0

I have doubt regarding my RESTful or general API solution.

So, the case is that I need to serve same resource but in public and private manner. Meaning, that GET api/products?private=true will return products owned by current user and require authentication, and GET api/products?private=true will return all products without authentication.

I understand that this is bad practice, but would like to hear your opinion.

Thank you

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
djoloho
  • 39
  • 5

1 Answers1

0

Since /api/products?private=true and /api/products?private=false are distinct urls, there is nothing wrong from an HTTP perspective that these two endpoints return different results.

I think generally query parameters are used as a 'modifier' on the resource. So if you have a resource that returns products, and you have a query parameter that filters this list to return a subset, I would say that that is fairly common.

As an alternative you might consider to use something like /products and /my-products to create 2 endpoints that are more distinct.

Evert
  • 93,428
  • 18
  • 118
  • 189
  • Sure. Now I realised that my question was not clear enought. I meant to ask is it bad practice to have same route (/products), be public (meaning, it do not require authentication) and private (it does require authentication), depending or query parameter. – djoloho Jul 22 '20 at 18:13
  • @djoloho HTTP doesn't have a concept of route, just urls and paths. Different urls can have different authentication requirements, so no I don't think there's anything wrong with this. Just be aware that once a client is authenticated, they will likely keep sending authentication information to your entire domain for every path. – Evert Jul 22 '20 at 18:20