3

We have a mobile app which calls a REST API to get the list of tiles to be displayed on the mobile primary screen. The authentication mechanism is AUTH Token using which we uniquely identify a user. The menu keeps changing depending on the version of the app. For this we have two approaches.

  1. /api/tilemenus (Pass auth header only and not version)

Retrieve auth header and lookup the version of the app in the db table (We also store the user version in our database and update it whenever user upgrades the app) and return the data accordingly.

  1. /api/tilemenus/1.2.2 (Pass auth header and version as well since client knows its version itself)

Here, no DB lookup is required since version is getting passed in REST request itself.

Which approach is better? I think approach 2 is better since we can pass the caching headers to cache this API for each version. For approach 1, there is no implicit way to discard this caching, when the user upgrades the app.

Madhur Ahuja
  • 22,211
  • 14
  • 71
  • 124

2 Answers2

2

It is common to pass API version in the URI path (check out this question too). I'd suggest to use the second option, although rewrite it as /api/1.2.2/tilemenus, which looks more similar to how APIs operate on a bunch of popular websites.

Community
  • 1
  • 1
Farcaller
  • 3,070
  • 1
  • 27
  • 42
1

In my opinion, #2 is better, because you enforce the guarantee that a specific URL always returns the same resource/data, and, yes, you can safely cache it.

Plus, it makes it easier to track version usage just by analyzing HTTP server logs.

And it even spares you the effort of keeping track of user version, since the #2 makes it explicit by the request URL itself

Tudor Ilisoi
  • 2,934
  • 23
  • 25