Quiz Entry - updated: 2026.07.14
What are the two main API architecture types and how does access control differ between them?
Resource-oriented APIs (REST) organise around objects and check access per object+HTTP-method; service-oriented APIs organise around functions and check access per function call.
| Aspect | Resource-Oriented | Service-Oriented |
|---|---|---|
| Business logic | Mostly frontend | Mostly backend |
| API structure | Along objects/resources | Along services/functions |
| Access control | Object-level | Function-level |
| HTTP methods | Determine action (GET, POST, PUT, DELETE) | Usually POST only |
Resource-oriented example (REST):
| Action | Method | URI |
|---|---|---|
| Read | GET | /object/5 |
| Create | POST/PUT | /object/6 |
| Update | PATCH/PUT | /object/6 |
| Delete | DELETE | /object/6 |
Key insight: In REST APIs, the HTTP method determines the action, so authorization must check both the resource AND the method.