I’ve been googling for hours and read the specs a few times, but I haven’t found a clear answer to my problem.
Let’s say I have
articles. I want to create an article which will be owned by a user (that already exists). Should I call
POST /articles and then call
POST /users/id/relationships/articles? This seems weird to me since I know to make two calls and if my app fails between the two, there will be an article without an owner. Also, the database might not allow that anyway.
So obviously a
POST call should be made on either
/users/id/relationships/articles. It makes more sense to me to call
POST /users/id/articles since the JSON payload will contain an entire article, not just a resource identifier and from my understanding
self links only deal with resource identifiers. But I actually have no idea since the specs aren’t clear on that and there are no examples.
I’ve read about using
POST /articles and having the user defined in the
author relationship, but I would like to avoid that method if possible. I would prefer to be able to tell if a user is authorized or not to accomplish a certain task by only looking at the URL and not parsing the request’s body.
Thanks in advance