abdulrehmanjanLeave a Comment on PIN Verification API of a banking application – which approach is preferred?

PIN Verification API of a banking application – which approach is preferred?

Hello dear,

Which of the following options would you prefer for a PIN Verification API? It's a banking application and will be served over https.

Option 1:

GET /api/v1/pin?code=123456

Option 2:

POST /api/v1/pin with request body {"code":"123456"}

This is why I am asking your suggestion:

  • The issue with first option is, sending sensitive data like PIN code in query string doesn't seem to be right approach. Again, as sending through https, the code will not be visible to middleman (if any).
  • And, the problem with second option is, "PIN Verification" is conceptually not a "POST" as it's not creating resource in REST terms.

Please let me which one will you prefer and why. Also, if want to suggest any alternative approach, totally welcome 🙂

submitted by /u/ajaxray
[link] [comments]

from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/2NwlDr7

Leave a comment

Design a site like this with WordPress.com
Get started
search previous next tag category expand menu location phone mail time cart zoom edit close