Reputation: 11071
REST API best practices: what information do we put in header and what into a body
In general, in REST API services what information we put to a body and what we put to headers?
For example, I have existing endpoint that updates a user. Like this
POST
{
"user": {
"id": 1,
"name": "some name"
}
}
This endpoint can be called when:
- User updates his data himself
- User calls to customer care and admin changes this information for a user.
I need to add admin user id to tracking if update is done by admin. For this I see two ways.
I add admin's id to the contract and if it's not empty it means that it's admin who makes changes.
POST { "user": { "id": 1, "name": "some name" }, "admin_id":"" }Body remains the same and I add
X-admin-idto http headers. If it's not empty it means that admin makes this changes.POST { "user": { "id": 1, "name": "some name" } }
Is there a best practices or I can use both ways?
Upvotes: 0
Views: 375
Answers (1)
Reputation: 402
I know this is an old question and the user may not need an answer. Here is my thought.
We should not have to put the admin_id in the body of the request. So I prefer to follow the second approach. So we just have to check the X-admin-id is available or not. If it's available, then the admin user is doing the operation on behalf of the user otherwise the user itself doing that. I would also prefer to do this check in the Filter class instead of Resource Endpoint.
Upvotes: 2
Related Questions
- REST API Design: Should I use a custom header or Authorization for some sensible information?
- RESTful best practice for authentication
- Some general restful api design questions
- Structure of a RESTful API
- REST API Design Guideline
- RESTful API Design best practice for request metadata (session id etc)?
- REST API Best Practices
- Design philosophy and best practies of a restful api
- designing a restful api: naming URIs, custom headers?
- How do I structure a real-world API according to REST principles?