AndrewMcLagan
Reputation: 13987
RESTful API design: token auth
I'm designing a standard compliant RESTful API. Each resource has its own end points. There are no verbs in my resources etc...
We use JWT for stateless client authentication.
How can I still utilise a semantic design with auth routes?
E.g.
/auth/login
/auth/logout
/auth/reset
/auth/forgot
These endpoint contain verbs... I can't workout how to best name the auth resource.
Upvotes: 1
Views: 417
Answers (1)
georoot
Reputation: 3617
Rather than using auth, you can use the verb users. Hence the routes would change to
POST /users # Signup
POST /users/token # Login
PUT /users # Update profile
GET /users/me # Profile of logged in user
POST /users/reset
POST /users/forgot
DELETE /users/:id # deactivate account
Now this is more of a personal preference but the endpoints are more or less compatible with best practices.
Upvotes: 1
Related Questions
- How to implement authentication & authorization between microservices & API Gateway using Laravel
- Microservice Architecture - How to get user information from API gateway to microservice
- Best way to make restfull API in Laravel
- API authentication for Ajax/Axios requests in a Laravel app?
- How to Secure API access_token (React, Laravel)
- JWT Authentication within a Micro Service architecture
- What is the standard way to secure a REST API using Tokens?
- Token authorisation for Laravel 5 RESTful API
- RESTful API using JWT (JSON Web Token) setup token expiry
- Implement token for Laravel 4 RESTful API authentication