'RESTful resource creation in multiple steps

There are situations where resource creation requires more than one step.

Example

A session resource is created when a user authenticates. So the API call responsible for authentication would be a POST to example.com/api/sessions.

We use a password-authenticated key exchange for authentication. This requires the sending of two messages to the server: AuthInit and AuthFinish. The session should only be created once the user is authenticated (after successful processing of AuthFinish).

But since there are now two steps to creating a session, where should each of the two requests be send?

Potential Solution 1: two endpoints

AuthInit -> example.com/api/sessions/init

AuthFinish -> example.com/api/sessions/finish

Potential Solution 2: one endpoint handles both

AuthInit -> example.com/api/sessions

AuthFinish -> example.com/api/sessions

apirestapi-designrestful-authentication


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Modify WooCommerce REST API product image upload

Modify WooCommerce REST API product image upload

How to extract the list of all repositories in Stash or Bitbucket?

How to Configure/Access Bitbucket Server REST API via OAuth Client Credentials

HTTP response code for POST when resource already exists

can't watch multiple files with json-server

How to call a REST web service API from JavaScript?

How to call a REST web service API from JavaScript?

Posting a File and Associated Data to a RESTful WebService preferably as JSON

Symfony post request body parameters?

In Hexagonal architecture, can a service rely on another service, or is that tight coupling?

How do I use Django piston to return a response in text/plain?

How do I set up a Google Cloud Function with Authentication?

split json response in Qt

Developing a Spring REST service with OData interface