tags:

views:

41

answers:

2
+1  Q: 

Restlet multiple actions on one Entity

Hi, I'm trying to figure out how to best lay out a set of Restlet APIs. I have a User entity, which might have the standard CRUD operations, which fits nicely into rest, but there are other ones too like "reset password", or "terminate".

What is the best way to lay this out?

Here is what i was thinking:

/1.0/user/update        //perhaps this would just be a PUT on /1.0/user
/1.0/user/resetPassword //This would reset the password, but also send an email.
/1.0/user/terminate     //This might do some additional cleanup

Then I would make a UserResource that would really attach like this

/1.0/user/{actionType}

And the handling code might look like this (psuedo):

action = request.getAttributes().get("actionType");
if (action == "update") {
   do update
} elif (action == "resetpassword") {
   do resetpassword
} elif (action == "terminate") {
   do terminate
}

Really bad idea? Really ninja idea?

+1  A: 

I think it's an OK idea. If you want your application to be RESTful, you really have to provide links in the representation for your User resource, and document them as URIs that perform the selected actions.

The Sun Cloud API does just this:

  • GET a VM returns a representation VM including "controllers" that are URIs that perform functions (see description of the VM media type)
  • Client knows about the media type, recognizes controllers (e.g. a VM provides "start", "stop" etc.
  • URI of control resource for that particular VM is right there

So as you can see, if you use /1.0/user/resetPassword or /1.0/user?op=resetPassword or /1.0/resetPassword?userId=xyzzy is a bit irrelevant, since the client really shouldn't care, it merely follows links in representations.

Also, remember to use POST for such operations since they are generally not idempotent and they probably have side effects.

mogsie  2010-08-14 08:40:21
A: 

How about these?

PUT /user/bob 
DELETE /user/bob/password 
DELETE /user/bob

and don't forget mogsie's point that the client should discover these URLs from some other document, it should not know them in advance.

Darrel Miller  2010-08-14 13:53:58
I wouldn't say that it is so obvious to DELETE one's password in order to get a new one, if that's what it implied. But it could be a nice, idempotent thing if each password were its own resource, re-deleting it would have no effect, since deletion of one password would generate a new password resource at a different URI. Interesting idea.
mogsie  2010-08-14 16:14:05

related questions

Mocking WebResponse's from a WebRequest
What's the best way to learn server RESTful code?
JAX-RS Frameworks
SOAP or REST
Are REST request headers encrypted by SSL?
REST in Java
REST type API for non web based applications, Is It a good idea?
Getting started with REST
Plain text passwords in Ruby on Rails using Restful_Authentication
Where WCF and ADO.Net Data services stand?
REST how to handle query parameters when put to resource?
Any way to handle Put and Delete verbs in ASP.Net MVC?
How do you implement resource "edit" forms in a RESTful way?
Friendly URLs for ASP.NET
Possible to create REST web service with ASP.NET 2.0
Strange Rails Authentication Issue
How to respond to an alternate URI in a RESTful web service
Guide to choosing between REST vs SOAP services?
guid REST URL for ado.net dataservice call?
RESTful web services and HTTP verbs
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Best Practices for securing a REST API / web service
Document or RPC based web services
Modify Address Bar URL in AJAX App to Match Current State