rest restful-authentication restful-url restful-architecture

RESTful authentication API design

I have a question regarding RESTful API design. Following the guidelines of REST, all endpoints should be nouns and in plural, and should never be verbs. However, it is customary to have authentication routes be:

/login
/logout

which are both verbs. If you should be true to the guidelines these routes should look more like this instead:

/users?action=login
/users?action=logout

but I've never used any API that has this particular authentication implementation, everyone uses the first one, me included. But I wonder if this is because many people don't follow the guidelines fully and it has just become a habit or is there another reason?

Solution

If you want to be compliant with the rest guidelines, your api should expose a security token resource as follows for instance :

/security/token

And that's it... You can then GET security tokens (login), use them, then DELETE them (logout)

C# .NET Implement DHL API Tracking
What Exception class type does Spring Boot throw when the user tries to access a REST endpoint whose path does not exist at the @RestController?
How to modify default spring boot not found url exception with custom message
Return string type from Spring Boot to Angular
TypeORM: update item and return it
REST collections, good practice to do: GET api/CollectionA/<collection id>/CollectionB?
what status code to throw when there is a concurrency error?
ERROR: insert or update on table "promos" violates foreign key constraint "fk_businesses_promos"
HTTP method names: upper or lower case?
Jersey message body reader not found in maven-built JAR
ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys
Best practice to return errors in ASP.NET Web API
How to get progress of file upload in percentage
How to configure JSON deserialization options in .NET minimal API project
XML Serializer not creating attributes
CORS error while consuming calling REST API with React
How to upload Multiple Images to rest API in Flutter?
Customize laravel sanctum unauthorize response
Error 415 when trying to merge PDFs by stirlingpdf.io with python
Laravel Api Help, Im getting a Null result when using json data from Site A using Site B Controller
Is HTTP status 202 appropriate for account creation, while waiting for a confirmation code?
How to make a large file accessible to external APIs?
HTTP Response code for "Please wait a little bit"
Why is requests (or urllib3) continuing to throw Timeout Value errors even though i did not change them?
How does middleware work in chi routing in Go and what does http.Handler argument refers to in middleware?
Unhandled Exception: type 'Null' is not a subtype of type 'Map<String, dynamic>'
How set Response body in javax.ws.rs.core.Response
How do I filter data in a restful way using Spring?
Handling 404 Errors Gracefully with Spring's RestClient
Using EU VIES REST Service to check VAT Number