views:

31

answers:

2

I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B makes the call, do something else. The easiest would be to add a query param for differentiation:

 POST /resource?from=xyz

Another brilliant idea is to use the Vary HTTP header.

 POST /resource
 Vary: xyz

Any problems with this approach ?

+1  A: 

If this is for security reasons, this is very bad security. Rather, use standard HTTP authentication (or your custom authentication scheme) to pass credentials to the backend, and only there, based on credential/roles do whatever moderation/audit is required.

Anton Gogolev
Yes, that is the proper way to distinguish users. Question, Jacques: why do you intend to do two different things through a single resource, anyway?
Jan Algermissen
+4  A: 

Well, for one, "Vary" is a response header, so this is not so brilliant :-)

Julian Reschke
+1...make sure you actually do read the HTTP spec :-)
Jan Algermissen