I am working on an Api, where I can create users/accounts and be able to login to them, by recieving a sessiontoken after calling the login path. My question is: How should I design the path to login into my user?
I have read about two login patterns and I am unsure about which I should use, where the difference is and where the benefits are.
In option 1 the login is handled by the users path. In option 2 I am handling it with the sessions path. Why I think this could be useful is because, I want to be able to check if a session is accessable. So this means I can check if someone is currently logged in, by calling something like GET /v1/sessions/{sessionToken}
Option 1:
- POST /v1/users/login or
- POST /v1/users/{userId}/login
Option 2:
- POST /v1/sessions or
- POST /v1/sessions/{userId}
I saw something like this as well:
- /v1/login
- /v1/logout
I would be glad if someone could explain me the benefits of each path, and which I should use.
I look forward to your answers.
Aucun commentaire:
Enregistrer un commentaire