rest - Had to use POST for GET job for security reasons, Is there any alternate approach to without compromising api naming conventions? -

we using post /xxx/usage/get instead of using get /xxx/usage security reasons, per api naming conventions verbs not allowed used in resource path. using post instead of avoid sending sensitive information on query param, best way identify uri has job??

option 1: use method, since security primary concern. avoided. option 2: while using post, use naming convention tell job without compromising naming convention. thinking of using post /xxx/usage/queries.

we using post instead of avoid sending sensitive information on query param, best way identify uri has job??

you don't.

in rest, uri opaque -- clients not supposed make assumptions based on spelling of identifiers. information encoded identifier done @ server's discretion , own exclusive use.

when communicate resource responds post messages (whether documentation, hypermedia, or options), communicating specific messaging semantic cannot overridden changing spelling of identifier.

as far rest concerned

post /7fa070bc-4e98-4bd1-b525-d5564b918e4c 

is fine. not human readable might like, human readability optional.

you'll want stick recommendations in rfc 3986; here, means path segments should align link hierarchy.

most spelling conventions uri focus on identifying noun -- integration resource handles particular request. note identifier resource, not method -- if suitable get, fine post well, generally.

so can replace

get /xxx/usage?sensitive-information-here 

with

post /xxx/usage  sensitive-information-here 

but

post /xxx/usage/queries 

is fine; can go that, long doesn't violate local spelling conventions.