One issue about the restful service API designing. I'm not sure how is a proper way to do it. Please give me some suggestions.
My scenario is like this. I have a user resource and permission resource.
http://www.sample.com/rest/users
http://www.sample.com/rest/permissions
User can have multiple permission; one permission can be used for many users; it is many to many relationship.
Normally, we can say a permission belongs to a user, so we have an API like:
http://www.sample.com/rest/users/{userId}/permissions
When we want to build a relationship between the permission and an user, here are two options.
we can first use POST: http://www.sample.com/rest/permissions
with a permission body, then POST:
http://www.sample.com/rest/users/{userId}/permissions with a set
of permission ids. I'm not sure if there is any other rest APIs
designing like this.
we can use only one API like:
http://www.sample.com/rest/users/{userId}/permissions with a
permission object content. In this method, we do two things I
descript in option 1. The downside is that we cannot never reuse the
created permission, it looks like one user can have multiple
permissions, but one permission only used by one user, which obey
our first designing. But it is really simple to user.
If you have any experience on this topic, any suggestions are welcome.
Another way is to think of the Users and Permissions as separated ‘spaces’ or resources. You should be able to manage them individually using CRUD.
To create user
To create a permission
Then come to mapping, you should use PUT instead since it is not creating a new resource but to map the two resources
Add user to Permissions space
Or add users to permissions space
Add permissions to Users space
Or add permissions to Users space