I need an axample to use CodeIgniter restful because this class can't work:
class Books extends REST_Controller
{
.....
}
I need to create a single point of access to both the login and for the register so that the register in a system the user has access to all the others, then I will have only one database to store and query data from users. My question is: What is the best option when it comes to Webservice, SOAP or REST? I read that SOAP is heavier and slower, however also read that REST has fewer features. What do you suggest me? Login via Webservice safe?
Related
I've been looking around a lot, but I couldn't find a (definite) solution to a seemingly very simply problem.
I'm trying to create a database with user-specific data (for instance, their favorite color, etc). Creating it with DynamoDB is fine, so is editing it; my issue is with identifying the user in the first place (I'm using Cognito), I couldn't find a "best practice" anywhere that would be secure and efficient to use.
In other words, I have the login part and the database part. But how can I - on an arbitrary page - get who the logged-in user is in order to fetch the appropriate row in the database (for instance, having a table with the "sub" as the primary key).
So far, I've found a small guide on using JWT and carrying around what seems to be a session token that I can use to get back user information. I'm not quite sure if this is safe or a good practice, and I'm fairly lost on what to do. Any advice on the best practices, or what is the "right" way would be appreciated.
"how can I - on an arbitrary page - get who the logged-in user"
This all depends on the framework you are using. For example, if you built an AWS application using Spring Security and Cognito, you can easily get the logged in user using code like this in a Java Controller:
#RequestMapping(value = "/user", method = RequestMethod.GET)
#ResponseBody
public String getItems(HttpServletRequest request, HttpServletResponse response) {
String logUser = request.getUserPrincipal().getName();
return logUser;
}
I just tested this logic with a Java web app that uses Cognito and it works perfectly:
You need to find the equivalent logic for the framework you are using to build an app that requires a user to log in.
Once you have the user name, you can use the DynamoDB API to look up more user details. If you are using Java, you can use the Java API to do so. If using JavaScript, use the JavaScript API.
I have a trouble about reactjs and restful web service api architecture. In the common case this would not be a problem but if i have situation like this.
I have React web consumes api data from many database table (these tables are related) on server in one page (in react it would be split into multiple components)
But i learnt that in term of restful web service we should have 1 url for 1 resource which is a database table. if we need related resource we could use nested url. let me give an example. I have 4 database tables which is Bill, Work Order, Sale Job and Product. with these relationships. Bill has one Work Order, Work Order has many Sale Jobs and Sale Job has one Product.
if i need all data for this react page i need at least 4 http requests. with url nested approach, like below.
1. /api/bills/1
2. /api/bills/1/workOrder
3. /api/bills/1/workOrder/saleTxns
4. /api/bills/1/workOrder/saleTxns/product
or another way is to just let bill url have all nested data i need for this react page (which is gigantic) so i can just have 1 http request and pass all data into each component.
So my question is which approach is better.
split into multiple chunk of data.
so then. Will it be root component job to
fetch data and pass into child component. or each component fetch its own
data.
just load 1 gigantic request.
is this will be bad practice for restful web
service? cause it looks like i design url /api/bills/1 for just this react
web page. so if i have more platform like ios, android then i need to have
more url for it?
maybe like.
/web/api/bills/1?reactView1=true,
/web/api/bills/1?reactView2=true,
/ios/api/bills/1
/android/api/bills/1
I cannot say which approach is better based on your information. What I can say, however, is this:
As Eric Stein says, there is no requirement to allow only one url to correspond with one database table.
If this is a common operation in your front end, it makes sense to develop an API endpoint such, that it responds with all the information nested below the specified bill. It saves you some front end code / nasty callback logic.
That being said, doing 4 requests should not be the end of the world either. If this fits the rest of your application better, and you developed the logic in a decent way, this shouldn't be too much of a problem.
Which component should handle which action is again really up to how your application is designed and how you want to continue to build it out. Don't be too afraid to just start with one approach, maybe you should change it later. It's code after all, not concrete.
I'm trying to design a good RESTful API for my web app and am looking at Facebook's Graph API as an example.
My plan is to dogfood the API in the web app. For example, if the user changes their name, gender, etc., on the settings page, it would just PUT to the /user endpoint of my web app with the new data.
However, I noticed that Facebook's Graph API does not allow modifications to the User resource. Are there some resources that you want to make sure are not modifiable from the public API?
I'm basically just wondering if there are any risks with my method, and if not, why other websites don't do the same thing.
Yes, there are resources that you want to prevent API users from modifying, but they are application dependent. For instance, an API I'm working on right now lets callers read but not update audit data, read user records (but only modify parts of their own), and create and update home addresses.
You will want to make sure that you have rigorous security in place to prevent users from modifying certain parts of a User (such as username or password), especially if user A is calling PUT /users/B.
I randomly pick two friends of the user and ask him/her to pick who is the better friend. Now all I have is the friend ID which I then have to use to create a poll and store in the database accordingly. Using the Facebook graph API, I have the ID. All I need to do now is to pass it to Django.
I'm new to this so how exactly would I do that? Pass a javascript variable to Django?
I see two options.
At client side using Javascript SDK,
Fetch the friends' profile details along with ID.
Convert them to JSON.
Do a POST request to a django url/view which stores the data in database.
In this way, you don't need to do any graph API queries further from server side. But this won't help you updating the data at realtime. Consider, if one of the friends changing his name in FB, now what is stored in your database becomes obsolete. So, you need to make sure that some thing from client side implemented to do real time update posts to server side.
At server side using any django facebook graph API apps,
Get the IDs from client side.
Use the fb graph app to fetch the details at server side.
Store them in database.
In this way, you could be able to schedule a callback for real time updates. I prefer the second approach as it's always better to burden the server rather than client. And I found this app simple and do what you need. https://pypi.python.org/pypi/django-facebook-api/0.1.10
I'm trying to write a simple GUI application using Qt framework.
The purpose of this app is to retrieve data from my isp and parse them for presentation.
How do i authenticate my user/password with the webserver and retrieve the html page in question?
Are there any utility libs that make this task trivial?
I figure i need to interact with the server php script and simulate a form input somehow.
Am i on the right track?
You're on the right track, I suggest taking a look at curl.
That should make it alot easier.
edit: Hm, thought it did more than just file-transfer.
Otherwise here's a load more of interesting lib's
The way to authenticate depends completely on the authentication method used by the server. If it's some form to log in you need to retrieve that and send the correct data to the forms action target (usually as POST request). You could do this by constructing your request using QHttpRequestHeader and then simply sending it to the server. If you even know about the form you might even not need to retrieve the login page. If the website uses HTTP authentication you should be able using QAuthenticator.