Blank spaces : how to deal with nothing in API design

Consider the following HTTP endpoint:

GET /{user}/appointments

How do we deal with nothing?

Nothingman

? If the user doesn’t currently exist, return 404 – this informs the caller that nothing can be done with this resource until it is cre…


This content originally appeared on DEV Community and was authored by craignicol

Consider the following HTTP endpoint:

GET /{user}/appointments

How do we deal with nothing?

Nothingman

? If the user doesn’t currently exist, return 404 – this informs the caller that nothing can be done with this resource until it is created or recreated.

? If the user exists, but we want to protect against username enumeration, return 404 – this removes a route for malicious agents to identify actual users, perhaps prior to a password brute force. They may decide this endpoint is less likely to have the full protections afforded to the login endpoint. This endpoint should also avoid indirect enumeration, for example, returning immediately for “user doesn’t exist” and delayed for “user exists but we’re pretending because security”

? If the user exists but the caller doesn’t have permission to see their appointments, return 403 – the caller will have to log in or ask someone who has access.

Empty time

Given the selected user exists

? If this user does not support appointments, return 404 – these resources can’t be found.

? If this user does support appointments, but there are none, return an empty list.

_ note : some APIs will return 204 No Content in this scenario. 204 should only be used for POST or PUT requests to indicate server action was a success, and there’s no data to send back_

Empty space

Given the selected user exists

And they have at least 1 valid appointment (see the business rules for what “valid” means)

? If the appointment has no location (because online conference links are saved elsewhere in the appointment body) then no location property should be returned

❔ If the appointment has no location (because it is unknown) then the location property should be returned with no data (the empty string)


This content originally appeared on DEV Community and was authored by craignicol


Print Share Comment Cite Upload Translate Updates
APA

craignicol | Sciencx (2021-04-23T12:22:00+00:00) Blank spaces : how to deal with nothing in API design. Retrieved from https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/

MLA
" » Blank spaces : how to deal with nothing in API design." craignicol | Sciencx - Friday April 23, 2021, https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/
HARVARD
craignicol | Sciencx Friday April 23, 2021 » Blank spaces : how to deal with nothing in API design., viewed ,<https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/>
VANCOUVER
craignicol | Sciencx - » Blank spaces : how to deal with nothing in API design. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/
CHICAGO
" » Blank spaces : how to deal with nothing in API design." craignicol | Sciencx - Accessed . https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/
IEEE
" » Blank spaces : how to deal with nothing in API design." craignicol | Sciencx [Online]. Available: https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/. [Accessed: ]
rf:citation
» Blank spaces : how to deal with nothing in API design | craignicol | Sciencx | https://www.scien.cx/2021/04/23/blank-spaces-how-to-deal-with-nothing-in-api-design/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.