Is it possible to validate Keyword Query Language query using either a library or MS Graph API?
Compliance center have Keyword Query Language builder but it seems it is not exposed as an endpoint.
Related
In graph explorer, I am trying to execute OData queries with the filter startswith on list items. All of the OData filter startswith functions I tried to return itemNotFound error. See an example below
https://graph.microsoft.com/v1.0/sites/root/lists('Documents')/Items?$filter=startswith(webURL, 'https') eq true
Graph explorer has Sites.ReadWrite.All scope.
Can someone point me to any documentation on the extent of OData features supported in Microsoft Graph?
SharePoint List API (and Graph API on drives/OneDrive API) do not support filtering or ordering results. As you may know, both SharePoint Document and OneDrive can be accessed by the Drive api. When Microsoft Graph sees a query parameter it doesn't expect, it simply ignoring the unknown filter parameter and returning us an unfiltered result. The drives api supports the $expand, $select, $skipToken, $top, and $orderby(orderby does not work on my side) OData query parameters to customize the response.
The currently available documentation just states:
Support for $filter operators varies across Microsoft Graph APIs.
The word varies might be the inference that these options are not totally supported across all products in Graph.
Looking at data access for a multitenant SaaS database for a UI5 app I have two choices - JSON or OData. OData has some features of interest. However, I have concluded that I cannot use OData because of security issues.
In particular I am concerned that OData is a form of query language. As a very rough comparison this is like a SQL statement being composed at the client and sent to an ODBC server for processing. In a multitenant DB I will separate data between owners using, say, and org_id. If it were a SQL query I would have to include select data from table where org_id=this_tennant and .... If I can discover another tenants org_id then I can use an OData explorer to modify the query and pass into the OData source.
In a JSON data interface I would call a REST method that would mask how the data is accessed, and I would not need to expose secret details such as the org_id token. Granted the JSON / REST approach involves more work.
Or do I misunderstand OData ?
Another similar question was asked some time ago but some time has passed so I shall ask again.
The approach of OData is to define how RESTful APIs can be build. It adds a lot of concepts and conventions (e.g. entity types and sets, URL conventions, common query parameters, request format, batch support...) to plain REST and therefore provides you a standard for building your API.
However, it does not define where your data is coming from, but in most cases it will be database. Of course it would be possible to expose your database tables via an OData service in a generic way, but I would expect that the provider of the framework clearly describes how to handle and protect different tenants.
A more specific answer would require more information about the framework you will use.
Using PHP and the Microsoft Graph API I'm fetching a user by querying:
https://graph.windows.net/<tenant>/users/<userId>?api-version=2013-11-08
This works fine, but only returns the standard fields for the user object. According to the documentation I'm supposed to be able to use $select=* to get all the user data, like this:
https://graph.windows.net/<tenant>/users/<userId>?$select=*&api-version=2013-11-08
However this gives me the following error:
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"The ability to use the $select query option to define a projection in a data service query is disabled. To enable this functionality, set the DataServiceConfiguration. AcceptProjectionRequests property to true."}}}
How can I enable "AcceptProjectionRequests"? I find nothing about this in the documentation or in other SO-threads.
The APIs you are referencing above are Azure AD Graph which is different than the Microsoft Graph APIs. It might be worth your time to have a look at the Microsoft Graph APIs and consider transitioning away from Azure AD Graph. The general guidance from the Azure AD Graph team recommends using the Microsoft Graph instead of the Azure AD Graph. You can read more about the differences and the Azure AD guidance here.
Having said that, Azure AD Graph does not support $select (as stated in the blog posting I linked to above). Microsoft Graph does support $select for doing query projections (see Microsoft Graph or Azure AD).
Currently (as of 7/8/2016) Microsoft Graph supports most of the directory features that Azure AD Graph supports, but not all. In some cases, Microsoft Graph supports functionality that is not in Azure AD Graph (such as ability to make $select projection queries).
Per OData spec, $select=* can either return all entity properties or a default set of properties (provided the default set contains all key properties). The Microsoft Graph implementation is the latter and it will return a set of key properties. In order to get all the necessary properties you need, you will need to explicitly request the entire list you want unless they happen to be within the default set.
I am planning to develop an iOS weather application that is non-commercial which retrieves JSON feed from Yahoo's Weather API.
Documentation: https://developer.yahoo.com/weather/
However, I don't understand the purpose of needing an API-Key? I am successful in retrieving weather data by calling this URL with parameters and it gives back a JSON data. (Note: The URL below is from the JS example but same concept as if it were Objective-C)
https://query.yahooapis.com/v1/public/yql?q=select wind from weather.forecast where woeid in (select woeid from geo.places(1) where text='chicago, il')&format=json&callback=callbackFunction
The documentation says non-commercial use is restricted to 2000 queries per day, but how is this tracked if no unique keys were ever used? What is the correct "legal" way in using this API?
I found this old question being asked, however the answer wasn't sufficient: Does Yahoo Weather API needs an Consumer API Key?
Any input would be appreciated!
Side Note
- Any other FREE weather api tool that do not limit queries and are for non-commercial publication use recommend will also be accepted as an answer
Upon further research, Yahoo offers both a public and OAuth APIs for developers. The public API that is related by querying the URL given above limits users to 2,000 queries per hour per IP Address.
https://developer.yahoo.com/yql/guide/usage_info_limits.html
I know that neo4j database can be used both as embedded or server.
In neo4j documentation it says that REST API has an endpoint for Cypher queries, so if I issue Cypher query using spring-data-neo4j #Query annotated method, this query is sent to the database, executed on database side and then the result is sent back.
What about traversal API then? If I would submit traversal description using
findAllByTraversal(N startNode, org.neo4j.graphdb.traversal.TraversalDescription traversalDescription)
does it send all traversal description to the server and executes it in server context (so there it is only one HTTP request)?
Traversal API (package org.neo4j.graphdb.traversal) is only available via Java API. To expose your code using traversal API via REST, the recommended way is to wrap it into a unmanaged extension.