RESt api: identification of resource and content varying based on authentication

烈酒焚心 提交于 2019-12-07 12:14:31

问题


I'm designing an API following the HATEOAS / RESt principles. Yet I'm not sure about this basic point: identification of resource.

Suppose this url: /images which exposes all the images uploaded by an user (to this user).

Suppose I use an oauth access token for the authentication purpose, the content of /images will vary based on the Authorization header.

Does this break the identification of resource concept ?


回答1:


No. A resource does not have to be static to be restful. Imagine a webservice that provides time-of-day:

 Http://www.myservice.com/current-time/

Nothing in the rest playbook would demand that this not work as expected. The case with the photos is that your service is returning a resource represented based on info set in the request--filtering out all non-user owned photos by auth header. Your still returning the same general thing, a collection of photos.

Not much different than saying with the response type header you want a json representatio vs an xml representation returned.

Things get fishy when you switch results completely, like one person gets a collection of images while another is provided last weeks transcript of Glee at the same resource location.



来源:https://stackoverflow.com/questions/12718772/rest-api-identification-of-resource-and-content-varying-based-on-authentication

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!