Using REST services directly from the browser via Javascript [closed] - web-services

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
What are the pros and cons of consuming web services within an HTML page via Javascript (JQuery)?
Browser (JS) -> Backend (REST)
versus
Browser (JS) -> MVC backend -> Web services backend (REST)
What is the best practice about handling authentication in the first case?

Web browsers only allow a page to issue AJAX queries to the domain from which the page originated. This prevents cross-site scripting, a nasty attack method.
If you control the domain, AJAX is very useful.
If you don't control the domain, you should setup a server which requests the data and serves it (either on page load, or through AJAX) to the desired subpage.

I would actually suggest not making a browser to backend call if there is authentication in the picture. Even if your backend supports CORS, you would have to tack on API security on top of it (something like OAUth)for user authentication and manage all of that (error handling, spoofing, etc) on the client. It would be easier if you just make that call from a middle tier application.

Related

How are companies using Google's OAuth for RBAC? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 months ago.
This post was edited and submitted for review 8 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I'm working on an application which uses role-based access control to limit what users can do. I would like to support authentication using OpenID Connect with the major identity providers such as Google. I'm having a hard time figuring out how companies usually use Google as the IdP for their organization.
I was able to make the regular login flow work, but I have no idea how to get any kind of role or group membership information in the JSON Web Key I receive from Google's OAuth server. I'm quite confused by the whole landscape of Google's authentication since there is IAM and Identity Platform which seem to be doing the same things.
How do large companies use Google's authentication if they rely on groups or roles for access control?

Difference in Rest API / Web Service / Web API [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I have read all over the internet up and down about the differences in these three things and to me the waters seem incredibly muddy. I'm curious if anyone has any very clear way of explaining or identifying the differences between these three categories. Examples would be helpful.
I can read the differences all day, but nothing is computing with me. A Web Service and a Web API both do the same thing, I don't get it, and a REST API is just a type of Web API so how are these 3 different things?
A Web Service is a way to expose a system functionality in a machine-readable way over HTTP. The popular formats are SOAP, JSON or other XML schemas, but anything both sides understand will do.
A REST API is one architecture to design a Web Service, where resources are identified by URLs, and actions on them are identified by HTTP VERBS (GET, POST, DELETE, PUT etc.)
Web API is the Microsoft offering to implement a Web Service, REST or other. SOAP is not supported out of the box in Web API, but can be implemented.

Authenticating an External Restful Web-service from UI5/Fiori application [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
We have a requirement to consume a External RESTful web service from UI5 application. We need to develop a complete Fiori app without using ODATA service published in gateway.
Kindly help me out in authenticating an external web service. Will this requirement is feasible to implement when considering the front end roles and back end roles?
It will be more helpful for me if you share the code snippet for performing/consuming CRUD operations on external services from UI5 application including authentication.
Regards
Phani Poorna
The authentication you are looking for is not something that you should build into your app, but should be provided by the infrastructure your application is running on. Your ID provider (e.g. R/3 or Active Directory), in which you login to, should provide your browser with the necessary tokens or cookies. The respective sub-systems should in turn decide to give you access based on the cookies, tokens or certificates that you bring along.
A bit like this:
Many Fiori apps are running on the same R/3 environment as the user logs into. As this is the same system, it is trusted by default. This is why you don't have to do much to get a decent response from your service. However, if you want to connect to an external system, you will have to put some IDP plumbing in place. This usually involves things such as establishing a trust between de IDP and the external service.
As mentioned, authorisation should not be part of your app, hence no code samples in this answer. I hope answer provides you with enough pointers to find a solution for your particular situation. This is a tough topic though, read up on it (there's lot of info on SCN and the help-section) and don't be shy to ask for help from a basis consultant if necessary.
Also, please don't step into the pitfall of building your own authentication (e.g. basic authentication or oAuth), as it is insecure by default. The reason for this is because your Javascript, including embedded algorithms and tokens are readable by anyone the has access to the app.

Web Frameworks versus Web Servers? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
What are the differences between technologies like Flask, Django, NodeJS, and Apache? With Apache and NodeJS, they can function as a web server, interfacing your server-side code with HTTP requests. Do Flask and Django also provide this capability or do they provide different functionality?
Apache/nginx are web servers, they can serve both static content(html,jpg, etc), and dynamic content generated by web apps.
Django/Flask/Express on NodeJS are web frameworks, they provide the common functionality for writing a web application, like request routing/ORM/session/template. It makes writing a web app much easier - you only need to 'fill in the blanks'.
Most of the time, a web app (implemented in a web framework) sits behind a web server, and process requests handed over by the web server. But sometimes, the framework itself can function as a web server, like Tornado/Express.
NodeJS is neither a web framework or a web server. You can think of it as a Javascript cross-platform runtime environment.

Web directory of RESTful web services? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Is there something like a directory, list, search engine, or index of RESTful WS in the web?
Edit:
What I am looking for is a list or a directory in the internet like this:
Yahoo: Maps Service, http://developer.yahoo.com/maps/rest/V1/geocode.html, http://local.yahooapis.com/MapsService/V1/geocode?appid=YD-9G7bey8_JXxQP6rxl.fBFGgCdNjoDMACQA--&street=701+First+Ave&city=Sunnyvale&state=CA
Flickr: Picture Service, http://www.flickr.com/services/api/request.rest.html
Amazon: Storage Service, http://developer.amazonwebservices.com/connect/entry.jspa?externalID=135
...
Just found what I have been looking for:
http://www.programmableweb.com/category/all/apis?data_format=21190
Cheers
Er
If you need a REST service for development, you can use the webservice on http://jsonplaceholder.typicode.com/
Where there are multiple JSON responses you can use for testing.
The OData site certainly has a certain list of services - all that return OData (OpenData) feeds, e.g. WCF Data Services
They have a list of OData producers which are all offering WCF REST services to consume.
Not exactly what you are looking for, but the yahoo YQL site exposes many web services and other websites as restful web services.
From the site:
The Yahoo! Query Language is an expressive SQL-like language that lets you query, filter, and join data across Web services. With YQL, apps run faster with fewer lines of code and a smaller network footprint.