I am considering using the POST verb for all my endpoints, in conjunction with sending a JSON formatted body with these requests. I am aware that this goes against the guidelines / conventions of traditional REST API. However, are there any specific technical or security issues in doing it this way?
Asked
Active
Viewed 84 times
2 Answers
1
I don't think there are any security reasons not to do it. It just about how easy it is to use your API if you choose do something custom people have to learn it first before they can use it. Maybe take a look at graphql from Facebook it is a pretty nice API layer protocol and it also exposes a single post endpoint.
philipheinser
- 311
- 1
- 6
1
If you're going to send a JSON, POST is the correct way to go about it. Just send a JSON and have a filter for bad JSON in your API. Before it is passed on to any data storage systems. Another way is, you can add a Basic Authentication header for the endpoint(at the least).
You can view how to do that here :
How to send a correct authorization header for basic authentication
This forces the user to have your token in order to send requests . Keep your token safe and your endpoints will be.
Sam Upra
- 737
- 5
- 12