I can’t think of a good topic name, apologies.
I have accounts. They have IDs. I have roles. They have IDs. Accounts can be granted one or more roles on another account.
The resource representing that association is an “account_grant”; they’re effectively nothing but a relationship, and their IDs reflect that: <grantor id>:<role id>:<grantee id>.
They’re added to an account via POST /accounts/<grantor id>/grants.
Here’s my question: it seems awfully weird that when POSTing a grant, I have the grantor ID both in the URL and in the data payload. One option would be to accept the fact that a grant is wholly self-contained, and use POST /account_grants for this, but … that’s just ugly, and it hides the fact that you’re acting on an account.
I’m hoping for some magic way of reconciling my discomfort.