I have a two models, employee and tasks.
empid and taskid are primary keys of both models
I want to design a RESTful API to model this relationship.
I have thought of the following design:
hostname/task GET : get all tasks
hostname/task POST : post a tasks
hostname/task/:taskid GET : get a certain task
hostname/task/:taskid DELETE : delete a certain task
hostname/task/:taskid PATCH : update a certain task
hostname/task/:empid GET : all tasks for a certain ID
hostname/task/:empid/taskid DELETE/PATCH/GET : delete/update or retrieve for a certain employees task
Depends on the query. If you want to be explicit about the relation, you could (and should, IMO) have the following endpoints:
GET /employees/:empid/tasks DELETE /employees/:empid/tasks/:taskid
However, if you need to be able to query all tasks without taking the employee into consideration, as an API Consumer, I'd expect to have the same methods as on the employee-task endpoints, i.e.
GET /tasks DELETE /tasks/:taskid
You could write some authorization logic to decide whether the consumer has the proper permissions to delete tasks on a "global" level without specifying the employee.