How to handle non-resource POST request and response ? (like session login)


#1

As stated in the title, if following the JSON API Specifications, how to handle requests and responses for non-resource data.

For example, what would look like a login request and its response ?

Request :

POST /session HTTP/1.1
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": {
    "grant_type": "password",
    "username": "john.doe",
    "password": "foobar"
  }
}

Response :

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": null,
  "meta": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
    "token_type": "Bearer",
    "expires_in": 86400
  }
}

#2

This topic seems to touch on it well.

On a better note I honestly think being more authorization scheme adherent would be the better policy, in which case you could provide a link to the login URL with the appropriate vocabulary.

Are you asking about any additional scenarios as well, or is this strictly limited to auth?