REST API with two fields

Question

I've read lot of API REST and the possible approaches but I'm not 100% clear about what I have to do.

I want to know what's the best way of do the following:

I have a secure REST with tokens related to accounts. Then I also have objects related to specific accounts.

I need to get objects depending on an accountId (this account is mandatory). The accountId is an attribute of the object. An user can have more than one account so I need to send the accountId the user has selected to retrieve the specific objects.

Even if I search for a specific object I need to send the accountId (this account is related to security restrictions).

What is the best of doing that?

OPTION 1, as path parameter:

get all objects

/objects/account/{accountId}

get one object

/objects/{id}/account/{accountId}

OPTION 2:

get all objects

/objects?account=accountId

get one object

/objects/{id}?account=accountId

Thanks,

Answer 1

Although the account id is an attribute of the object, it sounds like the objects belong to the account. In that case I would recommend /accounts/{id}/objects. You could extend that to /accounts/{id}/objects/{id}, but I'm not sure you really need the account in the URL in order to find the object -- you should be able to use /objects/{id} and get the account from the auth token in headers to make sure the requester actually owns the object. Actually, you could do the same for /objects, if you don't mind that /objects returns a different list for different users.

For what it's worth, I don't think there is actually a "right" answer to this question. I've searched for answers to this question myself and there are good reasons to do it either way.