vendredi 1 février 2019

Should type of user be included in URL path when designing REST API?

I am trying to design REST API for different kind of users for an application. During the registration process, a user can be either a provider or a consumer. Basically, a provider provides some kind of service to one or many consumers. Suppose we want to create an endpoint where a logged in user can get all the services he provided or consumed depending on him being a provider or consumer. I was considering the following two options for such a URL endpoint:

Option 1

GET /api/v1/user/services

Option 2

/api/v1/provider/services
/api/v1/consumer/services

In option 1, the implementation logic would first need to check for user type in the view function, and then structure the response accordingly. In option 2 no such check is required since there are two different view functions corresponding to the two users. However, option 2 introduces a need for an authorization model such that a provider is restricted from accessing the consumer endpoint and vice versa. I was wondering which of the two options should I choose or if there is a better option I failed to consider? Also, are there any best practices in handling such use cases? Thanks in advance.

Aucun commentaire:

Enregistrer un commentaire