Hello dear,
Which of the following options would you prefer for a PIN Verification API? It’s a banking application and will be served over https.
Option 1:
GET /api/v1/pin?code=123456
Option 2:
POST /api/v1/pin with request body {"code":"123456"}
This is why I am asking your suggestion:
- The issue with first option is, sending sensitive data like PIN code in query string doesn’t seem to be right approach. Again, as sending through https, the code will not be visible to middleman (if any).
- And, the problem with second option is, “PIN Verification” is conceptually not a “POST” as it’s not creating resource in REST terms.
Please let me which one will you prefer and why. Also, if want to suggest any alternative approach, totally welcome 🙂
UPDATE:
Thanks a lot everyone for your suggestion.
Finally, I am going with this approach – using POST with a different endpoint.
submitted by /u/ajaxray
[link] [comments]