Menu
Having to create a RESTful web service with admin and normal user access to resources (lets say cars), I would like to structure the Uri for the users as:
http://myhost/users/5/cars/2
But as admin user, I would like to access all cars like:
http://myhost/cars/51
Instead of the first I proposed, would you think that it's better to use just one Uri for cars, using filters for users, like:
http://myhost/cars/?user=5
To don't have 2 different Uris for the same resource? Do you have other suggestions?
750
You should NOT separate your API based on your clients' role! For a very simple reason. You will end up with code duplication, inconsistency and many other issues. If you want to make any separation you need to think about business domains and encapsulation.
Both of the following URLs are good, even for admin even for plain users. Auth-token should be in the HTTP session, so the server should be able to detect if the requester is admin or not.
http://myhost/cars returns a collection of cars. It's recommended that returned cars are filtered based on authorization. If I'm an admin I can see all cars. If I'm user #5 then probably I can see only my car. So both admin and plain user can use the same URL.
In the case of http://myhost/cars/?user=5 an explicit filter is applied where I'm interested in car for User #5 even if I'm somebody else. Probably I get an empty list because I'm not authorized to see any item. This URL is also OK.
http://myhost/cars/51 means that I want to access car #51 directly. Doesn't matter if I'm admin or not. Probably I'll get a 4XX message (what is XX is another debate) if I'm not authorized to see this entity.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
