堆栈内存溢出
  简体   繁体   English

用于用户和会话的REST API URI设计?

[英]REST API URI Design for users and sessions?

 原文  2013-08-20 07:54:47       rest/ asp.net-web-api/ service-design

问题描述

I'm new to REST design so I'd like some pointers here. 我是REST设计的新手,所以我想在这里提供一些建议。

Here is what I have so far: 这是我到目前为止的内容: 

GET    /api/users                 //all users
GET    /api/users/123             //specific
GET    /api/users/me              //get your own profle 
POST   /api/users/me/session      //start new session (login)
DELETE /api/users/me/session      //ends the current session (logout)

I'm wondering about the session / login/out stuff here. 我想知道有关会话/登录/注销的信息。 Am I thinking correct here or should it be designed in some other way to be more REST'ish? 我在这里想的是对的还是应该以其他方式设计使其更具REST风格?

Also, what about register user, should that be: 另外,关于注册用户,应该是: 

POST /api/users

Even if it also starts a new session? 即使它也开始新的会话?

2 个解决方案

解决方案1
 1  2013-08-20 08:14:48

I would recommend to avoid the term session and use auth (as in authentication). 我建议避免使用术语“会话”,而使用auth(如身份验证)。 The term session gives an impression of a server-side session which normally goes against REST. 术语会话给人一种通常与REST相抵触的服务器端会话的印象。

The following are good: 以下是很好的: 

GET    /api/users                 //all users
GET    /api/users/123             //specific
GET    /api/users/me              //get your own profile

For authentication, you may have this: 对于身份验证,您可能需要执行以下操作: 

POST   /api/auth                  //username/password required. auth_token is sent back
DELETE /api/auth                  //auth_token is sent in HTTP header

解决方案2
 1  2013-08-20 08:16:21

REST is stateless, meaning that the server does not need to to keep an active state on the connected application. REST是无状态的,这意味着服务器不需要在连接的应用程序上保持活动状态。 To quote Roy Fielding : 引用罗伊·菲尔丁 

 All REST interactions are stateless. That is, each request contains all of the information necessary for a connector to understand the request, independent of any requests that may have preceded it

A common way to authenticate users is to add a 'secret' or access token to the authentication headers of the requests, which you can implement with eg OAuth 验证用户身份的常见方法是在请求的身份验证标头中添加“秘密”或访问令牌,您可以使用例如OAuth来实现

Also, when you add authentication headers there is not need to distinguish between: 另外,添加身份验证标头时,无需区分: 

GET    /api/users/123             //specific
GET    /api/users/me              //get your own profile

as you can simply check server side if the requested user's token matches the one in the authentication header, you return the 'me' profile. 因为您可以简单地检查服务器端是否要求的用户令牌与身份验证标头中的令牌匹配,所以您返回“我”配置文件。 And POST /api/users is indeed an approach to adding users to the system. POST /api/users确实是一种将用户添加到系统的方法。 Hence: 因此: 

GET    /api/users     //all
GET    /api/user/{id} //a user
PUT    /api/user/{id} //update
POST   /api/user      //Add new user
DELETE /api/user/{id} //Remove user

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 REST API URI设计 - REST API URI Design REST API URI设计约定 - REST API URI design conventions REST API URI设计方法 - REST API URI Design Approach 消息监控系统的Rest api URI设计 - Rest api URI design for messages monitoring system REST API URI 敏感资源设计 - REST API URI Design for sensitive resources 为REST API设计URI的最佳方法 - Best way to design a URI for REST API 这是设计 REST API URI 的正确方法吗? - Is this the correct way to design REST API URI's? 正确的ReST URI设计 - Correct ReST URI design REST服务URI设计 - REST service URI design REST URI设计 - REST URI design
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM