Does every API use route parameters?


Does every API use route parameters?


No, not every API out there uses route parameters. As with many different processes, there are pros and cons to using route parameters, a pro is its simplicity, with route parameters we do not need to set up a query so instead of passing:

we can simply send:

Now, a big con is that it is an easy way to get sensitive data, so as we progress on our development of APIs and servers, we need to be conscious of what we can acquire if we use a route parameter, would it be something that would need to be protected?

for example, bad practice would be getting access to a users dashboard by implementing the user id as a route parameter:

in that case is better to manage the route more generalized and make the requests internally:


while within your app you can make a request to your server’s database passing the id of the user (which will be learned when we work through the sql lessons).

That said, a common way that you may see APIs implementing route parameters is to narrow down a search, for example:

this could allow us to siphon through two layers of the structure if we had deeply categorized our emoji expressions. We would get to /expressions
there check /expressions/:security
public or private, depending on which it will be passed to another route (which we will explore later in this lesson) that will check for /:gender and depending on that parameter it will respond with all expressions that are publically accessible and relate to the female gender.

Not all APIs implement route parameters but when they do, it most commonly does not access sensitive data, unless it also requires to have an API key to access the response from such route.