REST design for file uploads

cdeszaq picture cdeszaq · Dec 8, 2011 · Viewed 89.6k times · Source

I want to create a REST API for a file upload service that allows a user to:

  1. Open a session
  2. Upload a bunch of files
  3. Close the session

And then later, come back and do things with the files they uploaded in a previous session.

To facilitate dealing with data about each file and dealing with the content of the file itself, this is the URI scheme I am thinking of using:

/sessions/
/sessions/3
/sessions/3/files
/sessions/3/files/5
/sessions/3/file/5/content
/sessions/3/file/5/metadata

This will allow the file metadata to be dealt with separately from the file content. In this case, only a GET is allowed on the file content and file metadata, and to update either one, a new file has to be PUT.

Does this make sense? If not, why and how could it be better?

Answer

manuel aldana picture manuel aldana · Dec 10, 2011

Why do you need sessions? Is it for Authentication and Authorization reasons? If so I would use http basic with SSL or digest. As such there is no start or end session, because http is stateless and security headers are sent on each request.

Suggestion of upload resource would be to directly map as private filesystem


# returns all files and subdirs of root dir
GET /{userId}/files
GET /{userId}/files/file1
GET /{userId}/files/dir1
# create or update file
PUT /{userId}/files/file2



When uploading file content you then would use multipart content type.

Revised answer after comment

I would design your wanted separation of file-content and payload by introducing link (to file-content) inside upload payload. It eases resource structure.

Representation 'upload' resource:


{
  "upload-content" : "http://storage.org/2a34cafa" ,
  "metadata" : "{ .... }" 
}

Resource actions:


# upload file resource
POST /files
-> HTTP 201 CREATED 
-> target location is shown by HTTP header 'Location: /files/2a34cafa

# /uploads as naming feels a bit more natural as /files
POST /sessions/{sessionId}/uploads
-> HTTP 201 CREATED
-> HTTP header: 'Location: /sessions/{sessionId}/uploads/1
-> also returning payload

# Updating upload (like metadata)
/PUT/sessions/{sessionId}/uploads/1