3

We are designing a RESTFUL API that needs to support several login services.

Custom login:  ptgapi/v1/clients/{clientId}/users?mode=custom
FB login:      ptgapi/v1/clients/{clientId}/users?mode=facebook
Twitter login: ptgapi/v1/clients/{clientId}/users?mode=twitter
LinkedIn login: ptgapi/v1/clients/{clientId}/users?mode=linkedin
Create user:   ptgapi/v1/clients/{clientId}/users

We have an Spring Integration layer in top of the services, so in based of the provided path, one of the services will need to be activated.

The idea would be to have a router that catches the inbound-gateway input and redirect the flow based on the payload value.

<int-http:inbound-gateway id="v1.login.inbound.gateway" path="/ptgapi/{apiVersion}/clients/{clientId}/users" .../>

But here 'create user' has the same routing process than the other ones...and I think this is a bad smell.

Is a better approach to obtain it with a better separation of concerns?

Thanks!

Antonio Acevedo
  • 1,480
  • 3
  • 21
  • 39

3 Answers3

1

Services may have the same path/route but they are identified by the operation. In REST you will have same path for services but depending on the kind of operation you are doing the HTTP method will be different. You can differentiate your login and create services by using POST and PUT HTTP methods.

Personally speaking, I believe PUT is a better choice because PUT gives more control such as :

  • Do you name your URL objects you create explicitly, or let the server decide? If you name them then use PUT. If you let the server decide then use POST.
  • PUT is idempotent, so if you PUT an object twice, it has no effect. This is a nice property, so I would use PUT when possible.
  • You can update or create a resource with PUT with the same object URL

More on PUT versus POST

PUT implies putting a resource - completely replacing whatever is available at the given URL with a different thing. By definition, a PUT is idempotent. Do it as many times as you like, and the result is the same. x=5 is idempotent. You can PUT a resource whether it previously exists, or not (eg, to Create, or to Update)!

POST updates a resource, adds a subsidiary resource, or causes a change. A POST is not idempotent, in the way that x++ is not idempotent.

Juned Ahsan
  • 67,789
  • 12
  • 98
  • 136
1

For the user CRUD you should have a route like ptgapi/v1/clients/{clientId}/users and use the HTTP methods as they are supposed to: GET for returning the user, PUT for creating the user, POST for updating the user and DELETE to remove it.

The login operation is not a user entity operation per se. You should have another route, just like ptgapi/v1/clients/login and pass the login parameters via POST (encrypted preferably).

Alexander Jardim
  • 2,406
  • 1
  • 14
  • 22
0

Create user is an action so maybe you can define a new route like

Create user:   ptgapi/v1/clients/{clientId}/users/new

or something like this.

Enrichman
  • 11,157
  • 11
  • 67
  • 101
  • I have thinking on it but from an strict restify point of view, the operation of creating a new user must be the one I have told in the post... Aren't you think the problem is more related to the login paths instead of the create user? – Antonio Acevedo Jun 27 '13 at 14:28
  • For this design I have followed the following link: http://stackoverflow.com/questions/4608225/how-do-i-implement-login-in-a-restful-web-service – Antonio Acevedo Jun 27 '13 at 14:28
  • Simple question: the "create user" is creating a user for a specific service or is a general one (for the specified client) ? – Enrichman Jun 27 '13 at 14:44
  • Is a general one because will be used in several services. Why did you ask it? – Antonio Acevedo Jun 27 '13 at 16:29