Which REST operation (GET, PUT, or POST) for validating information?
Solution 1
My users enter a few information fields in a iOS app. This information must be validated on my server, which has a RESTful API. After validation the UI of the iOS app changes to indicate the result....I'm not getting a resource, and neither is a resource created or updated.
Since you aren't saving anything (not modifying any resource), I'd think this is technically more RPC than RESTful to me.
The following is my opinion, so don't take it as gospel:
If the information is simply being submitted and you're saying yes or no, and you're not saving it, I'd say POST
is fine..
If information were actually being saved / updated, then choosing the proper HTTP method would be a lot more relevant.
POST = CREATE / SUBMIT (in an RPC context)
PUT = UPDATE (or CREATE if there is nothing to UPDATE)
Solution 2
I use the same scenario as you and use PUT for it. You have to ask yourself: "when I send the same request twice, does this make a different state on server?" If yes, use POST, if no use PUT.
Solution 3
I believe it is similar to GET entity but since we need to send data to validate and sending confidential data in URL is wrong habit as only payload data is ciphered by TLS, the only way left is POST or PUT.
However you may save or update the data in validate(eg. "verified":false). Based on requirement, you can go for POST
or PUT
(recommended POST
if no update)
POST /user/validate-something
Solution 4
Google proposes use of Custom Methods for REST API
For custom methods, they should use the following generic HTTP mapping:
https://service.name/v1/some/resource/name:customVerb
The reason to use : instead of / to separate the custom verb from the resource name is to support arbitrary paths. For example, undelete a file can map to POST /files/a/long/file/name:undelete
Source: https://cloud.google.com/apis/design/custom_methods
So for validation the URL should be POST /resource:validate
meaning-matters
Should software be simple, usable, easy to understand, ...? I believe there's one unifying force that matters most: meaning. When focussing on what is most meaningful for users, properties like simplicity and usability will follow naturally. This principle can be applied to all levels: For example, from arranging code statements, to presenting data. It's my guide that has led to great results for already more than two decades. Cornelis
Updated on October 05, 2021Comments
-
meaning-matters over 2 years
My users enter a few information fields in an iOS app. This information must be validated on my server, which has a RESTful API. After validation the UI of the iOS app changes to indicate the result.
Neither GET, PUT, or POST seem to be appropriate, because I'm not getting a resource, and neither is a resource created or updated.
What is the best fitting REST operation to implement this validation?
-
meaning-matters over 10 yearsThanks for the answer! Indeed it smells lik RPC. Even the URL ends in
/check
at the moment. But of course I don't want to mix in one SOAP RPC or something ;-) -
meaning-matters over 10 yearsThis and other posts ;-) confirm what you say. Issue seems to be that there is no clear theoretical answer, and that it's a practical/interpretation thing.
-
Admin over 10 years
PUT
against which URI? -
Kristian over 10 yearsthanks for following up with that useful link. good luck. PS, check out Apigee.com, they do API discussions and how-tos... they once talked about good API structure, and they made note that you can include RPC-style methods that decorate existing routes... i.e. RESTFUL normal method:
/resource(/:id)
and RESTFUL decorated with RPC:/resource/check
which accepts the params you're validating / checking -
Lukas K over 10 yearsfor example /Login (No metter how many times you login, the server stays still the same)
-
Plap almost 8 yearsIn addition mind also about the returning status code: When the POST is to create it should answer with 201 (Created) while in your case (RPC) I think you are free to return 200 (Ok) or, as always, 400 (Bad Request).