Let's say I have an API where you can get users:
GET /RESTAPI/user/
And you can delete users by:
DELETE /RESTAPI/user/123
What is the RESTful convention on what the DELETE's response body should contain?
I expected it should be the new list of all users which now doesn't contain the user with id 123 anymore.
Googling around didn't get me any satisfying answers. I only found opinions on how to do that, but isn't there a strict definition of RESTful Services?
This is NOT a duplicate of What should a RESTful API POST/DELETE return in the body? and What REST PUT/POST/DELETE calls should return by a convention?
since this questions asks for a strict definition regarding DELETE. Those questions were answered by loose opinions only.
The reason you get no hard answers is because there is no hard RESTful standard. So I can only suggest that you create a hard standard and stick to it within your own APIs
I used this as a guide for RESTful services http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api
It says respond with a 204 status and an empty body
I stick to those standards and document them well for anyone who wants to use my APIs
What is the RESTful convention on what the DELETE's response body should contain?
REST is an architectural style defined by Fielding in the chapter 5 of his dissertation and it describes a set of contraints for applications built with this architecture. REST is designed to be protocol indenpendent but the chapter 6 of the same dissertation describes how REST is applied over HTTP.
Once your REST application is designed on the top of the HTTP protocol, you should be aware of the HTTP semantics. And the semantis of the HTTP/1.1 protocol are currently described in the RFC 7231.
The response payload of a DELETE request that has succeeded may:
Be empty or;
Include a representation of the status of the action.
And the following response status codes are suitable for a DELETE request that has succeeded:
202: The request has been accepted for processing, but the processing has not been completed.
204: The server has successfully fulfilled the request and that there is no additional content to send in the response payload body.
200: The request has succeeded and the request payload includes a representation of the status of the action.
See the following quote from the RFC 7231:
If a DELETE method is successfully applied, the origin server SHOULD
send a 202 (Accepted) status code if the action will likely succeed
but has not yet been enacted, a 204 (No Content) status code if the
action has been enacted and no further information is to be supplied,
or a 200 (OK) status code if the action has been enacted and the
response message includes a representation describing the status.
204 No Content is a popular response for DELETE and occasionally PUT as well.
However, if you are implementing HATEOAS, returning a 200 OK with links to follow may be more ideal. This is because a HATEOAS REST API provides context to the client. Think of the location a user application navigates to after successfully issuing a delete command. Here is a brief article excerpt with more discussion on this. See the blog article for a more complete discussion.
Article: http://blog.ploeh.dk/2013/04/30/rest-lesson-learned-avoid-204-responses/
Avoid 204 responses if you're building a HATEOAS application.
This is a lesson about REST API design that I learned while building non-trivial REST APIs. In order to be as supportive of the client as possible, a REST API should not return 204 (No Content) responses.
From the service's perspective, a 204 (No Content) response may be a perfectly valid response to a POST, PUT or DELETE request. Particularly, for a DELETE request it seems very appropriate, because what else can you say?
However, from the perspective of a proper HATEOAS-aware client, a 204 response is problematic because there are no links to follow. When hypermedia acts as the engine of application state, when there are no links, there's no state. In other words, a 204 response throws away all application state.
This article covers POST, PUT, DELETE and GET. Here's the specific discussion on DELETE:
Responding to DELETE requests
A DELETE request represents the intent to delete a resource. Thus, if the service successfully handles a DELETE request, what else can it do than returning a 204 (No Content)? After all, the resource has just been removed.
A resource is often a member of a collection, or otherwise 'owned' by a container. As an example, http://foo.ploeh.dk/api/tags/rock represents a "rock" tag, but another way of looking at it is that the /rock resource is contained within the tags container (which is itself a resource). This should be familiar to Atom Pub users.
Imagine that you want to delete the http://foo.ploeh.dk/api/tags/rock resource. In order to accomplish that goal, you issue a DELETE request against it. If all your client gets back is a 204 (No Content), it's just lost its context. Where does it go from there? Unless you keep state on the client, you don't know where you came from.
