Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

RESTful API: What METHOD/HEADER combo to use for validation-only

I would like my API to have a validation-only request. For example, if I have a URL such as:

http://api.somesite.com/users/12345

and the user is filling out a form of information on a client that I will eventually PATCH/PUT/POST to that resource. As the user is filling out the form, I might want to send over their partially-complete updated representation over to the server periodically so I can display realtime validation of their input (e.g., "That username is already taken", "That password is too short").

There isn't a standard HTTP METHOD or HEADER that seems to allow for this behavior on that same resource. It seems my options are:

  1. Create a new subordinate resource for validation
  2. Use a custom header (x-somesite-validation-only) and PUT indicating that I want to validate but not save
like image 277
Fleep Avatar asked May 18 '12 00:05

Fleep


People also ask

What are headers in REST API example?

API headers are like an extra source of information for each API call you make. Their job is to represent the meta-data associated with an API request and response. If you ever encounter issues with an API, the first place you should look is the headers, since they can help you track down any potential issues.


1 Answers

Some options

1) Use custom header
2) Put something in the query string indicating to validate only
3) Use Action URl e.g. \IndividualClient\123\actions\Validate\Invoke {section 19 here http://restfulobjects.files.wordpress.com/2011/11/restful-objects-spec-052.pdf}
4) Hierarchical URL e.g. \IndividualClient\123\Validation

From this post I find this advice

Do use POST whenever you have to do something that feels RPC-like Do use GET for things like calculations, unless your input is large, in which case use POST

With regard to your specific question, POST should be used for #4 and #5. These operations fall >under the "RPC-like" guideline above. For #5, remember that POST does not necessarily have to >use Content-Type: application/x-www-form-urlencoded. This could just as easily be a JSON or CSV >payload.

Here is what I'm considering:

This is the add of a resource :
user/validation
POST
Request:UserResource
Response:ValidationResult
Response Codes 200, 400. 404. 500

This is the update of a resource
user/204/validation
POST
Request:UserResource,
Response:ValidationResult Response Codes 200, 400. 404. 500

like image 123
suing Avatar answered Sep 28 '22 06:09

suing