What is the proper way to structure a RESTful resource for resetting a password?
This resource is meant to be a password resetter for someone who has lost or forgotten their password. It invalidates their old password and e-mails them a password.
The two options that I have are:
POST /reset_password/{user_name}
or...
POST /reset_password
-Username passed through request body
I'm pretty sure the request should be a POST. I'm less confident that I have selected an appropriate name. And I'm not sure if the user_name should be passed through the URL or the request body.
UPDATE: (further to comment below)
I would go for something like this:
POST /users/:user_id/reset_password
You have a collection of users, where the single user is specified by the {user_name}. You would then specify the action to operate on, which in this case is reset_password. It is like saying "Create (POST) a new reset_password action for {user_name}".
Previous answer:
I would go for something like this:
PUT /users/:user_id/attributes/password
-- The "current password" and the "new password" passed through the body
You'd have two collections, a users collection, and an attributes collection for each user. The user is specified by the :user_id and the attribute is specified by password. The PUT operation updates the addressed member of the collection.