I would separate permissions and authorization. Have an endpoint fetch the permissions of a user authorized by a token.
This gives you better flow control and allows mechanisms like caching, real time permissions updates, etc.
this is actually good, differentiation on each job, make the API clean. thank you. i wish i could like this comment more than one
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would separate permissions and authorization.
Have an endpoint fetch the permissions of a user authorized by a token.
This gives you better flow control and allows mechanisms like caching, real time permissions updates, etc.
this is actually good, differentiation on each job, make the API clean. thank you. i wish i could like this comment more than one