I'm developing my springboot software for e-commerce and I had a doubt regarding the best approach to use with some RestControllers. Practical example: if I need to add a product to my wishlist I could use the classic restful approach POST /api/v1/wishlists/{id}/products/. But by doing so I would have to implement security checks on whether the person making the request is the actual owner of the wishlist or is an Admin. Since in my project the admins will not be able to make changes to the users' wishlists, my approach consists of doing POST /api/v1/wishlists/add-product and identifying the wishlist using the user logged in in the spring context, taking the info from there . This solution would guarantee me greater efficiency by not having to query for security checks and also by not passing IDs between client and server. Is this a valid type of approach used in corporate settings? Or is it better to always use the classic restful approach with id?
The result is the same with both approaches but I would like to understand if my approach is an idea that is used or one, I would be the only one in the world to think like this :(.