简体繁体 English

依赖于上下文的REST API策略

[英]Context dependent REST API strategies

原文 2017-04-12 12:26:52 6 2 rest/ restful-architecture

What strategies would you suggest for making a RESTful API "context dependent"? 您建议使用RESTful API“依赖于上下文”的策略是什么？

Let me elaborate. 让我详细说明一下。

On a project that I'm working on we are exposing a resource Team . 在我正在开展的项目中，我们正在展示一个资源Team 。 Users can create their own teams, which results in a POST /teams request to the API. 用户可以创建自己的团队，从而产生对API的POST /teams请求。 The request is validated using set of rules meant for user created teams. 使用针对用户创建的团队的一组规则验证请求。

We also have an administration interface which is used by certain users to create the same type of Team resource, however this is governed by a slightly different set of validation rules. 我们还有一个管理界面，某些用户使用它来创建相同类型的Team资源，但这由一组略有不同的验证规则控制。

Administrators may use either our public or administration interface, and so the validation has to happen based on their context, not the user's capabilities. 管理员可以使用我们的公共或管理界面，因此验证必须根据其上下文而不是用户的能力进行。

To rephrase the question above for this specific situation: How do we separate between these two contexts in a RESTful way? 为了解决这个特定情况，请重新解释上述问题：我们如何以RESTful方式将这两个上下文分开？ Do we create two different resources even if the "result" is of the same type, and if so what naming conventions would you suggest? 我们是否创建了两个不同的资源，即使“结果”属于同一类型，如果是，您会建议哪些命名约定？

2 个解决方案

Nothing in REST guarantees that a resource will behave identically for different clients. REST中的任何内容都不能保证资源对不同的客户端的行为相同。 Furthermore, since the authorization information is attached to each request, it is natural for resource to analyze it and apply client-specific logic to request. 此外，由于授权信息附加到每个请求，因此资源分析它并应用特定于客户端的逻辑来进行请求是很自然的。

But! 但！ If some operations on your resource introduce complex resource invariants with dependent lifetimes of resource's parts, you'd better refactor it early into smaller resources. 如果资源上的某些操作引入了具有资源部分的相关生命周期的复杂资源不变量，那么您最好将其早期重构为较小的资源。 For example, if an Administrator should add a member to the team and then a RegularUser should fill the details of the member in the team ... You've probably noticed, that there's two resources - team and member . 例如，如果管理员应该向team添加member ，然后RegularUser应该填写team member的详细信息...您可能已经注意到，有两个资源 - team和member 。

HINT: When decomposing complex resource which participates in different operations, you can get new ideas by imagining future scaling problems caused by different clients. 提示：在分解参与不同操作的复杂资源时，您可以通过设想由不同客户端引起的未来扩展问题来获得新想法。 What if you'll be overhelmed by one client of the resource, how would you achieve stable reply for another client? 如果您被资源的一个客户所淹没怎么办，您将如何获得另一个客户的稳定回复？ It's easier to scale different resources than different part of one resource, so look at your operations and think about scaling. 比一个资源的不同部分更容易扩展不同的资源，因此请查看您的操作并考虑扩展。

I believe what you should do is create a 'user-level' token or just a user for each admin that they should use when they want the public interface. 我相信你应该做的是为他们想要公共界面时应该使用的每个管理员创建一个“用户级”令牌或者只是一个用户。

There is only one interface, namely /teams in terms of REST API, and your token can decide the validation rules. 只有一个接口，即REST API方面的/团队，您的令牌可以决定验证规则。

Or if each admin is responsible from a team I'd design /admins/x/teams endpoint to validate differently and only accept x's authentication. 或者，如果每个管理员都对团队负责，我会设计/管理/ x /团队端点以不同方式进行验证，并且只接受x的身份验证。 sub-resources are still RESTful. 子资源仍然是RESTful。