API (REST) Filtering table names, complex queries

Question

I am creating API for consuming (for this time) from mobile clients Android and iOS. Main application is a kind of e-store.

I have news endpoint, lets consider for example main url is http://consumer.com/api/v0/

Currently I have such endpoints to filter news /news?actual=1&moderation=1 ....

Simple array of GET arguments, but I have some questions about this. The bad thing ( I thinks so) is that filter parameters (actual,moderation) are the same as column names in database.

1. Is it bad idea to expose real column names ?
2. How can I solve the problem ? I have one idea is to introduce some middleware (it is possible anyway, but I am using lumen it great possibility) that will translate some fake names for example filter_actual and filter_mooderation into real table names, this will not brake my app now,just add one more layer (power of middlewares). Or there is another way to do this.

But the main problem is that if I need to perform complex query , consider next example.

Table news has column company_id, company table has column blocked, this column describes if company is blocked or not.

I need to get all news by companies that are not blocked, I have perform something like this pseudo query SELECT * FROM news WHERE company_id IN (SELECT id FROM companies WHERE blocked=0) ( I haven't checked but I hope you got an idea)

How to craft endpoint filter for this type of query, now I have introduced additional options like non_blocked_companies and pass then in with other filters /news?actual=1&moderation=1&non_blocked_companies=1 and than check if this parameter was passed with others so in code it can soon look like a lot of if statements` specific for each complex query.

I have thought about queries like this /news?actual=1&moderation=1&blocked[companies:company_id]=0 I think it is clear. I use field from other table (companies) an column in news table (company_id) which stores id of company.

But it looks ugly for me firstly because it is quite complex query in get request, but the major bad side of this for me is that I need to know exactly table name, table columns, it is not the problem now, because this API is used only for mobile clients communication and won't be opened in public, but I want to make reliable APIs anyway

1. Is it bad idea as I described formerly ?
2. How can I organize my API to be flexible (changes in API should affect frontend as little as possible)

Please, more advanced API developers, suggest what it the best choice in my case.

Thanks.

Answer 1

Is it bad idea to expose real column names ?

Is is not bad Idea. It will be good for developer to understand what exactly happening. I would give proper name rather direct column name. There are many API from Amazon and google are doing same thing.

How can I solve the problem ? I have one idea is to introduce some middleware (it is possible anyway, but I am using lumen it great possibility) that will translate some fake names for example filter_actual and filter_mooderation into real table names, this will not brake my app now,just add one more layer (power of middlewares). Or there is another way to do this.

Many times developer don't like to send body in Get response but if you feel it will be more complex and break application. I would suggest do that. Here is detail discussion before you make your call HTTP GET with request body

You can add many validation to make API more strong and handle different request scenario.