REST API：资源和内容的识别基于不同而不同身份验证 [英] RESt api: identification of resource and content varying based on authentication

问题描述

我设计遵循HATEOAS / REST原则的API。
然而，我不知道这个基本观点：资源确定

I'm designing an API following the HATEOAS / RESt principles. Yet I'm not sure about this basic point: identification of resource.

假设这个网址： /图片
它公开由用户（本用户）上传的所有图像。

Suppose this url: /images which exposes all the images uploaded by an user (to this user).

假设我使用的身份验证目的的OAuth访问令牌，/图像会根据授权头的内容。

Suppose I use an oauth access token for the authentication purpose, the content of /images will vary based on the Authorization header.

这是否打破资源概念的识别？

Does this break the identification of resource concept ?

推荐答案

没有。一个资源并不一定是静态的是宁静。想象一下，一个web服务，提供时间的日：

No. A resource does not have to be static to be restful. Imagine a webservice that provides time-of-day:

 Http://www.myservice.com/current-time/

在休息的剧本没有什么比这需求预期，这不行。
 与照片的情况下，你的服务是基于请求设置信息返回psented一个资源再$ P $ - 通过身份验证头过滤掉所有的非用户拥有的照片。你仍然返回相同的一般的东西，照片的集合。

Nothing in the rest playbook would demand that this not work as expected. The case with the photos is that your service is returning a resource represented based on info set in the request--filtering out all non-user owned photos by auth header. Your still returning the same general thing, a collection of photos.

并不比你想要一个JSON重新presentatio VS一个XML重新presentation返回的响应头型不同的说法。

Not much different than saying with the response type header you want a json representatio vs an xml representation returned.

而另一个是在相同的资源位置提供欢乐合唱团的最后几个星期成绩单事情变得可疑，当你完全切换的结果，就像一个人得到的图像的集合。

Things get fishy when you switch results completely, like one person gets a collection of images while another is provided last weeks transcript of Glee at the same resource location.

这篇关于REST API：资源和内容的识别基于不同而不同身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！