REST api:根据身份验证识别不同的资源和内容 [英] RESt api: identification of resource and content varying based on authentication

问题描述

我正在按照 HATEOAS/REST 原则设计 API.但我不确定这个基本点:资源识别.

I'm designing an API following the HATEOAS / RESt principles. Yet I'm not sure about this basic point: identification of resource.

假设这个网址:/images它公开了用户上传的所有图像(给这个用户).

Suppose this url: /images which exposes all the images uploaded by an user (to this user).

假设我使用 oauth 访问令牌进行身份验证，/images 的内容将根据 Authorization 标头而有所不同.

Suppose I use an oauth access token for the authentication purpose, the content of /images will vary based on the Authorization header.

这是否打破了资源概念的识别?

Does this break the identification of resource concept ?

推荐答案

没有.资源不必是静态的才能保持宁静.想象一个提供时间的网络服务:

No. A resource does not have to be static to be restful. Imagine a webservice that provides time-of-day:

 Http://www.myservice.com/current-time/

其余剧本中的任何内容都不会要求这不能按预期工作.照片的情况是您的服务正在返回基于请求中设置的信息表示的资源 - 通过 auth 标头过滤掉所有非用户拥有的照片.您仍然返回相同的一般事物，一组照片.

Nothing in the rest playbook would demand that this not work as expected. The case with the photos is that your service is returning a resource represented based on info set in the request--filtering out all non-user owned photos by auth header. Your still returning the same general thing, a collection of photos.

与使用响应类型标头说您想要返回的 json 表示与 xml 表示没有太大不同.

Not much different than saying with the response type header you want a json representatio vs an xml representation returned.

当您完全切换结果时，事情会变得可疑，例如一个人获得一组图像，而另一个人则在同一资源位置获得了上周 Glee 的成绩单.

Things get fishy when you switch results completely, like one person gets a collection of images while another is provided last weeks transcript of Glee at the same resource location.

这篇关于REST api:根据身份验证识别不同的资源和内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！