I've created a few actions and object types for my application. For this question's purpose, let's assume I have an myapp:book custom type (where myapp is my application's namespace and book is the custom type) and a myapp:read action.
Is is possible answer any of the following queries using Facebook's Graph API (or any other FB API)?
List all objects of type myapp:book. By that, I mean retrieve a list all pages that FB's scraper has stored which have an go:type of myapp:book.
List all actions that involve objects of type myapp:book.
List all read actions that occurred in my app. By that, I mean retrieve a list of all actions that were posted to FB which have an action_type of myapp:read
As far as I'm aware: no, no and no
Your own databases should have all of that information already though, depending on how you've implemented the app, certainly the first two if not necessarily the third
You can retrieve, for a given user, the list of actions of a particular type, but not 'all actions' or 'across all users'
Related
I have been trying to delete multiple campaigns from Eloqua at a time using Postman. But I am not able to do. I don't see reference in the tool as well http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAB/index.html#Developers/RESTAPI/REST-API.htm%3FTocPath%3D%2520Application%2520API%7C_____0.
Please let me know if deleting the multiple campaigns is possible.
It is not possible.
The link you provided mentions it's outdated, and a redirection link was available: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAC/rest-endpoints.html
Have a look at all the DELETE methods over there, and you will see that there is no provision for sending more than one id at a time.
Edit: You say you are using Postman. It is possible to perform repetitive tasks (like deleting mulitple campaigns) with different parameters each time by using Collections.
Edit 2:
Create an environment,
Type your url with the id as a variable, e.g.: xyz.com/delete/{id}
And send all the id values as a JSON or CSV file. They have given a sample JSON, you would simply have to provide your ids inside an array, e.g.:
[
{"id":1},
{"id":2},
{"id":3}
]
I am developing an application based on REST services. I've read everything about developing REST web service but one thing confusing me. As I read, all the module or functionality must have unique and meaningful resource name like
http://localhost:8080/rest/create-organization
and
http://localhost:8080/rest/add-employee
But one of my colleagues suggested me that we should have only one resource as a single landing point for all modules and we must send some code in request header to recognize which functionality we want to execute. For example:
http://localhost:8080/rest/application
And, in request header, we should add CRTORG parameter for creating organization and ADDEMP for adding an employee.
On the basis of this keywords we will call appropriate method and will return response.
Is it the right way? If no why?
That's not how REST applications are supposed to be. See more details below.
REST resources
REST stands for Representational State Transfer and this architecture was defined by Roy Thomas Fielding in the chapter 5 of his dissertation.
The key concept of this architecture is the resource. See the following quote from the Fielding's dissertation:
5.2.1.1 Resources and Resource Identifiers
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]
REST is protocol independent and, when implemented over the HTTP protocol, the resources can be manipulated with HTTP verbs and the resources are identified by theirs URIs. The same resource can have different representations, such as JSON and XML.
For more details regarding resources and resource representations, see this answer.
What your API could be like
Your API could have the following endpoints and operations:
Create an organization (sending the resource representation in the request payload)
POST /api/organizations
Get all organizations
GET /api/organizations
Get an organization using a certain identifier
GET /api/organizations/{organizationId}
Replace an organization using a certain identifier (sending the resource representation in the request payload)
PUT /api/organizations/{organizationId}
Delete an organization using a certain identifier
DELETE /api/organizations/{organizationId}
Create an employee for an organization (sending the resource representation in the request payload)
POST /api/organizations/{organizationId}/employees
Get all employees for an organization
GET /api/organizations/{organizationId}/employees
Get an employee for an organization
GET /api/organizations/{organizationId}/employees/{employeeId}
Replace an employee of an organization (sending the resource representation in the request payload)
PUT /api/organizations/{organizationId}/employees/{employeeId}
Delete an employee from an organization
DELETE /api/organizations/{organizationId}/employees/{employeeId}
I am very new in RESTful application and I have some doubts related to some REST concept.
I know that the fundamental concept in any RESTful API is the resource. A resource is an object with a type, associated data, relationships to other resources, and a set of methods that operate on it (the HTTP methods: GET, POST, PUT and DELETE)
So my first doubt is related to the resource concept. I am trying to do myself some example and I don't know if I have correctly understand what a resource is.
In my mind a resource is "what I have to transmit with my REST web sercice". So for example if I have a REST web service that given a VAT number come backs the invoices related to this VAT number. So these returned invoices "objects" are my resources.
So a resource is something that I can working on: I can obtain an existing reourcem add a new resource, update an existing resource or delete an existing resource.
Is it correct or am I missing something?
If it correct the second doubt is on the representation concept.
