Royal Pinto Royal Pinto - 2 months ago 12
reST (reStructuredText) Question

Correct way of defining REST endpoints for user management

I have a typical user management module for which I want create REST APIs. User should be able to access his/her details but shouldn't be allowed to access other user details. Being an administrator user should be able to fetch any user or remove any user.

This is how I am planning to create URL end points, any suggestions ?

# To create/register user
POST /api/users/
# or
POST /api/register/

# To get all users
# This will be allowed to access only by admins.
GET /api/users/

# To get current user.
# For admin, allowed
# For regular user, id will be validated against userid stored in the session.
GET /api/users/<id>/

# To update current user.
# This id will be validated against userid stored in the session.
PUT /api/users/<id>/

# To delete current user.
# For admin, allowed
# This id will be validated against userid stored in the session.
DELETE /api/users/<id>/

# Login
POST /api/login/

# Logout
GET /api/logout/


Thank you

Answer

I think you've got the endpoint scheme pretty good.. only thing is the context will be the passed-in user (from the url path) and not current user.

# To create
POST /api/users

# To get all users
GET /api/users

# To get particular user.
GET /api/users/<id>

# To update particular user.
PUT /api/users/<id>

# To delete particular user
DELETE /api/users/<id>