rest api passing parameter on every request

Question

I have a rest api which has organisations as a top level object and all other data belongs to an organisation e.g. orders, invoices, projects etc..

Users have the ability to belong to multiple organisations and on my frond end SPA I want them to be logged into one application at a time with the ability to switch.

Should I be storing the current organisation id on the client side and passing it with every request or should i have a rest endpoint that sets the current org id on the user table etc, which will also mean when they come back and login it is already set to the last organisation they accessed.

Answer 1

Should I be storing the current organization id on the client side and passing it with every request?

Yes, a general practice is sending the information in each API because API are stateless.

Should I have a rest endpoint that sets the current org id on the user table?

NO you should not, one of the reason is let say user logs in browser1 you will store that organizationId in table, same user login from browser2 this will override your previous Id

Now if you go back to browser1 it will have inconsistent data unless you had designed a mechanism not to override the previous value.

Hope that make sense

Answer 2

In general, stateless APIs are fairly common. For instance, you might pass an Auth Token (JWT) with every single request, which identifies the User and could potentially provide other info about the User as well.

If you're using Laravel, you might want to look into this package to handle JSON Web Tokens: https://github.com/tymondesigns/jwt-auth. You could then serialize your User object on Login, which could also include their current Organization. The frontend can then pass this token with every request (as an Authorization Header)