How does a client know, which of the list of supported resources, is suitable for POST/PUT (insert/update)? #179
Comments
pvretano
changed the title
|
Another approach (in addition to OpenAPI document?) would be super valuable. +1 for not requiring an OpenAPI parsing to determine the validity or parameters of any operation, as it would put some development frameworks / methodologies at a great disadvantage. |
|
How about an API Description element with one entry for each HTTP verb supported for the described resource? |
|
Features API SWG meeting 2020-10-12: Investigate, if OPTIONS can address this. We don't want to invent a new API definition grammar that is basically a stripped-down OpenAPI definition. @pvretano will look at how OPTIONS as specified in the HTTP RFC can address the need. |
|
In my experience, an HTTP OPTIONS request is a great way for a client to determine which HTTP methods are available at a particular endpoint. In fact, it's exactly what the HTTP OPTIONS method is for. We have implemented this for many of the endpoints on our test "OGC API" server at "https://test.cubewerx.com/cubewerx/cubeserv/demo/ogcapi/Daraa". E.g., an HTTP OPTIONS request to returns while an HTTP OPTIONS request to returns This is sensitive to identity as well, so clients will get an "Allow" response header that's specific to them based on the access-control rules of the server. Of course our OpenAPI document at "https://test.cubewerx.com/cubewerx/cubeserv/demo/ogcapi/Daraa/api" also lists the HTTP methods available at each endpoint, and that too is sensitive to identity. But as stated in a previous comment, it would be a rather heavyweight thing for a client to look up. Whereas an HTTP OPTIONS request is a well-established single-packet few-millisecond request. |
|
@pomakis - Agreed. However, there is one aspect of the original comment that the standard OPTIONS does not address:
|
|
@cportele - True. One possible solution is to state that the OPTIONS response headers can contain an HTTP Accept header (as specified in RFC 7231 section 5.3) indicating what the endpoint can accept. The HTTP Accept header is typically used in a request to indicate what the client (requester) is willing to accept, but I see no reason it couldn't be used the other way around. E.g., an HTTP OPTIONS request to could return Just a thought. |
|
One goal of OGC Web APIs is to align with main-stream IT. If a client does not want to parse the OpenAPI document, then they should rely on the HTTP protocol. We should not invent our own non-standard solution. RFC 7231 states that "A server generating a successful response to OPTIONS SHOULD send any header fields that might indicate optional features implemented by the server and applicable to the target resource". As I read this, the server should include an "accepts" header and all valid values for that header. So main-stream IT provides us with a solution and this issue can be closed. |
|
@cmheazel I think the solution proposed by @pomakis above in part relates to the discussion in #160 , as even with only GET support, if I understand correctly, it would provide a mechanism for the server to list all supported media-types for a given resource path.
Is this the singular Does any requirement, recommendation or non-normative guidance need to be clarified in Part 1: Core before this issue can be closed? |
|
@jerstlouis wrote:
I think that's a bit beyond what a simple Accept-header mechanism can provide. I envision this header (in an OPTIONS response) indicating only what the endpoint can accept in a POST or PUT body. It's not strictly necessary to list all of the formats that it can serve in response to a GET operation. Firstly, the set of hypermedia links that the client navigates through to get to the endpoint typically provides specific links to the various available formats. Also, the resource itself can sometimes provide a set of "alt" links. Finally, and perhaps most importantly, remember that "Accept" is primarily defined as a request header. In most cases, therefore, a client shouldn't care what the available choices are when making a GET request. It can just list what its preferences are as per RFC 7231 section 5.3.2. |
joanma747
added
Cross-SWG Discussion
|
I'm not sure whether this mirrors all use cases (probably not), but in STAC we use a method property in the links, e.g. GET is the default for method, so the If there's also support for POST, you would add another link: OPTIONS is surely a good option as it's just HTTP and Browsers request it anyway, but I'm not sure how easy it is to get the result without making a second request via your preferred JS library for HTTP requests. And in most other environments you need a separate HTTP request. |
|
If we want to extend the link object, then we should consider to follow the HTTP Link Hints proposal: https://mnot.github.io/I-D/link-hint/ |
|
Interesting, @cportele. Thanks for the heads-up, we should also take that into consideration in STAC - and I think we can still do so without breaking too much. |
jerstlouis
added
enhancement
Most servers advertise in the conformance document which feature formats they support (e.g. GeoJSON, GML, etc.). However, not all formats (e.g. HTML) are a suitable representations for use with a HTTP POST. How does a client know which formats may be used with a POST/PUT?
One way is to use the OpenAPI document but it seems like a pretty heavy lift to make clients (especially ones that don't use OpenAPI-base tool chains) have to read the OpenAPI document to figure this out.
Would another approach we of value? Perhaps some variant of OPTIONS or something similar to /queryables or perhaps some form of parameterized conformance document that crosswalks the format-based conformance classes with the methods they support (e.g. GeoJSON with GET,PUT,POST).
The text was updated successfully, but these errors were encountered: