如何设计RESTful API来检查用户的凭据? [英] How to design a RESTful API to check for user's credentials?
问题描述
我正在为移动应用程序设计API,并且希望使其保持RESTful.
API是使用基本HTTP身份验证授权的,但是,当用户首次打开应用程序时,他需要先登录,因此我需要设计一个API来检查用户的凭据,该凭据将接受一对用户名和密码,返回成功或失败.
问题是url应该是什么,这样它就可以安静吗?我认为/login不是一个好方法.
I'm designing an API for a mobile app, and I hope to keep it RESTful.
API's are authorized using Basic HTTP Auth, however, When the user open the app for the first time, he need to login first, so I need to design an API to check for user's credentials, which will accept a pair of username and password, return success or fail accordingly.
the problem is what the url should be so it is restful? I don't think /login is a good one.
推荐答案
一个好的方法是对当前用户的帐户/个人资料信息执行GET
请求.并返回用户名,设置,头像url等.me
通常用作身份验证用户的速记标识符.
A good approach is to perform a GET
request for the account/profile info of the current user. and have it return the username, settings, avatar url, etc. me
is a frequently used as a shorthand identifier of the authenticating user.
GET https://api.example.com/profiles/me
HTTP/1.1 200 OK
{
"username": "bob",
"id": "xyz",
"created_at": 123,
"image_url": "https://example.com/bob.png"
}
这篇关于如何设计RESTful API来检查用户的凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!