The resource “operation” is composed of an action, a product and a price. When creating a new operation, you then need to pass an action, a product and a price.
The token isn’t part of an operation though: it’s a metadata that needs to be sent alongside the request for security purposes. Technically, you don’t need a token to create an operation.
Making the body of the HTTP requests and responses hold a representation of the resource(s) being dealt with, produces an arguably more elegant API, closer to what REST is all about: resources.
Even backend side, it should allow you to share DTOs across your request handlers. Most frameworks deal with security via some kinds of HTTP filters, leaving your request handlers very business-focused (as they should be).
CLICK HERE to find out more related problems solutions.