Skip to main content
Software Engineering

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

4
  • The issue of 401 unauthorized can be solved using a redirect to the basic scheme. Not arguing pro second resource type in particular, but this is a valid solution to the problem you pose. Commented May 4, 2022 at 18:00
  • @Flater: the problem with a redirect is what to do about a client whose access has changed. In my tech support example, permanent redirects are problematic if I get promoted from level 1 to level 2 tech support. At that point, /customers/123 is the URL that I should see. A redirect to /customers-basic/123 is not desirable in that situation. Of course a temporary redirect can fix that issue. But this further reinforces the downsides of multiple end points representing the same object. It gets complicated. It will be complicated for clients or the server. Commented Jun 21, 2022 at 12:22
  • - Hey, Greg! I was able to resolve this customer's issue by calling her phone number. - Phone number? What phone number? :) Commented Feb 15, 2023 at 17:10
  • @IstvánBékési, you can always choose to redact information in a response as well. This is all very situational, though, and completely up to the needs of users, and the security needs of their organization. Commented Mar 20, 2024 at 21:27