[Koha-bugs] [Bug 20407] Hide some fields from unauthorized users
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 21 16:50:46 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20407
Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |martin.renvoize at ptfs-europe
| |.com
--- Comment #3 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
The slightly more accepted way of doing this to date that I have seen is to
reduce the default response to only contain public fields and set the private
fields to need explicitly requesting in the api call. This way, rather than
sending back a 200 with varying content you send back either a 200 with what
the consumer has asked for (or is expecting) or you send back a 401
Unauthorized and the client knows to authenticate).
The principle of Least Surprise.
I do like the x-public way of defining it in the spec though.. :)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list