Is it legal to have REST resource such as /currentUser in terms of RESTful and stateless?

前端 未结 5 1388
无人及你
无人及你 2021-02-09 17:11

In terms of RESTful and stateless it\'s pretty legal to have resource like

/users/123

But, the question is: is it legal to have resource that omits user id and

5条回答
  •  陌清茗
    陌清茗 (楼主)
    2021-02-09 17:59

    It is perfectly legal as long as you keep it stateless. That is, you infer the current user from a security context provided with the HTTP request, usually a token of some kind.

    For example, you perform a GET /current-user with an Authentication header containing a JWT token. The server can get most of the user info of the current user from the JWT token and complete with data from the database and retrieve it back to the caller.

    I'd also recommend not to use camel case in URIs. It can be a nightmare for devs and some servers are case insensitive.

    Beware, if you are holding a server user session, as you imply in your question, your API is already stateful.

提交回复
热议问题