifiers, transaction IDs and other messaging and composition context data should be placed in headers, not in the body of the messages. Indeed, http already provides the standard header Location for that.
OTOH, if your REST service uses HATEOAS the response may contain one or more URLs that are direct links to operations you want to offer for consumers to dynamically bind and call.
I think having the URL in both header and body is the worst solution. Redundant data is prone to inconsistency in the long run.
I would put it in the header (as Location: http://blah.blah.com/blah). You could put it in your body as well if you want (in whatever appropriate format you are sending), and it wouldn't be improper.
The atompub REST API is usually a good reference for a good REST API. They put it in both.
HTTP/1.1 201 Created
Date: Fri, 7 Oct 2005 17:17:11 GMT
Content-Length: nnn
Content-Type: application/atom+xml;type=entry;charset="utf-8"
Location: http://example.org/edit/first-post.atom
ETag: "c180de84f991g8"
<?xml version="1.0"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<title>Atom-Powered Robots Run Amok</title>
<id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id>
<updated>2003-12-13T18:30:02Z</updated>
<author><name>John Doe</name></author>
<content>Some text.</content>
<link rel="edit"
href="http://example.org/edit/first-post.atom"/>
</entry>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With