1

What is the best practice for implementing a REST call for sending out a password. By this I mean what is best practice for having this as a resource?

/User/ForgotPassword

and then post in the email address for it to be sent to?

To me that seems a little to unRESTful...thoughts.

Kind of a silly questions, but curious what people have to say.

Thanks!

Adam
  • 725
  • 9
  • 17
  • Offtopic, but please don't send out the actual password and don't store in plain text, reset it and send them that. – Radu Jul 12 '11 at 01:24
  • agree on not storing it in plain text, but why not send them their password in the email? – Adam Jul 12 '11 at 01:28
  • 1
    This covers it pretty well: http://stackoverflow.com/questions/1069722/sending-username-and-password-through-email-after-user-registration-in-web-applic/1069799#1069799 – Radu Jul 12 '11 at 01:30
  • Also read: http://stackoverflow.com/questions/522967/forgot-password-what-is-the-best-method-of-implementing-a-forgot-password-functi – NotMe Jul 12 '11 at 01:34

1 Answers1

0

I created a new resource Email.

Figure this could be used for multiple types of emails that the system will have to send out.

Can also be called on the user resource /Users/Emails

Adam
  • 725
  • 9
  • 17