OData Question - relating to searching using PII/PHI data #387
Description
OData Gurus,
I've been a consumer of OData for some time now. But I'm jumping into developing an OData API, but one question I have is the use of PII/PHI data in the query string. I would like to be able to do the same functionality with $filter,$select, $expand, etc on the GET /{resource} against the POST /{resource}/.search
By moving from GET to POST, it removes it from the middleware processes that may log the Query String.
Here is a curl command that gives an example of the concept.
curl -X POST "http://localhost:5292/api/v1/memberservice/members/.search" -H "Content-Type: application/x-www-form-urlencoded" -d "$filter=SSN eq '123456789'&$select=ID,FirstName,LastName" -v
My Questions:
Does the OData team have recommendations on approach to accomplishing this? Ie. Should use content-type of {?}, Should use endpoint named /{resource}/$query, etc
Does the Dotnet Core CSharp library support this out of the box? If so, is there documentation on how to set it up — this is where I'm today and having trouble!
I have the GET /{resource} endpoint working! But trying to convert it to the POST seems harder than I'd expect.
Any help anyone can provide, I would greatly appreciate it.