REST API端点，用于通过多步骤过程更改电子邮件和更改密码 [英] REST API Endpoint for changing email with multi-step procedure and changing password

问题描述

我需要有关创建REST端点的帮助.有几项活动:

I need help for creating the REST endpoints. There are couple of activities :

要更改电子邮件，需要3个URL请求:

To change the email there are 3 URL requests required:

1. /changeemail:这里一次将密码(OTP)发送到用户的手机

1. /changeemail : Here one time password (OTP) is sent to the user's mobile

/users/email:用户从上一步发送一次密码，系统将电子邮件发送给新用户，以单击电子邮件激活链接

/users/email : the user sends the one time password from previous step and system sends the email to the new user to click on the email activate link

/activateemail:用户单击新电子邮件收件箱中的链接，服务器将更新新电子邮件

/activateemail : user clicks on the link in the new email inbox and server updates the new email

更改密码:

1. /users/password(PATCH):用户提交旧密码和新密码，然后系统会相应地更新新密码

类似地，还有其他端点可以更改配置文件(字段包括bday，名字和姓氏)

Similarly, there are other endpoints to change profile (field include bday, firstname and last name)

在线阅读后，我相信我的系统仅将users作为资源->因此，为了更新属性，我正在考虑使用单个PATCH更改电子邮件和更改密码，以及诸如操作字段之类的内容，因此以上两个功能看起来像:

after reading online I believe my system as only users as the resource --> so to update the attributes I was thinking of using a single PATCH for change email and change password and along with that something like operation field so the above two features will look like :

用于更改电子邮件:

1. 操作:"sendOTPForEmailChange"
2. 操作:"sendEmailActivationLink"
3. 操作:"activateEmail"

用于更改密码:

1. 操作:"changePassword"

，对于上述所有操作，我将只有一个端点(在nodejs中):

and I will have only one endpoint for all the above operations that is (in nodejs) :

app.patch('/users', function (req, res) {
  // depending upon the operation I delegate it to the respective method
   if (req.body.operation === 'sendOTPForEmailChange') {
       callMethodA();
   } else if (req.body.operation === 'sendEmailActivationLink') {
     callMethodB();
   } else if (req.body.operation === 'activateEmail') {
      callMethodC();
   } else if (req.body.operation === 'changePassword') {
      callMethodC();
   } else sendReplyError();

});

听起来不错吗?如果没有，有人可以帮助我形成changeemail和changepassword的端点.

Does this sound a good idea ? If not, someone can help me form the endpoints for changeemail and changepassword.

答案:

我终于同意将PATCH与HTTP请求正文中的操作字段一起使用，以指示必须执行的操作. 由于我仅修改资源的单个字段，因此我使用了PATCH方法. 另外，我想避免在URI中使用动词，因此使用"operation"字段看起来更好.

I finally settled for using PATCH with operation field in the HTTP Request Body to indicate what operation has to be performed. Since I was only modifying a single field of the resource I used the PATCH method. Also, I wanted to avoid using Verbs in the URI so using 'operation' field looked better.

我在做出此决定时使用的一些参考文献:

Some references I used in making this decision :

野蛮人回答在此处链接

Mark Nottingham的博客链接文章

Mark Nottingham' blog link article

，最后是JSON MERGE PATCH 链接RFC

and finally JSON MERGE PATCH link RFC

推荐答案

您应该创建定义特定资源的链接，避免使用PATCH并将所有逻辑添加到一个链接中，以使事情变得简单，并在API中使用关注点分离 像这样

You should make the links that define the particular resource, avoid using PATCH and adding all the logic in one link keep things simple and use separation of concern in the API like this

1- /users/otp with HTTP Verb: GET -> to get OTP for any perpose
2- /users/password/otp with HTTP Verb: POST -> to verify OTP for password and sending link via email
3- /users/activate with HTTP Verb: POST to activate the user
4- /users/password with HTTP Verb: PUT to update users password

这篇关于REST API端点，用于通过多步骤过程更改电子邮件和更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！