Cookies on modern APIs ?
83 views
Skip to first unread message
Filippos Vasilakis
Mar 22, 2016, 6:45:16 AM3/22/16
to API Craft
I know that using cookies in the APIs is a bad practice, but is there anything we could exploit that little mechanism?
One thing I can think of is the fields/includes params. For instance JSONAPI supports you to send a fields or include params to explicitly say which fields of the resource you want to include and which associations as well.
If I am requesting the same resource with the same fields/includes all the time, why don't save those on my cookies instead of sending a bunch of fields/includes in the url?
What do you think? Could you think any other case we could use cookies? Or are they dead :)
Thanks!
One thing I can think of is the fields/includes params. For instance JSONAPI supports you to send a fields or include params to explicitly say which fields of the resource you want to include and which associations as well.
If I am requesting the same resource with the same fields/includes all the time, why don't save those on my cookies instead of sending a bunch of fields/includes in the url?
What do you think? Could you think any other case we could use cookies? Or are they dead :)
Thanks!
Kijana Woodard
Mar 22, 2016, 10:54:27 AM3/22/16
to api-...@googlegroups.com
Fwiw, you could POST all those fields and params and return a query resource the client can GET later.
I have no opinion on whether cookies are "dead", but I avoid them.
Btw, have you heard of macaroons?
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
Andrew B
Mar 22, 2016, 4:18:37 PM3/22/16
to API Craft
Looked at another way, what is the advantage of using cookies in this case?
They would be harder for the client to manipulate, and the network traffic will be much the same whether you pack your fields info into the URL or a cookie.
Filippos Vasilakis
Mar 22, 2016, 4:25:29 PM3/22/16
to api-...@googlegroups.com
The advantage I was thinking is to NOT send some defaults query params on the URL. Basically the fields/includes in each resource. The server could have an idea what should return by default in the majority of the clients, but if you are not in that majority or if there each client needs differs substantially from other clients, instead of sending those params every time save them in the cookies instead once for all and then, if there is a special request specify what EXTRA or what LESS you want on those defaults. Basically setup the server the way you want it.
But maybe there is no point. So cookies will die one day eventually :)
But maybe there is no point. So cookies will die one day eventually :)
On Tue, Mar 22, 2016 at 9:18 PM, Andrew B <abr...@gmail.com> wrote:
Looked at another way, what is the advantage of using cookies in this case?
They would be harder for the client to manipulate, and the network traffic will be much the same whether you pack your fields info into the URL or a cookie.
--
You received this message because you are subscribed to a topic in the Google Groups "API Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/api-craft/GJwgvE5KYfU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to api-craft+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages