I am implementing REST API using the following technologies/approaches:
I want to implement authentication endpoint, it should receive username and password in POST request in JSONAPI format and return JWT token in JSONAPI format. But I see there are some contradictions that does not allow me to be 100% RESTful:
Let's name endpoint /tokens
, because it actually creates tokens. Response would be also resource of type tokens
, e.g:
{
"data": {
"type": "tokens",
"attributes": {
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEifQ.ivJ5P23wqVo3w31flg3aOu7er--Ijght_RrBf_MuqsU",
}
}
}
But how about request? username
and password
are properties of user, but they should be sent to /tokens
endpoint. If I send users
resource to /tokens
endpoint it does not make much sense.
Is there a way around for this, to follow JSONAPI and keep API meaningful?