What are best practices for REST nested resources?
I've tried both design strategies - nested and non-nested endpoints. I've found that:
if the nested resource has a primary key and you don't have its parent primary key, the nested structure requires you to get it, even though the system doesn't actually require it.
nested endpoints typically require redundant endpoints. In other words, you will more often than not, need the additional /employees endpoint so you can get a list of employees across departments. If you have /employees, what exactly does /companies/departments/employees buy you?
nesting endpoints don't evolve as nicely. E.g. you might not need to search for employees now but you might later and if you have a nested structure, you have no choice but to add another endpoint. With a non-nested design, you just add more parameters, which is simpler.
sometimes a resource could have multiple types of parents. Resulting in multiple endpoints all returning the same resource.
redundant endpoints makes the docs harder to write and also makes the api harder to learn.
In short, the non-nested design seems to allow a more flexible and simpler endpoint schema.
What you have done is correct. In general there can be many URIs to the same resource - there are no rules that say you shouldn't do that.
And generally, you may need to access items directly or as a subset of something else - so your structure makes sense to me.
Just because employees are accessible under department:
company/{companyid}/department/{departmentid}/employees
Doesn't mean they can't be accessible under company too:
company/{companyid}/employees
Which would return employees for that company. It depends on what is needed by your consuming client - that is what you should be designing for.
But I would hope that all URLs handlers use the same backing code to satisfy the requests so that you aren't duplicating code.
I've moved what I've done from the question to an answer where more people are likely to see it.
What I've done is to have the creation endpoints at the nested endpoint, The canonical endpoint for modifying or querying an item is not at the nested resource.
So in this example (just listing the endpoints that change a resource)
POST
/companies/
creates a new company returns a link to the created company.POST
/companies/{companyId}/departments
when a department is put creates the new department returns a link to/departments/{departmentId}
PUT
/departments/{departmentId}
modifies a departmentPOST
/departments/{deparmentId}/employees
creates a new employee returns a link to/employees/{employeeId}
So there are root level resources for each of the collections. However the create is in the owning object.