AngularJS: How do I handle RESTful APIs with token security and custom methods?

So say I have a RESTFul API that has the standard GET, POST, PUT, and DELETE methods on it, but I also have other methods on it that are custom to specific object types, and on top of that I require a security token.

so a URL for this service might look like this:

GET/PUT/POST/DELETE http://sample.com/api/User/123?token=ABCDEF1234

and

GET http://sample.com/api/User/GetUsersByStatus?token=ABCDEF1234&param1=blah&param2=foo

or

POST http://sample.com/api/User/DoSomethingCrazy?token=ABCDEF1234

where the last two do some custom functionality. Maybe it's something to reset a password, or maybe it's something to clone a user and return the record, I don't know. Just custom "stuff".

What is the best-practice way to handle this with Angular? I've seen the $resource utility, but it seems to only be for the standard REST methods, and I'm not sure how to extend that in a way that the next Angular developer will understand.

If I'm understanding you correctly, what I believe you are asking is how to make the resource methods automatically include your token??? If this is correct, then you can do this a couple of ways. First, you can just extend the predefined resource methods and bake in params that will be applied each call or you can define your own methods.

Also, when you call a method, if parameters have not been prequalified, they will end up on the querystring.

Below is sample code I wrote for a cakephp implementation. I'm passing in action for each of the predefined methods and my own initialize method.


angular.module('myApp.cakephp.services', ['ngResource']).
  factory('CommentSvc', function ($resource) {
        return $resource('/cakephp/demo_comments/:action/:id/:page/:limit:format', { id:'@id', 'page' : '@page', 'limit': '@limit' }, {
          'initialize' : { method: 'GET', params: { action : 'initialize', format: '.json' }, isArray : true },
          'save': { method: 'POST', params: { action: 'create', format: '.json' } },
          'query' : { method: 'GET', params: { action : 'read', format: '.json' } , isArray : true },
          'update': { method: 'PUT', params: { action: 'update', format: '.json' } },
          'remove': { method: 'DELETE', params: { action: 'delete', format: '.json' } } 
        });
  })

hope this helps

--dan