Timeline for REST URL taxonomy when sensitive data passed in header
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 15, 2024 at 18:09 | comment | added | Bryn Davis | this problem exists in a few areas for us, we've already agreed to use the header. | |
| Oct 15, 2024 at 7:05 | comment | added | Ewan | @Flater what do you mean, post calls are 100% rest | |
| Oct 15, 2024 at 1:25 | comment | added | Flater | I'm not suggesting that an API should always be 100% pure REST, but "don't use REST" doesn't seem to really answer the question on what the REST URL taxonomy should be. | |
| Oct 14, 2024 at 17:33 | comment | added | Greg Burghardt | Or pull the userId from a JWT, which should be safe since it is encrypted. | |
| Oct 14, 2024 at 17:33 | comment | added | Greg Burghardt | Something else to consider is whether the user Id is necessary at all. If /users/userId/fees is only ever called with the userId of the current user, then omit the parameter. Have the backend infer the user Id based on the user session. | |
| Oct 13, 2024 at 9:38 | history | answered | Ewan | CC BY-SA 4.0 |