0

A quick api uri design question. We have resources that belong to our clients. These resources can be edited / viewed / deleted by the client who entered them into our system. The resources can be searched by all clients but access is only granted if certain criteria is met (client has level 3 access etc).

Choice 1: include the client who owns the resource in the uri.

client/:clientname/widgets 
client/:clientname/widgets/:id

Choice 2: ditch the whole "client/:clientname" since this part of the uri has to be verified and checked against the credentials of the user accessing the information.

/widgets
/widgets:id

We have other resources other than widgets that also belong to clients.

Which way is the more preferred way and why? Cheers.

ozczecho
  • 8,649
  • 8
  • 36
  • 42

1 Answers1

1

The only advantage that Choice 1 gives it that it allows you to effectively namespace widgets/whatever by the user that uploaded them. Similar to Github, how different users can have projects with the same name. If Github were to exclude the username, no two users could have a project with the same name. If the widgets are all unique, I would go with option two and you will have a 1:1 mapping from a widget the the user that created it, thus supplying it is just extra work for whoever is calling it.

If you can have the same widget name for different users, use an approach which includes the username. You may not need to actually use the 'client' word in your url though; using a path like '/:clientname/widget/:widgetid' instead.

Note that this is kind of an opinion based question, so you may get different answers. You'll have to weigh the information provided and in the end make your own decision.

Nick Mitchinson
  • 5,452
  • 1
  • 25
  • 31