Handling sensitive data in API subobjects

I'm exposing some internal capabilities via REST API and am looking for options for sensitive/subscription information that is contained in subobjects.

A good example would be PII; let's say there is a resource called "Order" which has a customer as a subobject. Only certain users should have permission to see the customer PII. Product/UX wants a simplified external interface. The Order resource would expose a customer object as a child of the order object.

A few options are

  • Expose a customer object nested within the order object, but the customer PII would not be included in that object; a separate CustPII resource would be exposed that would 401 if user didn't have permission
  • Include the the PII object inside the order.customer object, but return empty if user is not authorized.

Choice 1 seems obvious for PII, but my actual use case is far broader. Our top-level entity is filled with subobjects that are governed by user permissions and subscriptions. I would follow pattern 1 if I could, but that would violate the requirements as it would require a dozen API calls to actually retrieve a fully hydrated top level entity. Product is clear that this is not the desired behavior per our customer base.

Any ideas?

submitted by /u/threecheeseopera
[link] [comments]

from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/2FdFGt1

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s