Reputation: 18534
RESTful design for accessing the same resource in different formats from different audiences
Use case
I am building a webshop where people can register/sign in and can purchase (and afterwards manage) their SaaS licenses. For this purpose I created (among others) the following REST endpoints:
// Lists all licenses which are linked to this user
r.Get("/users/{userID}/licenses", api.LicenseSvc.HandleGetLicenses())
// List details (such as purchase date, seat information, ...) for a given licenseID
r.Get("/users/{userID}/licenses/{licenseID}", api.LicenseSvc.HandleGetLicense())
// Creates a new license for the signed in user
r.Post("/users/{userID}/licenses", api.LicenseSvc.HandleCreateLicense())
// Each license has a limited number of seats. The license manager can free up seats to make room for others
r.Delete("/users/{userID}/licenses/{licenseID}/seats/{seatID}", api.LicenseSvc.HandleDeleteSeat())
The above endpoints are only supposed to be used in the webshop/license management panel. At the same time the same service has to serve endpoints for the SaaS products which actually use the license(s) a user has created/purchased before. This SaaS product needs different endpoints such as:
- An endpoint to check at startup whether a given license is valid at all
- An endpoint which also gets the license by ID (see above), but it should only return a subset of the license resource (e. g. it shouldn't return the date when the license was purchased)
My question
Due to the fact that I am building one REST API which is consumed by two different "audiences" (on the one hand the license manager/customer and on the other hand the SaaS software) I feel like I am running into conflicts.
The authentication of both audiences is different, both audiences want to access the same kind of resource (e. g. a license) but the resource "format" (no customer sensitive data for the SaaS requester) should be different depending on the audience.
- Should this be reflected via different REST URLs or should I handle all that logic inside of my route handlers?
- Should I even create two different services serving these different audiences? Like one API for the userpanel/license management and one for the SaaS products!?
Upvotes: 2
Views: 161
Answers (1)
Reputation: 4412
REST is not very well prepared for these multi-client scenarios. i have seen many REST apis where certain attributes of resources will only be filled under certain circumstances where i find that perfectly fine. however i have also seen many examples of multiple use cases bunched into single resource models where the swagger documentation with its limiting structure terribly fails to communicate the purpose of each field.
so: as long as the use cases do not differ too much, i would try to keep the count of endpoints low.
tip: have a look at GraphQL, it is much better equipped for handling such cases with querying only for certain sets or even only asking for certain fields, putting the client in control. however using GraphQL as the primary interface is still somewhat exotic and comes with quite substantial initial cost compared to the plentiful REST infrastructure available. still worth it.
Upvotes: 1
Related Questions
- Different Resource Representations (REST API)
- Multiple ways to identify a single resource in a RESTful API
- Designing REST API for Different Consumers
- What is a REST-conform approach to handle user based resource access?
- REST interface usage for multiple resources
- REST design for API accessing multiple resources
- RESTful HTTP: Showing different representations to two users on the same URI
- Different REST representations of same resource for different authenticated users
- In a RESTful architecture, how should clients request the format in which a resource is to be consumed?
- REST design question multiple identifiers for a resource which need to be exposed to clients