Timeline for answer to In RESTful APIs, what's the proper way to have different resource properties based on user authorization? by Greg Burghardt
Current License: CC BY-SA 4.0
Post Revisions
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 20, 2024 at 21:27 | comment | added | Greg Burghardt | @IstvánBékési, you can always choose to redact information in a response as well. This is all very situational, though, and completely up to the needs of users, and the security needs of their organization. | |
| Feb 15, 2023 at 17:10 | comment | added | István Békési | - Hey, Greg! I was able to resolve this customer's issue by calling her phone number. - Phone number? What phone number? :) | |
| Jun 21, 2022 at 12:22 | comment | added | Greg Burghardt |
@Flater: the problem with a redirect is what to do about a client whose access has changed. In my tech support example, permanent redirects are problematic if I get promoted from level 1 to level 2 tech support. At that point, /customers/123 is the URL that I should see. A redirect to /customers-basic/123 is not desirable in that situation. Of course a temporary redirect can fix that issue. But this further reinforces the downsides of multiple end points representing the same object. It gets complicated. It will be complicated for clients or the server.
|
|
| Jun 20, 2022 at 22:17 | vote | accept | Alex | ||
| May 4, 2022 at 18:00 | comment | added | Flater | The issue of 401 unauthorized can be solved using a redirect to the basic scheme. Not arguing pro second resource type in particular, but this is a valid solution to the problem you pose. | |
| May 3, 2022 at 0:42 | history | edited | Greg Burghardt | CC BY-SA 4.0 |
added 1137 characters in body
|
| May 3, 2022 at 0:19 | history | answered | Greg Burghardt | CC BY-SA 4.0 |