stackoom
  简体   繁体   中英

Rest API fields restrict for role

 原文  2017-07-04 08:57:16       rest/ microservices

Question

I'm designing some REST API and just wondering how to restrict frontend users access some of resource fields.

Lets say this is our user resource: 

{
  "username" : "user",
  "email" : "email@example.com",
  "created_at" : "2011-06-13T21:56:36"
}

It's obvious that email shouldn't be disclosed and returned to public audience. However in admin section I would like to receive this field.

Is there any kind of strategies for such problems?

My ideas:

  • Create separate endpoints for administration.
  • Auth mechanism for fields?

1 answers

solution1
 0  2017-07-05 13:56:52

Creating a proper authentication mechanism in a REST API is (i) not trivial, and (ii) already done in many many languages. Unless for learning purposes, I would suggest not to rewrite that.

Depending on your backend language of choice, you can choose a framework to do exactly that. For example, in Python, I would suggest Django with Django Rest Framework.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question REST API - How to restrict access to resources by role? Restrict access to fields if not authorized in REST-ful API Restrict REST API access restrict access to a flask REST API Restrict CRUD in REST API to owner Role Base Authorization REST API How to restrict access by role to a Spring Data REST projection? REST API with two fields Restrict REST api access to only my website Restrict REST API access to only registered site
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM