Handling UI Specific Data for Multi-Tenant API

72 views
Skip to first unread message

Kevin Meredith

unread,
Dec 21, 2018, 8:22:32 AM12/21/18
to API Craft
Consider an API that handles Registration, i.e. signing up for an app. The app is multi-tenant, meaning that it supports different groups/franchises.

Now a problem exists to add tenant-configurable text to a UI involving registration.

Presently, a single web service supports the Registration API.

For this app-customizable message, should it belong to the Registration API? Or should another API, let’s call it UI Configuration API, own it?

From a REST point of view, it’s not clear to me which API should own this UI-specific data.

Thanks!

mca

unread,
Dec 24, 2018, 9:30:55 AM12/24/18
to api-...@googlegroups.com
lots going on in this post, so forgive me if i miss the mark here...

1) in HTTP, URLs don't garuntee objects in the responses, they only garuntee _messages_. and context of the request counts. so, an admin user making a request to a URL is likely to see a diff response than a guest user. both are correct even when both contain different ontent.

2) HTTP services can use more than the URL to determine context to composing a response. the value of the AUTHORIZATION header is a good exampe.

3) therefore, using config data to modulate a response to a URL is not only OK, it is quite common

4) now, if you want to make it possible to *edit* the config data, then you need to expose that via one or more URLs. the edit experience may only be available to admin users (/edit-config/ might return a 200 w/ content for the admin, and a 404 or 403 for guest accounts).

5) finally, i have no idea what you mean here by "owns it" 

hope this helps

--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.

Lukas Rosenstock

unread,
Dec 28, 2018, 5:49:15 AM12/28/18
to api-...@googlegroups.com
Hello Kevin,

I think whether the UI text comes from the Registration API or a different UI Configuration API is not a question that can be answered from a REST point of view because it’s not something I’d say REST is concerned with; it’s a broader question about the scope of an API.

In general I would say most APIs should not be concerned with the UI that displays them unless it’s their primary purpose so that an API can be reused in more different scenarios with various UIs. Therefore a good API design by the book would separate these aspects.

However, if you can be reasonably sure that the scope of your API is limited to a specific set of apps I would actually prefer to pack it both into one API in order to not over engineer your system and to improve performance by not needing multiple calls to APIs where a single request could suffice.

Hope this helps!

Lukas Rosenstock



Reply all
Reply to author
Forward
0 new messages