Categories
Mastering Development Software

RESTful API User Accounts

I’m trying to expose RESTful API endpoints for creating user accounts to access my API. So, this would be one of the first things my consumers would use. I’m trying to figure out if this is how I should implement the endpoints, so any feedback / guidance (particularly in complying with REST principles) is highly appreciated.

My current thoughts:

POST /users with parameters name, email, and password to register.

PUT /users/{id} with parameters name, email, and/or password to update user account.

DEL /users/{id} to delete account.

I think the above 3 endpoints handles the create, update, and delete part of the user accounts. Now, I’m trying to figure out how to "log in" (essentially, the user needs to submit email and password to get an access_token) and "log out" (where the `access_token" is nullified).

LOG IN

GET /users with parameters email and password. The endpoint would return name, email, access_token. For subsequent calls, I’m unsure if I should change the value of access_token.

GET /users/{id} with same parameters as GET /users. This means the {id} in the path is ignored and useless. This feels weird.

LOG OUT

PUT /users/{id} with parameter access_token and the value null. Essentially, this would nullify the access token, and any further use of the access token in other endpoints would result in a 401 Unauthorized.

Leave a Reply

Your email address will not be published. Required fields are marked *