What is the difference between PUT and POST methods in Web API?
I know that POST is used to "create a new resource" and PUT is used to "update an existing resource".
But we can use POST to "update" and PUT to "Create".
So what exactly is the difference between PUT and POST?
There is generally an expectation of behaviour and convention that your clients and co-workers will thank you for following.
At the end of the day, you can do whatever you like in your code and there's nothing that can stop you doing POST-like operations in a PUT or even DELETE-like operations in a GET. But please don't!
Related
Hi I am using SHOPIFY api to create customer information, but there is no chance to pass parameters in this URL, so my question is that is it possible, by using POST methods can we create it?
The ShopifyAPI documentation shows that it is a RESTful API. Therefore when you make calls to it, you use the appropriate verb(s). In the case of creating a resource, such as a customer, you use the POST verb.
A POST verb can include parameters, so your question is unclear. You do understand basic HTTP of course? If not, the Internet has many thousands of handy resources that clearly explain the HTTP verbs of interest.
I am doing the CodeSchool course on Rails API's and they often mention the word 'endpoint' but never define it. Can someone give a clear and concise definition of it and provide an example of a request reaching an end point in the context of Rails?
An endpoint, as I imagine they may be using it in this course, is simply a route defined by your rails application. In terms of an API (which can mean many things and is worth further research on your part), hitting that endpoint will serve up a resource from your application, or perform some form of action. An example may explain this better..
Say we have an application that handles users and we want our API to expose the users resource. If we follow RESTful convention for our API we will expose seven distinct 'endpoints' linked to seven distinct 'actions' (index, show, create, update, destroy, new, edit) surrounding users.
When building our API, we would make is so anyone who visits "www.myapp.com/users" via a get request is returned some data representation of all users in our application. "/users" is the endpoint. Likewise performing a post action to "/users" with valid data is how we create new users. "/users" is still the endpoint but under different context. If you wanted data for just a single user, it may look something like "www.myapp.com/users/1" in which case "/users/1" is the endpoint.
It is important to keep in mind that this example merely follows convention and is not an end all be all.
I would check out the Rails guide on routing if you want more information - http://guides.rubyonrails.org/routing.html
Resource https://edgeguides.rubyonrails.org/api_app.html they meant providing a programmatically accessible API alongside their web application
I have a system with a web UI that works as normal, and an API endpoint at /receiver_api. Users send emails which are parsed by Mailgun, who then submit a POST to this endpoint. There are a lot of possible actions that we may want to take, depending on the values of these params (create new post, create new reply, add subscription, delete subscription etc.), and when writing the handler it felt like we were doing a kind of routing again!
So we would like to choose the controller that we direct the request to based on what the POST params are. We are directing /receiver_api to a ReceiverApi#receiver controller/method at the moment, which inherits from ApplicationController. It currently effectively routes requests to other "fake" controllers that don't inherit from ApplicationController (since redirecting from one Rails controller to another wouldn't work). We would like to be ultimately routing to Rails controllers so we can use before_filter and all the other magic in them.
Anyway, one possibility that springs to mind is a method in routes.rb that accesses the POST params and returns the Rails controller/method that should be directed to. 2 questions:
Is this possible? Can you access POST params in routes.rb?
Is there a better way of doing this? We had thought about moving up a level into Rack, and will probably do this at some point, but would rather just get something out of the door if this will take a while.
Thanks!
Choosing a controller based on params is not a good thing to do.
A better alternative is to refactor your code (in those fake controllers) to methods in your model, and call model methods based on the params from your controller.
You cannot access params in your routes.rb, because it is run at initialization.
If you really want to call controllers based on params, there is a way of doing this, by redirecting to another controller. This is explained in http://www.railsonwave.com/2008/10/25/how-to-call-a-controller-s-action-from-a-different-controller/ [bad link], but do note that it is very much a hack.
I've got a RESTful User model working well in Rails 3. I'd like to add a new option to create a new user based on information queried out of a LDAP server.
What I'd like advice on is how best to do this. Here's what I've thought up so far, but I don't know if it matches Rails best practices:
Edit the resource path of User to accept both GET and POST to a new view called "import_ldap_user".
Import LDAP user then presents a form which uses AJAX (POSTing to import_ldap_user) to allow the visitor to search for a person in LDAP. The results are displayed on the page and if acceptable, the user clicks "Create", which then calls /user/create.
Part of why this seems bad to me is:
I need to post a proper #user to /user/create, but I'm not sure if my AJAX call can produce a proper #user.
I don't know if it's a bad practice to add a new verb to the RESTful Users route.
I don't know if using an AJAX POST to import_ldap_users is a proper separation of concerns.
Any ideas? Any Rails perfectionists have opinions about how this should work?
What gets posted to /user/create isn't an #user object but rather its attributes. A scaffolded create action will probably have something akin to #user.new(params[:user]), which just pulls the user attributes that were posted and creates a new object based on that.
Even if your AJAX call doesn't provide the attributes in a manner that can be processed by the new method, you can simply modify your create such that it manipulates the post data.
As for best practices, this is definitely something I've thought about in the past but I don't know if there's a "correct" answer. I think having a new view which posts to the create method is perfectly acceptable, you could also create a new controller if you want to strictly follow the CRUD pattern.
Definitely a good question and if anyone has a better answer I'd love to hear it.
What are the cons in using the generic route:
match ':controller(/:action(/:id(.:format)))'
I was told it is not recommended yet I do not see why. What problems can I get from using this?
Because it's easier to implement REST if you use the opposite ordering, ':controller(/:id(/:action))', and rails now has more convenient ways to get the proper HTTP verb using explicit resource routes.
Understanding the basic principles of REST will make it easier for you to expose an API, should you choose to go down that route, which embraces the principles of HTTP. It also tends to keep you from doing certain unclever things, like making it possible to delete records using a GET request. (The uncleverness might not be discovered until Google or your internal search bot decides to index all the links to :delete actions.)
The basic idea is that a GET /Url should imply fetching a resource. When you put the action first, the resource is semi-obscured, and you're accidentally opening the door to potential errors because all of the HTTP methods can be used to call destructive actions. Using an HTTP verb-centric approach, you can send an UPDATE request to the same URL as the SHOW request.
A specific answer to your question, which I understand to be understanding cons of the generic approach:
One significant risk is that you make every single controller action (non-protected) available to your users. It gives them the ability to access your entire 'tree' of controller actions, which may or may not be desirable depending on your situation.
In addition, you give users the ability to GET rather than POST, POST rather than GET, etc.
The comment above it that is generated explains it pretty nicely.
# Note: This route will make all actions in every controller accessible via GET requests.
This means that you could theoretically do a GET request on a route that is only supposed to be accessible via POST. ie. You could do add a route called /postable to a user object, which should only be POST'd to, but if you use the rule above you can also do a GET request on it (with empty parameters).
You don't really get problems, per se. Instead, you lose out on the advantages you gain from using resource routing:
A common pattern that helps simplify controller design
Free RESTlike handling of HTTP verbs (GET, PUT, POST, DELETE)
Peace, Love and Happiness*
You can find out more about resource routing by reading the Rails Routing Guide.
* Peace, Love and Happiness not available in all areas. Terms and conditions apply.