Send user ID along with any REST API call?

Question

I am building an application with symfony2 + FosRestBundle in backend and angularjs in frontend. It is a single page application. Backend and client (consuming data from rest api/backend) are on the same server.

After login the user is able to create/edit/delete data (to keep it simple). Since the backend is stateless I cannot create any kind of authentication context on the server using symfony2 and because of that I cannot get the user ID in an api call.

So on login I create a token and save it on the root scope of the client application. Now about the problem. Since the logged in user is manipulating data, like editing a post or change a post from published to unpublished, I need to pass the user ID along with the api call. But it seems that some request types are restricted to parameters, e.g.

public function closePostAction($slug)
{} // "close_post"      [PATCH] /posts/{slug}/close

You can find more about REST actions here https://github.com/FriendsOfSymfony/FOSRestBundle/blob/master/Resources/doc/5-automatic-route-generation_single-restful-controller.md

So is it possible to send a user ID or any other kind of parameter along with a PUT/PATCH/UPDATE/DELETE request? Any other suggestions or ideas? Do I have a wrong approach to this problem? How would you pass the user to a rest api call?

Answer 1

Use OAuth for Authentication, with the FOSOAuthServerBundle

Or send your existing token in the request body or in a Authentication header as OAuth does.