I’m thinking of instances where there’s a relation of “request resource” and “response resource”. For example; sessions; I’m posting credentials (or “session request”) but am getting a session in return.
I’m making this distinction because they are not the same type of resource and often don’t overlap.
Following the same example; credentials have email and password, possibly a PIN, but a session has authorization token, an expiration date, a relationship with a user resource, etc.
I couldn’t find anything explicitly against it in the spec but I wanted to be sure; how should I handle cases like that?
Thanks in advance.