开发者

Using HTTP Vary header to decide on a strategy to process a request

开发者 https://www.devze.com 2022-12-25 15:55 出处：网络

I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B

相关专题：api-design http rest

I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B makes the call, do something else. The easiest would be to add a query param for differentiation:

 POST /resource?from=xyz

Another brilliant idea is to use the Vary HTTP header.

 POST /resource
 Va开发者_JAVA百科ry: xyz

Any problems with this approach ?

Well, for one, "Vary" is a response header, so this is not so brilliant :-)

If this is for security reasons, this is very bad security. Rather, use standard HTTP authentication (or your custom authentication scheme) to pass credentials to the backend, and only there, based on credential/roles do whatever moderation/audit is required.