Design question; relationship resources and DRY principals

I can’t think of a good topic name, apologies.

I have accounts. They have IDs. I have roles. They have IDs. Accounts can be granted one or more roles on another account.

The resource representing that association is an “account_grant”; they’re effectively nothing but a relationship, and their IDs reflect that: <grantor id>:<role id>:<grantee id>.

They’re added to an account via POST /accounts/<grantor id>/grants.

Here’s my question: it seems awfully weird that when POSTing a grant, I have the grantor ID both in the URL and in the data payload. One option would be to accept the fact that a grant is wholly self-contained, and use POST /account_grants for this, but … that’s just ugly, and it hides the fact that you’re acting on an account.

I’m hoping for some magic way of reconciling my discomfort. :stuck_out_tongue:

The grants you are posting, are they relationships or a new resource that will have an immediate relationship to accounts/<grantor id>?

if your grants are relationships, then I think you have to
POST /accounts/<grantor id>/relationship/grants
request body

  "data": [
    { "type": "grants", "id": "123" }

is what I got from

Having the id in the data is mandatory, having it in the URL is merely recommended (you are free to use whatever URL structure you like).