Home/ Questions/Q 6556881
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T13:00:06+00:00

I am trying to make a RESTful api and have some function which needs

  • 0

I am trying to make a RESTful api and have some function which needs credentials. For example say I’m writing a function which finds all nearby places within a certain radius, but only authorised users can use it.

One way to do it is to send it all using GET like so:
http://myapi.heroku.com/getNearbyPlaces?lon=12.343523&lat=56.123533&radius=30&username=john&password=blabla123

but obviously that’s the worst possible way to do it.

Is it possible to instead move the username and password fields and embed them as POST variables over SSL, so the URL will only look like so:
https://myapi.heroku.com/getNearbyPlaces?lon=12.343523&lat=56.123533&radius=30

and the credentials will be sent encrypted.

How would I then in Sinatra and Ruby properly get at the GET and POST variables? Is this The Right Way To Do It? If not why not?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are really trying to create a restful API instead if some URL endpoints which happen to speak some HTTP dialect, you should stick to GET. It’s even again in your path, so you seem to be pretty sure it’s a get.

    Instead of trying to hide the username and password in GET or POST parameters, you should instead use Basic authentication, which was invented especially for that purpose and is universally available in clients (and is available using convenience methods in Sinatra).

    Also, if you are trying to use REST, you should embrace the concept of resources and resoiurce collections (which is implied by the R and E of REST). So you have a single URL like http://myapi.heroku.com/NearbyPlaces. If you GET there, you gather information about that resource, if you POST, you create a new resource, if you PUT yopu update n existing resource and if you DELETE, well, you delete it. What you should do before is th structure your object space into these resources and design your API around it.

    Possibly, you could have a resource collection at http://myapi.heroku.com/places. Each place as a resource has a unique URL like http://myapi.heroku.com/places/123. New polaces can be created by POSTing to http://myapi.heroku.com/places. And nearby places could be gathered by GETing http://myapi.heroku.com/places/nearby?lon=12.343523&lat=56.123533&radius=30. hat call could return an Array or URLs to nearby places, e.g.

    [
    "http://myapi.heroku.com/places/123",
    "http://myapi.heroku.com/places/17",
    "http://myapi.heroku.com/places/42"
]

    If you want to be truly discoverable, you might also embrace HATEOAS which constraints REST smentics in a way to allows API clients to “browse” through the API as a user with a browser would do. To allow this, you use Hyperlink inside your API which point to other resources, kind of like in the example above.

    • 0