Instead of returning 204 (No Content), the API should be helpful and suggest places to go. In this example I think one obvious link to provide is to http://foo.ploeh.dk/api/tags - the container from which the client just deleted a resource. Perhaps the client wishes to delete more resources, so that would be a helpful link.
I was reading up on how to create a telegram bot and I see that to set a web hook you use the GET http method. I assume that your link will be stored somewhere on telegram servers.
So now my question is:
Why not use the POST http method? What is the advantage of this design of using GET http method in this case rather than POST http method for something that pushes data?
Bot API supports GET and POST HTTP methods both. It's up to you what to use. (See this or this). I think it makes the API easy and fast to get started with.
For the sake of simplicity one might choose a simple GET request to set a webhook - Put together a Url with some parameters and call it in a web browser, done! Webhook is now set.
Still it is possible to do the same with a POST request (and you can argue it is the preferred way to do so). But it would need tools like Postman, CURL or some browser extensions.
I am new to ASP.NET MVC. I am using http POST for custom validation. Recently I learned that both http POST and http GET are used to send data to the server. HTTP POST is more secure while http GET is less secure as it sends the data in the query string.
I want to know then, is it possible to get completely rid of HTTP GET in my project as its function is similar to http POST? I tried that but it immediately gave error as soon as I started debugging the project. It said "The resource cannot be found.". I am confused. Please help.
I would recommend to review Http Methods - MDN
Since you just started the right course of action would be to use GET to obtain the data (e.g. load the form) and POST to update the data (submit the form to the server).
If the application you are working on is written in plain ASP.NET MVC it will be impossible to completely avoid GET (as it is used by the browser to load application pages/views).
Once you are ready to move to REST APIs you might want to deeper explore PUT, DELETE and other methods
I am trying to use "gem saml_idp" in my app but I am failling.
I am following this tutorial https://spin.atomicobject.com/2017/05/31/rails-saml-identity-provider/ but I keep receiving the messages below from server everytime I make a GET request at http://localhost:3000/saml/auth.
Processing by SamlIdpController#new as HTML
Unable to find service provider for issuer
Breadcrumb Controller halted via callback meta_data filter:Symbol has been dropped for having an invalid data type
Filter chain halted as :validate_saml_request rendered or redirected
Completed 403 Forbidden in 144ms (ActiveRecord: 0.0ms)
Started GET "/__meta_request/92c4c9d5-244f-4094-92e7-c7fed56de976.json" for ::1 at 2019-12-04 15:08:33 -0200
Does anybody know what is going on here ? Routes are:
get '/saml/auth' => 'saml_idp#new'
post '/saml/auth' => 'saml_idp#create'
That tutorial describes the configuration necessary for an SP-initiated SSO flow. It won't be entirely applicable to you, since you are creating an idP-initiated flow. You may be seeing that "Unable to find service provider for issuer" error because the route you're visiting expects an AuthnRequest present (which would normally be generated and sent by the SP, to request a login for users on the idP... which would then respond to the SP with a SAMLResponse containing an Assertion). This happens because you're extending the idPController present in the gem. You won't need to do this unless you expect to respond to AuthnRequests from SPs.
This gem may still be useful to you. You should still be able to call SamlIdp::SamlResponse.new to build a SAMLResponse from an idP-initiated flow. The exact configuration depends on how you must communicate with your SP, so it is difficult to provide guidance here.
I had 3 servers with balancing: server-1.test.com, server-2.test.com, server3.test.com.
And I used domain https://test.com.
I want to make a POST request such as : curl -X POST https://test.com -d "title=test"
After that, if the post request was redirect by balancing to server-1.test.com. it would be ok. But if not, it would be change to GET request. So I couldn't get data from GET request. I knew that problem from https redirect. Any suggestions for it?
I can't use GET request for replace POST. because it was made by webhook of mailchimp.
For http call you can user http package in meteor.
You can also refer the themeteorchef tutorial for more understanding for http in meteor.
One more thing for http calls meteor uses sync call. So you can also use wrapasync in meteor for http calls for sending response back to client.