1

I'm starting with the design of a Rest API for a bookings app. I've developed some Rest API's in the past but this is the first time I design it alone. I'm using user authentication trough JWT.

So, imagine that I want to retrieve the preferences for an authenticated user. What is the most 'Rest' option?

  1. /users/:userId/preferences and send the JWT in the Authorization header to check if the userId is the same as the authenticated user.

  2. /me/preferences and only send the JWT to get the preferences of the authenticated user.

The first option seems the most 'Rest' one because of the resource oriented endpoint, but you need to store the userId in the client and then send it to the API with the JWT. Looks like a bit repetitive right?

I have seen that big API's like PayPal uses the second option and others like AirBnB uses the first one hashing the userId.

Which option is better and why? I'm very doubtful with this... Thanks.

Improve this question

1 Answer 1

Reset to default
0

Think about what other scenarios the API needs to support. For example, whether it simply needs to display some user info:

GET /users/:userId/

This could be a feature for users with elevated privileges, so the JWT data will differ from the userId. Therefore I'd go with the first option, nevermind REST, it just seems more scalable than binding yourself to a /me endpoint.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.