Timeline for answer to POST / PUT with no explicit id in request by VoiceOfUnreason
Current License: CC BY-SA 4.0
Post Revisions
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 4, 2025 at 17:37 | comment | added | JimmyJames | "but the digest version is that the target resource is (in the common case) determined by looking at the Host header field and the request-target from the request line... and that's it." I'm not sure I buy this. This would seem to imply that you someone's e.g. home page and what they are able to access can't be based on their user identity in REST. At the very least I think you need to provide more evidence of this assertion. | |
| Jun 3, 2025 at 15:53 | comment | added | Chris Bouchard | And even if the API is the service, you can't sue for bad API design—god I wish! | |
| Jun 3, 2025 at 15:51 | comment | added | Chris Bouchard | I down-voted because you're reading way too much into this simple question. It's common practice to use multiple parts of an HTTP request (e.g., cookies and headers) to decide how to respond. And unless your API is your service, you have no legal or business obligations for it to work in any particular way. There are certainly good reasons to follow API standards, but it's not because you're going to get sued if some third-party proxy has trouble with it. | |
| Jun 3, 2025 at 15:44 | comment | added | Chris Bouchard | "[Y]our lawyers are going to be very unhappy when they learn that your resource identifiers weren't following the same rules as everybody else." 🤨 There's no need for fear mongering. If lawyers got mad about weird APIs our profession would have been outlawed years ago. | |
| Jun 3, 2025 at 3:50 | history | answered | VoiceOfUnreason | CC BY-SA 4.0 |