9

I am implementing REST API using the following technologies/approaches:

I want to implement authentication endpoint, it should receive username and password in POST request in JSONAPI format and return JWT token in JSONAPI format. But I see there are some contradictions that does not allow me to be 100% RESTful:

Let's name endpoint /tokens, because it actually creates tokens. Response would be also resource of type tokens, e.g:

{
  "data": {
    "type": "tokens",
    "attributes": {
      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEifQ.ivJ5P23wqVo3w31flg3aOu7er--Ijght_RrBf_MuqsU",
    }
  }
}

But how about request? username and password are properties of user, but they should be sent to /tokens endpoint. If I send users resource to /tokens endpoint it does not make much sense.

Is there a way around for this, to follow JSONAPI and keep API meaningful?

Improve this question
1
  • What I do in these cases is having a session object or entity which is the one containing the properties you mention and I wouldn't care they're from a user because the user is the one authenticating. In any case, JSONAPI and REST are good guides to follow but apply your style when in need. Commented Oct 24, 2018 at 20:33

2 Answers 2

Reset to default
5

If I send users resource to /tokens endpoint it does not make much sense.

Why not? REST does not impose that you only send users to a user resource. Sure, when you CRUD operations on a user resource you'll do this via the user resource endpoint.

But to generate a token, it's totally reasonable to send a user resource to the token endpoint.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi, thanks for the reply. > REST does not impose that you only send users to a user resource. REST does not, but REST API specification does. That's the problem.
2

You could also supply the user credentials via an HTTP Authorization header, or as part of the toplevel meta property of the JSON payload.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.