The Rant
Should ID be given in URL if already secured with JWT containing ID?
Submitted by JoeClark » Mon 11-Dec-2017, 20:16Subject Area: GeneralKeywords: Affiliate Marketing Examples | 43 member ratings |
 |
Hi.
If I wanted to DELETE a user authenticated with a JWT token that contains the user object, should this DELETE handled go under /users or /users/?
It makes sense to have under the /users/ endpoint as you're deleting that specific item.
But also makes sense to have it under /users as then you don't have redundant data and you don't have to enter the every time you want to perform a function on your user when you already have the JWT authentication.
This idea falls to many-to-many objects too, say I wanted to access /users//games//move stripping '/users/' makes it seem like there's not 'user' resource but it makes it less clunky and again less data redundancy.
Which is more 'accepted' or 'right'?
Please Help.
Thanks,
I didn't find the right solution from the internet.
References:https://softwareengineering.stackexchange.com/questions/362060/should-id-be-given-in-url-if-already-secured-with-jwt-containing-id
Affiliate Marketing Examples
341 Comments
