0

I am considering using the POST verb for all my endpoints, in conjunction with sending a JSON formatted body with these requests. I am aware that this goes against the guidelines / conventions of traditional REST API. However, are there any specific technical or security issues in doing it this way?

Improve this question

2 Answers 2

Reset to default
1

If you're going to send a JSON, POST is the correct way to go about it. Just send a JSON and have a filter for bad JSON in your API. Before it is passed on to any data storage systems. Another way is, you can add a Basic Authentication header for the endpoint(at the least).

You can view how to do that here :

How to send a correct authorization header for basic authentication

This forces the user to have your token in order to send requests . Keep your token safe and your endpoints will be.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I don't think there are any security reasons not to do it. It just about how easy it is to use your API if you choose do something custom people have to learn it first before they can use it. Maybe take a look at graphql from Facebook it is a pretty nice API layer protocol and it also exposes a single post endpoint.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.