I'm designing some REST API and just wondering how to restrict frontend users access some of resource fields.
Lets say this is our user resource:
{
"username" : "user",
"email" : "email@example.com",
"created_at" : "2011-06-13T21:56:36"
}
It's obvious that email shouldn't be disclosed and returned to public audience. However in admin section I would like to receive this field.
Is there any kind of strategies for such problems?
My ideas:
Creating a proper authentication mechanism in a REST API is (i) not trivial, and (ii) already done in many many languages. Unless for learning purposes, I would suggest not to rewrite that.
Depending on your backend language of choice, you can choose a framework to do exactly that. For example, in Python, I would suggest Django with Django Rest Framework.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.