1

I did a research on this topic, but I still cannot find any answer.

I'm trying to use oauth2 and jwt to implement a web login function, then I need a rest style api between backend and frontend.

10 years ago, people just use ..../login to deal with it, but Restful api suggest that there is no verb in the url. So some people suggest that we can use ....../accesstoken, then POST username and password to get a token.

However, I think if we consider an accesstoken as resource, when we want to get the accesstoken, we should use GET method, isn't it?

So my question is: What is the best practice when designing a restful style url for login? Or just restful api is unable to achieve that?

Thanks!

===updated===

in spring oauth2, the default url it provide is post grant_type and relative info to the url /oauth/token. But shoud we use GET method to get resource?

Lang
  • 943
  • 13
  • 33
  • You can reference https://stackoverflow.com/questions/7140074/restfully-design-login-or-register-resources – Jiahao Aug 28 '18 at 23:52

1 Answers1

1

I think "/login" should be ok. In the book, REST API Design Rulebook, here is a paragraph said "Like a traditional web application's use of HTML forms, a REST API relies on controller resources to perform application-specific actions that cannot be logically mapped to one of the standard method (CRUD)." which means the application-specific action, login can be seen as a controller resource. Since controllers are executed by POST method, the final resource can be presented as "POST foo.com/api/login". The example given in the book is a controller resource that allows a client to resend an alert to a user: POST /alerts/245743/resend

SY Y
  • 13
  • 3