How to handle non-resource POST request and response ? (like session login)

sylver · October 23, 2017, 7:16pm

As stated in the title, if following the JSON API Specifications, how to handle requests and responses for non-resource data.

For example, what would look like a login request and its response ?

Request :

POST /session HTTP/1.1
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": {
    "grant_type": "password",
    "username": "john.doe",
    "password": "foobar"
  }
}

Response :

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": null,
  "meta": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
    "token_type": "Bearer",
    "expires_in": 86400
  }
}

michaelhibay · November 28, 2017, 6:32am

This topic seems to touch on it well.

On a better note I honestly think being more authorization scheme adherent would be the better policy, in which case you could provide a link to the login URL with the appropriate vocabulary.

Are you asking about any additional scenarios as well, or is this strictly limited to auth?

Topic		Replies	Views
Server response when Content-Type is not present	2	815	March 24, 2021
File uploading with multipart	6	22693	September 28, 2016
Content-type requirements has vague wording	1	1324	April 4, 2017
What should be the content of "No Content" and "Accepted" responses?	4	9460	June 22, 2016
Content-Type / Accept header error responses	6	9105	March 3, 2020

How to handle non-resource POST request and response ? (like session login)

Related Topics