tags:

views:

24

answers:

1
+1  Q: 

Good Restful design: different payload for different accounts for same url

Is it considered bad design if one url accepted different payloads depending on the basic authentication used? for instance:

http://localhost/userA PUT by userA is allowed up pass XML_A but

http://localhost/userA PUT by adminA is allowed up pass XML_B which is XML_A plus more.

in otherwords it is the same resource but what can be updated is determined based off of the credentials supplied.

I have seen conversations about return data but not too many about request payloads. (not sure if it would be considered different) thanks

UPDATE

Based off of Darrel Miller information, would the following be a better design?

GET /{Username}       readonly resource returns different payload based off of rights
GET /{Username}/UpdInfo  returns only updatable info (subset of GET /{Username})
PUT /{Username}/UpdInfo  updates info 1 to 1 from the GET /{Username}/Info

GET /admin/{Username}/UpdInfo returns updatable info (larger subset of GET /{Username})
PUT /admin/{Username}/UpdInfo updates info 1 to 1 from the GET /admin/{Username}/Info
A: 

The problem I see is that PUT method replaces the entire contents of the resource that is targeted. e.g if the following sequence occured,

PUT /UserA  with  XML_B

PUT /UserA with XML_A

GET /UserA returns XML_A

UserA no longer contains the extra information contained in XML_B.

It think you would be better to just represent the two different sets of information as different resources:

GET /admin/UserA

PUT /admin/UserA with XML_B

GET /UserA

PUT /UserA with XML_A
Darrel Miller  2010-10-14 11:21:34
hmm.. my only confusion is that XML_B derives from XML_A. so my thoughts were that UserA accesses GET /UserA and sees XML_A changes and does PUT /UserA with XML_A. AdminA comes around and does GET /UserA and sees XML_B (which is XML_A plus some extra fields) and does PUT /UserA with XML_B. If UserA calls GET /UserA they will see XML_A ( which is XML_B but "casted" into XML_A which is the restricted view ).
BabelFish  2010-10-14 15:44:45
I updated my question with a alternate url layout. please let me know your thoughts
BabelFish  2010-10-14 15:54:46

related questions

Mocking WebResponse's from a WebRequest
What's the best way to learn server RESTful code?
JAX-RS Frameworks
SOAP or REST
Are REST request headers encrypted by SSL?
REST in Java
REST type API for non web based applications, Is It a good idea?
Getting started with REST
Plain text passwords in Ruby on Rails using Restful_Authentication
Where WCF and ADO.Net Data services stand?
REST how to handle query parameters when put to resource?
Any way to handle Put and Delete verbs in ASP.Net MVC?
How do you implement resource "edit" forms in a RESTful way?
Friendly URLs for ASP.NET
Possible to create REST web service with ASP.NET 2.0
Strange Rails Authentication Issue
How to respond to an alternate URI in a RESTful web service
Guide to choosing between REST vs SOAP services?
guid REST URL for ado.net dataservice call?
RESTful web services and HTTP verbs
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Best Practices for securing a REST API / web service
Document or RPC based web services
Modify Address Bar URL in AJAX App to Match Current State