When your application has multiple user roles. You should think about the API endpoint. Not only for coding but for debugging and testing purposes.
In my experience, Whenever you design Back-end API you should separate the Controller for every user role.
Example:
LoanController: api/v1/loan
AdminLoanController: api/v1/admin/loanThis method will help you bring more benefits as below:
- You will know which controller will be used for which role
- When you want to change user business -> focus on LoanController
- When you want to change admin business -> focus on AdminLoanController
- Easily to implement role right permission for API
- When you changed in User part. There is no impact on the Admin part.
- Easy to debug
- Easy to scale
Of course, You need to follow
- RESTFUL API pattern
- Versioning
- Naming convention
