REST API 端点,用于通过多步骤程序更改电子邮件和更改密码 [英] REST API Endpoint for changing email with multi-step procedure and changing password
问题描述
我需要有关创建 REST 端点的帮助.有几个活动:
I need help for creating the REST endpoints. There are couple of activities :
要更改电子邮件,需要 3 个 URL 请求:
To change the email there are 3 URL requests required:
/changeemail : 这里一次性密码 (OTP) 被发送到用户的手机
/changeemail : Here one time password (OTP) is sent to the user's mobile
/users/email : 用户发送上一步中的一次性密码,系统将电子邮件发送给新用户点击电子邮件激活链接
/users/email : the user sends the one time password from previous step and system sends the email to the new user to click on the email activate link
/activateemail :用户点击新电子邮件收件箱中的链接,服务器更新新电子邮件
/activateemail : user clicks on the link in the new email inbox and server updates the new email
更改密码:
- /users/password (PATCH) : 用户提交旧密码和新密码,系统相应地更新新密码
同样,还有其他端点可以更改个人资料(字段包括生日、名字和姓氏)
Similarly, there are other endpoints to change profile (field include bday, firstname and last name)
在网上阅读后,我相信我的系统只有 users 作为资源 -->所以为了更新属性,我想使用单个 PATCH 来更改电子邮件和更改密码以及类似操作字段的内容,因此上述两个功能将如下所示:
after reading online I believe my system as only users as the resource --> so to update the attributes I was thinking of using a single PATCH for change email and change password and along with that something like operation field so the above two features will look like :
更改电子邮件:
- 操作:'sendOTPForEmailChange'
- 操作:'sendEmailActivationLink'
- 操作:'activateEmail'
更改密码:
- 操作:'更改密码'
并且我将只有一个端点用于所有上述操作(在 nodejs 中):
and I will have only one endpoint for all the above operations that is (in nodejs) :
app.patch('/users', function (req, res) {
// depending upon the operation I delegate it to the respective method
if (req.body.operation === 'sendOTPForEmailChange') {
callMethodA();
} else if (req.body.operation === 'sendEmailActivationLink') {
callMethodB();
} else if (req.body.operation === 'activateEmail') {
callMethodC();
} else if (req.body.operation === 'changePassword') {
callMethodC();
} else sendReplyError();
});
这听起来是个好主意吗?如果没有,有人可以帮助我形成 changeemail 和 changepassword 的端点.
Does this sound a good idea ? If not, someone can help me form the endpoints for changeemail and changepassword.
答案:
我最终决定在 HTTP 请求正文中使用带有操作字段的 PATCH 来指示必须执行的操作.因为我只修改了资源的一个字段,所以我使用了 PATCH 方法.此外,我想避免在 URI 中使用动词,因此使用操作"字段看起来更好.
I finally settled for using PATCH with operation field in the HTTP Request Body to indicate what operation has to be performed. Since I was only modifying a single field of the resource I used the PATCH method. Also, I wanted to avoid using Verbs in the URI so using 'operation' field looked better.
我在做这个决定时使用的一些参考资料:
Some references I used in making this decision :
Wilts 回答 此处链接
Mark Nottingham 的博客 链接文章
Mark Nottingham' blog link article
最后是 JSON MERGE PATCH 链接 RFC
and finally JSON MERGE PATCH link RFC
推荐答案
您应该创建定义特定资源的链接,避免使用 PATCH 并将所有逻辑添加到一个链接中,以保持简单并在 API 中使用关注点分离像这样
You should make the links that define the particular resource, avoid using PATCH and adding all the logic in one link keep things simple and use separation of concern in the API like this
1- /users/otp with HTTP Verb: GET -> to get OTP for any perpose
2- /users/password/otp with HTTP Verb: POST -> to verify OTP for password and sending link via email
3- /users/activate with HTTP Verb: POST to activate the user
4- /users/password with HTTP Verb: PUT to update users password
这篇关于REST API 端点,用于通过多步骤程序更改电子邮件和更改密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
