Heirachical Resources Urls

#1

We currently have api calls that look something like:

/api/organization/<organization_uuid>/<organization_resource>/<organization_resource_uuid>

Where <organization_resource> is a resource within that organization.

Users are members of one or more organizations.

I would like to simplify the url by removing the need for the organization_uuid in the url since the organization_resource_uuid should be unique, but I’m not having much luck.

We currently use the organization_uuid for an initial authorization check to make sure the user is part of the organization before we do the DB hit, as well as the database shard key to use to actually make the database call.

I’ve though about creating a new composite_organization_resource_uuid that is the combination of both the organization_uuid and the current organization_resource_uuid, but that would make our resource ids super long.

We’ve also thought about creating a mapping table that maps an organization_resource_uuid back to the organization_uuid and querying this table for each request, but that seems inefficient as well.

Has anyone solved a similar issue, and if so how?

#2

We’ve also thought about creating a mapping table that maps an organization_resource_uuid back to the organization_uuid and querying this table for each request, but that seems inefficient as well.

I would do it like that.

In your first version, don’t you have to do that anyway? Sure, you have both the resource UUID and the organization UUID, but you still have to make sure the resource is part of that organization. Someone could put the wrong organization. So you’re not avoiding the query.