rest api design URL design

Question

Assuming a "player" is the main and only user in a JS client app (Angular). If he/she wants to check the profile data (app.com/my-profile). How do you think the rest api of the backend server should look like and why?

1. "api/players/{playerID}/profile" .

   OR

2. api/players/my-profile with the playerID sent in headers.

In other words, should the backend's rest api be generic, or should it be aware of the design of its only js client?

Should we consider the js client and its backend as if its one only app? or two separate apps?

Answer 1

I've seen it both ways. A few things to consider:

1. If the player Ids are sensitive, you don't want them in the path. You don't want them in a header either, unencrypted at least.

2. If not in the path, and you cache responses and multiple players can use the same client, then you need to look at making use of the HTTP Vary header to avoid one player getting another player's profile (from cache).

3. I agree with the comment about API discoverability. If the back-end is telling the front-end what are the URLs via "links" (eg See HAL for an approach), then there is no concern about the "design of the js client". The expectation is that the client gets the links from the service. Ie "If you want to get the player's profile, here is the link you use".

4. If the expectation is that the id is not in the path, then it's better for the service to control that, by putting the id in a cookie, for example, so that it is certain to get it back in subsequent requests and the client doesn't even need to know.