1

Say a user does a GET to return all the services for a company by using the following url: /api/company/{id}/service

They then want to update one of the service objects that are returned. Should I follow the same convention and so get them to PUT to /api/company/{id}/service/{id} or make it a bit simpler and just get them to do PUT to /api/service/{id} as the service id is globally unique.

One reason I was doing the longer URL is that I want to check if the user belongs to the Company so I can easily check that upon the request as I have the Company Id but if I go the direct route I'd then have to find the Company Id from the service and check that.

I've had a quick search and couldn't see any obvious about what the standard is for this.

Thanks

Improve this question
2
  • This is something that will bring a lot of debates, but there isn't any "standard" that I am aware of. Either or both of those are just fine; I've done designs that would allow access from both URLs simultaneously as well as designs that would use one or the other. Commented Apr 5, 2016 at 14:46
  • It does not matter whether the service id is unique or not. All that matters is whether the service is owned by the company. If yes(which i think it is) then you should stick with /api/company/{id}/service/{id} Commented Apr 6, 2016 at 5:25

3 Answers 3

Reset to default
1

I think every answer to this kind of question is a little bit debatable because the two approaches you proposed are conceptually both correct, anyway I will try to answer.

In my opinion you have to decide starting from the relationship between your company resource and your service resource. If a service is exclusively owned by a single company then I would go for the more verbose path /api/company/{id}/service/{id}. If, instead, your service resources are shared among different company resources, then I would prefer the shorter and global /api/service/{id} path.

The reasons behind my choices are purely conventional, and aim to clarify how the two resources interact each other in the application domain.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

A service is owned exclusively by a single company so I'm going to go for the longer route as you suggested. This also makes it easier for me to check authorization as I know the company id and service id from the url and also the user id from ASP.Net Identity so I can do a simple select with just the url parameters
0

I think, you can cut back the URI using only the ids, for example:

POST /api/{companyId}/{serviceId}

You will have something like this:

POST /api/movistar/balance
POST /api/movistar/sales

Improve this answer

Comments

0

First, make your clients follow links, instead of distributing "templates" how to call specific things. (Maybe you are already doing this, it is not clear from your post).

That is, when they GET the resource that lists all the services, you should include links to those services (whatever they are). This way your clients will need to PUT to the URI you supply. This way, you are in full control of the URI structure.

This in turn means, that you can use whatever structure is more convenient for you, since it will be transparent for the clients anyway. If you are more comfortable including both IDs in the URI, then go ahead. You can even change it later, if you don't like it, without the clients noticing!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.