如何设计RESTful API来检查用户的凭据? [英] How to design a RESTful API to check for user's credentials?

问题描述

我正在为移动应用程序设计API，并且希望使其保持RESTful.
API是使用基本HTTP身份验证授权的，但是，当用户首次打开应用程序时，他需要先登录，因此我需要设计一个API来检查用户的凭据，该凭据将接受一对用户名和密码，返回成功或失败.
问题是url应该是什么，这样它就可以安静吗?我认为/login不是一个好方法.

I'm designing an API for a mobile app, and I hope to keep it RESTful.
API's are authorized using Basic HTTP Auth, however, When the user open the app for the first time, he need to login first, so I need to design an API to check for user's credentials, which will accept a pair of username and password, return success or fail accordingly.
the problem is what the url should be so it is restful? I don't think /login is a good one.

推荐答案

一个好的方法是对当前用户的帐户/个人资料信息执行GET请求.并返回用户名，设置，头像url等.me通常用作身份验证用户的速记标识符.

A good approach is to perform a GET request for the account/profile info of the current user. and have it return the username, settings, avatar url, etc. me is a frequently used as a shorthand identifier of the authenticating user.

GET https://api.example.com/profiles/me
HTTP/1.1 200 OK
{
  "username": "bob",
  "id": "xyz",
  "created_at": 123,
  "image_url": "https://example.com/bob.png"
}

这篇关于如何设计RESTful API来检查用户的凭据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！