I have api that is exposed to multiple clients. They all when requesting any resource send me a "sourceId" through which i identify which client the request is coming from:
Should i accept "sourceId" in body or in headers? How would it impact in the future?
Headers make more sense as this is something that would remain static for a particular client but i can't think of a good reason as to how i can decide which parameter to send in body and which in headers?
For some HTTP methods, such as
DELETE, the request payload has no defined semantics and sending a payload body on a such requests might cause some existing implementations to reject the requests. For further details, check the RFC 7231, the current reference for semantics and content in HTTP/1.1.
Sending the parameter in a HTTP header should work for all HTTP methods though.
If the source identifier is an API key or it's used for authentication, it should be sent in the
Authorization header. There are many APIs that define custom HTTP headers like
X-Source-ID. I would avoid that though.