Which REST operation (GET, PUT, or POST) for validating information?

http rest post asp.net-web-api put
21,790

Solution 1

My users enter a few information fields in a iOS app. This information must be validated on my server, which has a RESTful API. After validation the UI of the iOS app changes to indicate the result....I'm not getting a resource, and neither is a resource created or updated.

Since you aren't saving anything (not modifying any resource), I'd think this is technically more RPC than RESTful to me.

The following is my opinion, so don't take it as gospel:

If the information is simply being submitted and you're saying yes or no, and you're not saving it, I'd say POST is fine..

If information were actually being saved / updated, then choosing the proper HTTP method would be a lot more relevant.

POST = CREATE / SUBMIT (in an RPC context)
PUT = UPDATE (or CREATE if there is nothing to UPDATE)

Solution 2

I use the same scenario as you and use PUT for it. You have to ask yourself: "when I send the same request twice, does this make a different state on server?" If yes, use POST, if no use PUT.

Solution 3

I believe it is similar to GET entity but since we need to send data to validate and sending confidential data in URL is wrong habit as only payload data is ciphered by TLS, the only way left is POST or PUT.

However you may save or update the data in validate(eg. "verified":false). Based on requirement, you can go for POST or PUT (recommended POST if no update)

 POST /user/validate-something

Solution 4

Google proposes use of Custom Methods for REST API

For custom methods, they should use the following generic HTTP mapping:

https://service.name/v1/some/resource/name:customVerb

The reason to use : instead of / to separate the custom verb from the resource name is to support arbitrary paths. For example, undelete a file can map to POST /files/a/long/file/name:undelete

Source: https://cloud.google.com/apis/design/custom_methods

So for validation the URL should be POST /resource:validate

Share:
21,790
meaning-matters
Author by

meaning-matters

Should software be simple, usable, easy to understand, ...? I believe there's one unifying force that matters most: meaning. When focussing on what is most meaningful for users, properties like simplicity and usability will follow naturally. This principle can be applied to all levels: For example, from arranging code statements, to presenting data. It's my guide that has led to great results for already more than two decades. Cornelis

Updated on October 05, 2021

Comments

  • meaning-matters
    meaning-matters over 2 years

    My users enter a few information fields in an iOS app. This information must be validated on my server, which has a RESTful API. After validation the UI of the iOS app changes to indicate the result.

    Neither GET, PUT, or POST seem to be appropriate, because I'm not getting a resource, and neither is a resource created or updated.

    What is the best fitting REST operation to implement this validation?

  • meaning-matters
    meaning-matters over 10 years
    Thanks for the answer! Indeed it smells lik RPC. Even the URL ends in /check at the moment. But of course I don't want to mix in one SOAP RPC or something ;-)
  • meaning-matters
    meaning-matters over 10 years
    This and other posts ;-) confirm what you say. Issue seems to be that there is no clear theoretical answer, and that it's a practical/interpretation thing.
  • Admin
    Admin over 10 years
    PUT against which URI?
  • Kristian
    Kristian over 10 years
    thanks for following up with that useful link. good luck. PS, check out Apigee.com, they do API discussions and how-tos... they once talked about good API structure, and they made note that you can include RPC-style methods that decorate existing routes... i.e. RESTFUL normal method: /resource(/:id) and RESTFUL decorated with RPC: /resource/check which accepts the params you're validating / checking
  • Lukas K
    Lukas K over 10 years
    for example /Login (No metter how many times you login, the server stays still the same)
  • Plap
    Plap almost 8 years
    In addition mind also about the returning status code: When the POST is to create it should answer with 201 (Created) while in your case (RPC) I think you are free to return 200 (Ok) or, as always, 400 (Bad Request).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Are PUT and POST requests required/expected to have a request body?
Web API 2 POST request simulation in POSTMAN Rest Client
What is the difference between POST and PUT in HTTP?
Consequences of POST not being idempotent (RESTful API)
C# Webapi POST request fails - 404 NOT FOUND
HATEOAS Rel - Any Standards Yet?
In HTTP, does PUT and POST send data differently?
Best way to support "application/x-www-form-urlencoded" post data with WCF?
how to send POST HTTP request from Google Chrome without any extensions?
Getting "411 Length Required" after a PUT request from HTTP Client