REST api:根据身份验证识别不同的资源和内容
我正在按照 HATEOAS/REST 原则设计 API.但我不确定这个基本点:资源识别.
I'm designing an API following the HATEOAS / RESt principles. Yet I'm not sure about this basic point: identification of resource.
假设这个网址:/images它公开了用户上传的所有图像(给这个用户).
Suppose this url: /images which exposes all the images uploaded by an user (to this user).
假设我使用 oauth 访问令牌进行身份验证,/images 的内容将根据 Authorization 标头而有所不同.
Suppose I use an oauth access token for the authentication purpose, the content of /images will vary based on the Authorization header.
这是否打破了资源概念的识别?
Does this break the identification of resource concept ?
没有.资源不必是静态的才能保持宁静.想象一个提供时间的网络服务:
No. A resource does not have to be static to be restful. Imagine a webservice that provides time-of-day:
Http://www.myservice.com/current-time/
其余剧本中的任何内容都不会要求这不能按预期工作.照片的情况是您的服务正在返回基于请求中设置的信息表示的资源 - 通过 auth 标头过滤掉所有非用户拥有的照片.您仍然返回相同的一般事物,一组照片.
Nothing in the rest playbook would demand that this not work as expected. The case with the photos is that your service is returning a resource represented based on info set in the request--filtering out all non-user owned photos by auth header. Your still returning the same general thing, a collection of photos.
与使用响应类型标头说您想要返回的 json 表示与 xml 表示没有太大不同.
Not much different than saying with the response type header you want a json representatio vs an xml representation returned.
当您完全切换结果时,事情会变得可疑,例如一个人获得一组图像,而另一个人则在同一资源位置获得了上周 Glee 的成绩单.
Things get fishy when you switch results completely, like one person gets a collection of images while another is provided last weeks transcript of Glee at the same resource location.