Reputation: 113
Should a REST API be protective of data behind?
On DELETE queries that will possibly cascade into removing a lot of data, should my REST API blindly proceed or warn about it and ask for confirmation ?
I'm building an API that abstracts the manipulation of complex data stored in a relational DB. Removing an item that is referenced by other items should logically remove them to, and then cascade.
A simple example (unrelated to the real case) would be a set of three "Tree/Branch/Leaf" tables: Leaf rows have a foreign key to a Branch's id, and Branch rows similarly include a Tree id. The API enables DELETE at any level, but if you remove a Tree item, it will internally cascade into removing all the Branchs and Leafs that directly or indirectly reference it.
So on a DELETE query for a Tree, the API could:
- just comply and do all cascading removals
- refuse on grounds that it would break integrity, so you have to remove all dependent items manually first (not really practical)
- don't remove anything and send back a statement "this would remove 1 tree, 31 branchs and 987 leafs, please confirm". Confirmation could take the form of an additional header or a suffix in URL (/force), but neither are very REST and in my experience such things are often directly bypassed when writing clients (only the delete+confirm query is actually sent). I also hesitate on the HTTP code for such a reply.
I tend to think that the API should stay simple and that foolsafe protection should be in the client, but would appreciate external wisdom.
Upvotes: 1
Views: 121
Answers (1)
Reputation: 99667
As usual for questions like these, the answer really is 'it depends'. Personally, if you would go for the route of having to 'confirm' a large deletion, I would instead:
- Add a
depthorcascadingheader. Instead of 'do you really want this?' you know ask your developers to make sure they want to do a deep delete.Depthis a standard header but appears in the WebDAV spec.Cascadingwouldn't be, so you might prefix it withX-depending on whether you feel that that's a good idea =) - Respond with a
409if that header was not specified. This is how WebDAV does it and makes a lot of sense here.
However, from my point of view I think I would rather have an 'undelete' option.
Upvotes: 1
Related Questions
- Restful API: Sensitive data in url
- How do I secure data access in my new API?
- Should rest APIs with insensitive data be protected
- server-to-server REST API security
- What prevents third-party access and “mining” when serving data to a front-end via REST API?
- Transaction safety in RESTful APIs
- REST API Best Practices
- Does REST breaks data encapsulation?
- Do I need to secure the body of a REST request using oAuth?
- How to do REST securely and with sensitive data?