Has anyone had a crazy debate where your DBA or other UX programmers think that to call your REST API, that they should never have to reference a resource by id?Seems ludicrous to me, even having such a conversation.
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
On Aug 25, 2015, at 6:12 PM, Dave Schinkel <dsch...@gmail.com> wrote:Has anyone had a crazy debate where your DBA or other UX programmers think that to call your REST API, that they should never have to reference a resource by id?
On Aug 26, 2015, at 12:40 PM, Cooper Marcus <coo...@newrelic.com> wrote:Doesn't authentication and authorization take care of the "people can guess the next ID" problem?Who cares if people can know that you have a resource 123, and that you probably thus have a resource 124, if those resources are available via an authenticated/authorized API?
UUID Primary Keys for your database tables. Always.
--
On Aug 31, 2015, at 5:37 PM, Dave Schinkel <dsch...@gmail.com> wrote:Also, here's another issue. What if your client doesn't know your IDs period. We had the debate of having the client get a map of IDs but that seems inefficient. We don't have ids in our website URLs so the web team sometimes won't have an id to pass to the REST API. How is that dealt with?
Having identifiers dictated by a particular instance of a persistence engine is another.
Most people do the latter because "it's easy"....until it isn't.
I mean you look at MOST any API out there, they usually use IDs and so have I at every company I've worked for in the past
On Aug 31, 2015, at 6:06 PM, Dave Schinkel <dsch...@gmail.com> wrote:So can you explain to me how generating random IDs solves the problem of the client not having any in the first place? random or not, I still don't see how this is solved.
What about adding a column that increments in each entity that wouldn't have anything to do with the PKs.
Has anyone had a crazy debate where your DBA or other UX programmers think that to call your REST API, that they should never have to reference a resource by id?
Seems ludicrous to me, even having such a conversation.
--
You received this message because you are subscribed to a topic in the Google Groups "API Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/api-craft/dxiQPA8cuqk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to api-craft+...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.