I have 2 applications - a laravel rest API and angular front end which are on 2 different domains. It is a multi tenant app where users can belong to one or more organisations and can switch between orgs within the app. I am using session storage so the user can have 2 or more tabs open and be logged into different orgs at the same time. All the data belongs to an org via foreign keys etc. I need to pass the org_id with most requests and am considering doing this via a custom header e.g. X-org-id. This would work nicely with the angular http interceptors and with a laravel middleware class that can automatically scope any data reading to the org id and auto populate org if for any create/update calls.
Is there any issue with using a custom header in this way?
If a user can be logged into several organizations, it would make sense to have the org-id be part of the REST API, i.e. part of the URL.
To elaborate a bit: A custom header can be used for all kinds of purposes, but there are advantages to keeping all the information needed to request a resource in the URL.
That way, URLs can be stored, bookmarked and used without having to rely on the existence of a custom header.