Dear Meruja, the URI of the second API (i.e. /me/roles/{roleName}) is really debatable: the intent of the */me* part of the URI seems to be to identify the logged-in user, and to me, such a user is a resource. I.e I assume that a user is represented in APIM as a resource (but I didn't check the current API), or has a unique UserID - correct?
Thus, the URI of the API should be something like .../users/{UserID}?{roleName} or /roles/{roleName}?{UserID}. Best regards, Frank Am Di., 5. Mai 2020 um 06:17 Uhr schrieb Meruja Selvamanikkam < mer...@wso2.com>: > Hi All, > > We are planning to add a REST API endpoint to APIM 3.2.0 Admin Rest APIs > and the intention is to check the existence of a particular role name ( > Internal/subscriber) when transferring ownership of an application to a > user. We have similar API in the publisher to check the availability of > the role[1]. > We have to decide the OAuth2 scope which functionalities are used by Admin > . > > The swagger definition for the new endpoint would be as follows: > > ###################################################### > # The Role Name Existence > ###################################################### > /roles/{roleName}: > #----------------------------------------------------- > # The role name existence check resource > #----------------------------------------------------- > head: > security: > - OAuth2Security: > - apim:<To_be_added> > summary: > Check given role name already exists > description: > Using this operation, to check whether given role already exists > parameters: > - $ref : '#/parameters/roleName' > responses: > 200: > description: > OK. > Requested role name is returned. > 404: > description: > Not Found. > Requested role name does not exist. > > ###################################################### > # The Role Name Existence for the logged-in user > ###################################################### > /me/roles/{roleName}: > #----------------------------------------------------- > # Validate role against a user > #----------------------------------------------------- > head: > security: > - OAuth2Security: > - apim:<To_be_added> > summary: > Validate whether the logged-in user has the given role > description: > Using this operation, logged-in user can check whether he has given > role. > parameters: > - $ref : '#/parameters/roleName' > responses: > 200: > description: > OK. > Logged-in user has the role. > 404: > description: > Not Found. > Logged-in user does not have the role. > > Appreciate any feedback on this and correct me if I am wrong. > > [1] - [APIM-3.0] Publisher rest API to check a role name existence > > Thanks & Regards, > *S.Meruja* |Software Engineer | WSO2 Inc. > (m) +94779650506 | Email: mer...@wso2.com > Linkedin: https://www.linkedin.com/in/meruja > <https://www.google.com/url?q=https://www.linkedin.com/in/meruja> > Medium: https://medium.com/@meruja > <http://wso2.com/signature> > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture