Follow @bissell
Michael's blog


The API Contract
Default Formats
General API Management
Error Standards
Response Codes
Collections
Filters
Cherry Picking
Conveniences
Change Logs

Conveniences and Path Variables

Filters can be programmatically applied to path variables. For example, we may have a top-level collection called /agreements which can be filtered by the participating agencies in the /agreement object. I may restrict that list of items with a filter like
/agreements?agencyCode=456
In order to restrict a member of Agency 456 from only being able to see their own things, we can create a convenience, or an alias, from
/agencies/456/agreements
to
/agreements?agencyCode=456
This allows us to restrict access to users based on the with simple pattern matching at the API frontend. If a person is only allowed to see things in /agencies/456/* they will not be able to rewrite their request to /agencies/123/* -- the front end security will block them before they even get to the actual API.