Is it ok to POST/PUT a structure that is different from the one returned?

I am designing a restful web service and have a problem th开发者_运维问答at I foresee will be a common one. Lets say you have a resource url:

/users

and the GET operation for that url returns a list of users with basic details.

Now I want to create a POST operation for users, but in order to create a user I need to pass more information than is returned by /users and any specific user url (users/1 etc). Is this ok? What is the usual approach to this kind of situations?

I believe that the ideal is that the representation that you POST to create a resource is the same as the representation that is returned when you GET that same resource. However, as with everything, this is not a hard and fast rule. For example if you have a property of a user such as their "reputation", then clearly that would be returned on GET, but not required on creation for POST. Can't think of any properties off hand that you would need to provide on creation that you wouldn't then report on GET. You may find that you need different representations depending on who is requesting. Maybe there's private information that is only returned on GET when requested by the owner, and that is information that you have to supply on POST when creating, but when another user requests the resource they don't get that information. I don't think that would incur you the wrath of Fielding.

EDIT: To deal with passwords (hadn't thought of those, thanks) then I don't think it would be a crime to accept that on creation and not return that on GET. If might be restful to return some kind of placeholder for the password in the GET representation so that the client can change the password by filling it in and posting back the same representation.