How to design a restful url for login?
I did a research on this topic, but I still cannot find any answer.
I'm trying to use oauth2 and jwt to implement a web login function, then I need a rest style api between backend and frontend.
10 years ago, people just use ..../login to deal with it, but Restful api suggest that there is no verb in the url. So some people suggest that we can use ....../accesstoken, then POST username and password to get a token.
However, I think if we consider an accesstoken as resource, when we want to get the accesstoken, we should use GET method, isn't it?
So my question is: What is the best practice when designing a restful style url for login? Or just restful api is unable to achieve that?
Thanks!
===updated===
in spring oauth2, the default url it provide is post grant_type and relative info to the url /oauth/token. But shoud we use GET method to get resource?
rest login restful-architecture url-design
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
add a comment |
I did a research on this topic, but I still cannot find any answer.
I'm trying to use oauth2 and jwt to implement a web login function, then I need a rest style api between backend and frontend.
10 years ago, people just use ..../login to deal with it, but Restful api suggest that there is no verb in the url. So some people suggest that we can use ....../accesstoken, then POST username and password to get a token.
However, I think if we consider an accesstoken as resource, when we want to get the accesstoken, we should use GET method, isn't it?
So my question is: What is the best practice when designing a restful style url for login? Or just restful api is unable to achieve that?
Thanks!
===updated===
in spring oauth2, the default url it provide is post grant_type and relative info to the url /oauth/token. But shoud we use GET method to get resource?
rest login restful-architecture url-design
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03
add a comment |
I did a research on this topic, but I still cannot find any answer.
I'm trying to use oauth2 and jwt to implement a web login function, then I need a rest style api between backend and frontend.
10 years ago, people just use ..../login to deal with it, but Restful api suggest that there is no verb in the url. So some people suggest that we can use ....../accesstoken, then POST username and password to get a token.
However, I think if we consider an accesstoken as resource, when we want to get the accesstoken, we should use GET method, isn't it?
So my question is: What is the best practice when designing a restful style url for login? Or just restful api is unable to achieve that?
Thanks!
===updated===
in spring oauth2, the default url it provide is post grant_type and relative info to the url /oauth/token. But shoud we use GET method to get resource?
rest login restful-architecture url-design
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
I did a research on this topic, but I still cannot find any answer.
I'm trying to use oauth2 and jwt to implement a web login function, then I need a rest style api between backend and frontend.
10 years ago, people just use ..../login to deal with it, but Restful api suggest that there is no verb in the url. So some people suggest that we can use ....../accesstoken, then POST username and password to get a token.
However, I think if we consider an accesstoken as resource, when we want to get the accesstoken, we should use GET method, isn't it?
So my question is: What is the best practice when designing a restful style url for login? Or just restful api is unable to achieve that?
Thanks!
===updated===
in spring oauth2, the default url it provide is post grant_type and relative info to the url /oauth/token. But shoud we use GET method to get resource?
rest login restful-architecture url-design
rest login restful-architecture url-design
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
asked Jul 17 '18 at 8:17
Niuhuru LangNiuhuru Lang
13412
13412
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03
add a comment |
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03
add a comment |
1 Answer
1
active
oldest
votes
I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login".
The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend
answered Nov 11 '18 at 12:08
SY YSY Y
32
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51376453%2fhow-to-design-a-restful-url-for-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login".
The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend
answered Nov 11 '18 at 12:08
SY YSY Y
32
add a comment |
I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login".
The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend
answered Nov 11 '18 at 12:08
SY YSY Y
32
add a comment |
I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login".
The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend
answered Nov 11 '18 at 12:08
SY YSY Y
32
I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login".
The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend
answered Nov 11 '18 at 12:08
SY YSY Y
32
answered Nov 11 '18 at 12:08
SY YSY Y
32
answered Nov 11 '18 at 12:08
SY YSY Y
32
answered Nov 11 '18 at 12:08
SY YSY Y
32
32
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51376453%2fhow-to-design-a-restful-url-for-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You can reference stackoverflow.com/questions/7140074/…
– Jiahao
Aug 28 '18 at 23:52
Many thanks! 谢谢.
– Niuhuru Lang
Aug 30 '18 at 15:03