REST: nested resource url when you don't want the parent ID visible

I read that the route for getting a nested resource in REST should look like this

/articles/:articleId/comments

The owner (:articleId) of the child resource will be visible.

But what if you have an owner that you don't want the client to know about?

For example, let's say I have an app where users have anonymous posts. I wouldn't want other users to see the client fetching the post by /users/123/post/321 because users could identify who wrote the post from the id and it wouldn't be anonymous.

Is the id necessary? Is it ok to instead do /users/posts/321 if all posts have a unique id?

Solution

There are no actual requirements for the URL format. It can be whatever you'd like it to be.

If it were me, I would use simply /posts/321 and leave users out of it, since a particular user isn't specified in your URL at all. I think that's the clearest way to handle it in your case.

What Exception class type does Spring Boot throw when the user tries to access a REST endpoint whose path does not exist at the @RestController?
How to modify default spring boot not found url exception with custom message
Return string type from Spring Boot to Angular
TypeORM: update item and return it
REST collections, good practice to do: GET api/CollectionA/<collection id>/CollectionB?
what status code to throw when there is a concurrency error?
ERROR: insert or update on table "promos" violates foreign key constraint "fk_businesses_promos"
HTTP method names: upper or lower case?
Jersey message body reader not found in maven-built JAR
ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys
Best practice to return errors in ASP.NET Web API
How to get progress of file upload in percentage
How to configure JSON deserialization options in .NET minimal API project
XML Serializer not creating attributes
CORS error while consuming calling REST API with React
How to upload Multiple Images to rest API in Flutter?
Customize laravel sanctum unauthorize response
Error 415 when trying to merge PDFs by stirlingpdf.io with python
Laravel Api Help, Im getting a Null result when using json data from Site A using Site B Controller
Is HTTP status 202 appropriate for account creation, while waiting for a confirmation code?
How to make a large file accessible to external APIs?
HTTP Response code for "Please wait a little bit"
Why is requests (or urllib3) continuing to throw Timeout Value errors even though i did not change them?
How does middleware work in chi routing in Go and what does http.Handler argument refers to in middleware?
Unhandled Exception: type 'Null' is not a subtype of type 'Map<String, dynamic>'
How set Response body in javax.ws.rs.core.Response
How do I filter data in a restful way using Spring?
Handling 404 Errors Gracefully with Spring's RestClient
Using EU VIES REST Service to check VAT Number
Make REST API call in Swift