Reputation: 403
API Design; action endpoints
Let's say I have a devices which will connect to a server and register/transfer data through an API.
I understand that you would have things like:
GET: api/devices
GET: api/devices/:id
POST api/devices
DELETE: api/devices/:id
Those are examples of typical CRUD endpoints.
But where would I add endpoints for checking if this device is allowed to connect with it's factory ID?
I was thinking of always passing a post field with an API key in the form of a device ID, but that would mess with the HTTP verbs.
So I think the best way is to add a parameter like this:
GET: api/devices/:id?id=something
But that would become redundant with this endpoint.
So the question is; how would I successfully identify my own devices?
Upvotes: 1
Views: 151
Answers (1)
Reputation: 99816
It sounds like you're simply looking for a way to do authentication. Take a look at the Authorization header and the various authentication schemes for it. If existing authentication schemes don't fit your needs, you can also extend it with your own. Common ones are Basic, Digest and Bearer. An example of a vendor-extension is AWS.
Upvotes: 1
Related Questions
- REST actions and URL API design considerations
- REST API Designing Endpoints (Action/Verb => Noun/Resource )
- Action in a REST API
- Designing REST API with Actions
- Rest endpoints structure
- API routes that perform actions
- REST api : correctly ask for an action
- REST Design for different actions
- Modelling actions in REST
- How best to design a RESTful API for initiating an action