Reputation: 908
Is it better to handle logged in user data server-side or client-side?
I'm building a stateless REST-based app with JWT auth. I can get (question relates to GET requests) all the users posts by implementing a variable server side that takes an ID parameter passed from the client:
http://example.com/api/v1/posts?user_id=1
$q = $q->where('user_id', '=', $data['user_id']);
Or, I could check the user ID server side, and create a new route to get only the logged in users posts:
http://example.com/api/v1/me/posts
$q = $q->where('user_id', '=', Auth::user->id());
When would I use each approach and why?
Upvotes: 0
Views: 392
Answers (1)
Reputation: 14251
This will depend of the level of access that you want for give a user to Post resources.
The first approach is give the any user the ability to access to resources of ANY user, for example:
- Tweets of a Twitter public user.
- Posts made by an author in a public magazine
- etc
The second approach is often used when yo want to restrict a user to only see his/her resources. For example:
- To see or edit his/her profile.
- Access historic data (like order details, likes, invoices)
- etc
Protecting endpoints this way to prevent of user A modify or access content that he/she may not have permission to make/see.
The use of any of those approaches will depend of the use case.
Upvotes: 1
Related Questions
- Laravel + Vue, best practices
- what is the ideal way to cache or save the api response data in laravel + Vuejs?
- Best place to fetch data for authed users in Vue app?
- Laravel backend, Vue frontend, api best practises?
- Laravel API + Vue.js or Laravel Blade
- Vue - Storing data best practice
- Good practices to manage user session data with vue and laravel API
- Best practice to store current user data into vue store from local storage?
- Best practice in using the Laravel API
- Laravel: what's the better method to retrieve current logged user and why?