[Pki-devel] TPS REST interface design

Endi Sukma Dewata edewata at redhat.com
Sat Jun 29 21:12:58 UTC 2013 

On 6/29/2013 2:16 PM, Ade Lee wrote:
> One thing I just noticed though is the operation to add a token.
> You have POST /tokens passing in the tokenId.
>
> POST /tokens is only used when creating a resource when the URL of the
> resource is unknown -- ie. it will be specified by the server.  An
> example of this is POST /certrequests which returns the URL of the
> request /certrequests/0xf00 where 0xf00 is the request ID as assigned by
> the server.

That is one way to use POST, but in general it doesn't always have to be 
that limited. Consider the ID as an optional parameter. You can specify 
it, but it's not specified the server could generate a new ID 
automatically (not that we want to do that for this case). For the 
client it would be easier to use the same operation to create a new 
entry, with or without the ID. The operation that will work for both 
cases is POST-ing into the collection.

I don't think this is violating any REST guidelines. It's also 
consistent with the add operation for the existing user and group resources.

> In this case, the token ID is what is being passed in.  So we know the
> resultant  URL when the resource is created.  There are two options
> instead:
>
> a) PUT  /tokens/tokenID
> b) POST /tokens/tokenID
>
> My preference is a) but of course the advantage of (b) is that there is
> a distinction between an ADD and a modify operation.
>
> The same comment applies to all the ADD operations in the design.

The problem with (a) is that without ETag there's a risk overwriting an 
existing token, and there's no warning or error message when that 
happens. While ETag is desired, it should be optional (can we guarantee 
all clients will support ETag?) and may not get implemented right away. 
If we POST to the collection the server can reject it if the entry 
already exists. Also, naturally an add operation is not idempotent, so 
we should not use PUT.

Option (b) is a little weird because usually we expect the resource 
would already exist when we POST. POST-ing to the collection is fine 
because the collection always exists.

-- 
Endi S. Dewata

More information about the Pki-devel mailing list