Core: Returning no resource after POST

Created on 12 May 2016  路  5Comments  路  Source: api-platform/core

Hello,

I would like to find a way to configure a Resource for returning nothing after creation (instead of created resource).

My use case :
- I have a PasswordReset resource (int id, string secret, bool used, User user)
- I have an endpoint POST /password-reset, witch create a new PasswordReset resource.
- I have an endpoint HEAD /password-reset/{id}/{secret}, who return 200 if resource exist.
- I have an endpoint POST /password-reset/{id}/{secret}, who create a new password for the user.

Obviously, I don't want the POST /password-reset to return the resource after creation. (the secret will be sent by mail to the user).

Furthermore, I don't want a GET /password-reset/{id} because it's useless.

Right now, when I call POST /password-reset, an InvalidArgumentException is throw with message "No route associated with the type "AppBundle\Entity\PasswordReset" because no GET /password-reset/{id} exist.

So I propose to add an attribute "returnResource" with default to true to the Resource annotation. And when to false, the operation return no data.

I can work on a patch.

question
Source
picture polc

All 5 comments

This kind of services-oriented endpoints are not REST nor resource oriented. They don't fit well with the automatic routing system.
However, if you you can use custom operations and controllers to create this kind of endpoints.

You can also switch to a more REST approach with something like:

  • PUT /user/10 ({"resetPassword": "true"})
  • GET /users/10?fields=passwordSecret ({"secret": "azertyuio"})
dunglas picture dunglas on 12 May 2016
👍1

@dunglas It appears to me that he's modelling a password reset as a resource, which is REST-ful.

teohhanhui picture teohhanhui on 12 May 2016

@teohhanhui Exaclty

It's because I need to track every reset password request.

A configurable attribute returnResource would facilitate many things : I could just setup the secret as composite ID and use the automatic routing system for the 3 operations.

  • POST /password-reset ({ "user": { "email": "[email protected]" } })
  • GET /password-reset/id=5;secret=10b1a18f089ba4cd0689a81f32125357
  • PUT /password-reset/id=5;secret=10b1a18f089ba4cd0689a81f32125357 ({"used": true})
polc picture polc on 12 May 2016

Ok I got it for the REST PasswordReset resource.

The GET /password-reset/{id} route is mandatory because in a HATEOAS API, all IRIs must be dereferencable. However you can use normalization groups to return a JSON-LD document containing only @id and @type properties. You can also use a custom action (or kernel events if you use v2) to just return 200 OK. Same apply for the POST method.

What do you think?

dunglas picture dunglas on 12 May 2016
👍1

Using an event for retuning null look like a good solution for my usecase, I think.. thanks :)

polc picture polc on 12 May 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Tjeerd picture Tjeerd  路  3Comments
silverbackdan picture silverbackdan  路  3Comments
lukasluecke picture lukasluecke  路  3Comments
kate-kate picture kate-kate  路  3Comments
stipic picture stipic  路  3Comments