From what I have understand I can see a resource in serveral differents shapes (or a resource can be exposed in several different ways), for example as HTML or as XML or as JSON and so on.
So the same resource can be exposed in different ways and exist a mecchanism that convert a resource (that can be a row stored into a database table) into an HTML message or into an XML message or into a JSON message.
Is this interpratation correct?
From this paragraph (emphasys mine):
In my mind a resource is "what I have to transmit with my REST web sercice". So for example if I have a REST web service that given a VAT number come backs the invoices related to this VAT number. So these returned invoices "objects" are my resources.
You got it wrong. By reviewing the concept of a resource (stated in your question, emphasys mine):
A resource is an object with a type, associated data, relationships to other resources, and a set of methods that operate on it (the HTTP methods: GET, POST, PUT and DELETE)
From your example, the invoices objects don't have any set of methods that operate them. They are part of the response of the REST service. Instead, the component (that may be a Java or a C# class) that has a method to receive the VAT number and will return the invoices associated to the VAT number and that will be called to support the proper HTTP method (in this case, GET) is the resource.
Now, after understanding this, there's this other paragraph:
From what I have understand I can see a resource in serveral differents shapes (or a resource can be exposed in several different ways), for example as HTML or as XML or as JSON and so on.
The resource will return the response in the proper format: HTML, XML, JSON, plain text, ect. Again, your invoices are not the resource, and they should not choose the format they should be returned.
I am using IS WSO2 for authorization with XACML. I am am able to achieve authorization for static resource. But I am not sure with the design when it comes to granularization.
Example : if I have method like getCarDetails(Object User) where I should get only those cars which are assigned to this particular user, then how to deal this with XACMl?
Wso2 provides support for PIP where we can use custom classes which can fetch data from database. But I am not sure if we should either make copy of original database at PDP side or give the original database to PIP to get updated with live data.
Because Cars would be dynamic for the application eg. currently 10 cars assigned to user Alice. suddenly supervisor add 20 more car in his list which will be in application level database. Then how these other 20 cars will be automatically assigned in policy at PDP level until it also have this latest information.
I may making some mistake in understanding. But I am not sure how to deal with this as in whole application we can have lots of this kind of complex scenario where some times we will get data for one user from more than 4 or 5 tables then how to handle that scenario?
Your question is a great and the answer will highlight the key benefits of XACML and externalized authorization as a whole.
In XACML, you define generic, global rules, about what is allowed and what isn't using what I would call high-level attributes e.g. attributes of the vehicle (in your case) or the user (role, department, ...)
For instance a simple rule could be (using the ALFA syntax):
policy viewCars{
target clause actionId=="view" and resourceType=="car"
apply firstApplicable
rule allowSameRegion{
permit
condition user.region==car.region
}
}
Both the user's region and the car's region are maintained inside the application's database. The values are read using a PIP or Policy Information Point (details here).
In your example, you talk about direct assignment, i.e. a user has been directly assigned to a vehicle. In that case, the rule would become:
policy viewCars{
target clause actionId=="view" and resourceType=="car"
apply firstApplicable
rule allowAssignedVehicle{
permit
condition user.employeeId==car.assignedUser
}
}
This means that the assigned user information must be kept somewhere, in the application database, a CSV file, a web service, or another source of information. It means that from a management perspective, an administrator would add / remove vehicles from a user's assigned list (or perhaps the other way around: add / remove assigned users from a vehicle's assigned user list).
The XACML rule itself will not change. If the supervisor adds 20 more cars to the employee's list (maintained in the application-level database), then the PDP will be able to use that information via the PIP and access will be granted or denied accordingly.
The key benefit of XACML is that you could add a second rule that would state a supervisor can see the cars he/she is assigned to (the normal rule) as well as the cars assigned to his/her subordinates (a new proxy-delegate rule).
This diagram, taken from the Axiomatics blog, summarizes the XACML flow:
HTH, let me know if you have further questions. You can download ALFA here and you can watch tutorials here.
In my application I'd like to send different actions:
read article
watch video
view gallery
How can I aggregate all these actions? I can get actions by type of an action:
"namespace:action_type" (graph API). How can I get all actions done by a user?
You could embed the Activity Plugin, and specify the actions param with a CSV list of all the actions you'd like it to show - see https://developers.facebook.com/docs/reference/plugins/activity2/. This would them show the actions of those types performed by the viewing users friends on your domain.
actions="news.reads,namespace:action1,namespace:action2"
Its not possible to make a single API call to get all the actions by the user, or all the actions by the user in your app - you must make one call per action type. You can use the Batch API to make multiple calls at once: https://developers.facebook.com/docs/reference/api/batch/