We design RESTful API for our system. 90% of resources have dependency from other resource called as "user", for example. "User" also can be used as an independent resource. We found two ways how to reflect it in API URIs.

First-level resource. Pros: transparently for clients what resources depends and what doesn't. Cons: what to do if some new resource obtain dependency from "user" or conversely lose that dependency).

/user/guest/token

Required parameter. Pros: not transparently for clients. Cons: easy to add and remove the dependence.

/token?user=guest

Does exist any best practice for such case?

We design RESTful API for our system. 90% of resources have dependency from other resource called as "user", for example. "User" also can be used as an independent resource. We found two ways how to reflect it in API URIs.

First-level resource. Pros: transparently for clients what resources depends and what doesn't. Cons: what to do if some new resource obtain dependency from "user" or conversely lose that dependency).

/user/guest/token

Required parameter. Pros: easy to add and remove the dependence. Cons: not transparently for clients.

/token?user=guest

Does exist any best practice for such case?