Rest api naming conventions for consumer and admin

Question

I am creating a REST API in python and currently, there is a route to a list of the resource instructors:

GET /instructors

But, I also have another client, used as a CRM for users who have an admin-role.

For the client, I want to display a list of instructors but with more fields and different properties.

My first thought is also to have the route:

GET /instructors

This obviously conflicts with the route above. What is the best name for this route?

GET /instructors/admin

or

GET /admin/instructors

or

GET /instructors?admin=True

I am not sure how to approach this. Thanks in advance.

Answer 1

You need to be concerned about security. A query string parameter like “admin=true” is easy to hack.

Putting /admin at the end of your URL really makes no sense because you are not requesting an admin object.

Of all the options you suggested, I believe this is best:

GET /admin/instructors 

This is probably the easiest to secure by locking down everything under /admin route.

Within your code, you can create a fuller instructor object when the request comes in on the /admin route.

Answer 2

I am glad that we are finally talking about the naming conventions this totally depends on personal preference and use cases and how your project has been designed so i will keep here my views ..

Like you said all of the above seem to be good but how i would do is

1. GET/Instructors/all
2. GET/Instructors/admin
3. GET/Instructors/any other special role

you may use queries when something specific has to be done with these roles again as in

GET/Instructors/all?credibility=PHD

something like the above its never a good idea to show every thing on just parent calls like GET/Instructor as you said firstly it creates confusion and makes the readability of your endpoints difficult with time when the complexity of your application increases.