RESTful认证API设计 [英] RESTful authentication API design

问题描述

我有一个关于 RESTful API 设计的问题.遵循 REST 的指导方针，所有端点都应该是名词和复数，而不应该是动词.但是，习惯上将身份验证路由设置为:

I have a question regarding RESTful API design. Following the guidelines of REST, all endpoints should be nouns and in plural, and should never be verbs. However, it is customary to have authentication routes be:

/login
/logout

这两个都是动词.如果您应该忠于指南，这些路线应该看起来更像这样:

which are both verbs. If you should be true to the guidelines these routes should look more like this instead:

/users?action=login
/users?action=logout

但我从未使用过任何具有此特定身份验证实现的 API，每个人都使用第一个，包括我在内.但我想知道这是因为很多人没有完全遵循指南而只是成为一种习惯还是另有原因?

but I've never used any API that has this particular authentication implementation, everyone uses the first one, me included. But I wonder if this is because many people don't follow the guidelines fully and it has just become a habit or is there another reason?

推荐答案

如果你想遵守其余指南，你的 api 应该公开一个安全令牌资源，例如:

If you want to be compliant with the rest guidelines, your api should expose a security token resource as follows for instance :

/security/token

就是这样......然后你可以获取安全令牌(登录)，使用它们，然后删除它们(注销)

And that's it... You can then GET security tokens (login), use them, then DELETE them (logout)

这篇关于RESTful认证API设计的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！