Two questions:
When you define a new route and you want to protect it by requiring an api_key to be set in the header, do you do it by specifying a security section under that route in the yaml file, or do you put it under parameters (or in both)? If it works by putting it under parameters, what's the point of putting it under security?
The yaml file can tell you that certain routes are protected by an api_key, but it doesn't specify the value of that key (as far as I know). Does it mean I need the write some custom middleware that intercepts my routes and checks the validity of the key, or it can be auto-generated by one of the swagger tools?
Thanks.
Im currently on the same journey as you. I do know this:
What to add in my swagger.json to accept api key
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#securityRequirementObject
"security": [
{
"api_key": []
}
]
what to add in my controller ...
https://github.com/apigee-127/swagger-tools/blob/master/docs/Middleware.md
Pretty much use swagger-tools to use the middleware.swaggerSecurity.
What they dont tell you is how to validate the api_key
Well I found that it's simply taking the 'scopes' parameter which holds the actual key and comparing that against a list of valid keys that you have stored somewhere.
What I dont get is how to allow the flow to go to the next function (like 'next()' in express) or stop if there is an invalid API key supplied. There is a 'callback' parameter, but I dont know how to use it (yet).
I hope this works.
You do need to implement the security checks on your own. Swagger will help you define them, but implementing is your job.
Related
We can use
'PATCH /companies/:id' : 'CompanyController.find'
to update data.
One suggested me that I can use the alternative way:
'PATCH /companies/find?key=Value'
But I do not know what it works. Please explain me why we prefer ? mark than : mark in search path.
You can use either or. The biggest reason most people chose one or the other is just how they want to present the URL to the user.
Using a path variable (:) can symbolize you're accessing a defined resource, like a user ID, where as an argument (?) can symbolize you're are dynamically changing/searching something within a defined resource, like a token or search term.
From what I can tell that's the general practice I see:
example.com/user/:username
versus
example.com/user/?search="foo"
http://en.wikipedia.org/wiki/URL
If we are firing GET request, ? symbol is used to let the server know the url parameter variables starts from there. And this is commonly used. I didn't used : symbol instead of ?
You are probably messing the things up:
According to your example, :id indicates a variable that must me replaced by an actual value in some frameworks such as Express. See the documentation for details.
And ? indicates the beginning of the query string component according to the RFC 3986.
It's a rule to design rest api
you can find 'how to design a rest api'
Assuming below code is Sails.js
'PATCH /companies/:id' : 'CompanyController.find'
It will makes REST API that be mapped onto 'CompanyController.find' by using PathParam. Like this
www.example.com/companies/100
Second one will makes REST API by using QueryParam.
It also be mapped onto 'CompanyController.find'
/companies/find?key=Value
But the API format is different. Like this
www.example.com/companies/find?key=100
PathParam or QueryParam is fine to make REST API.
If the Key is primary for company entity,
I think PathParam is more proper than QueryParam.
I have a website built from Ember.js. A user can access a page through URL http://..../view?showTitle=true. However I don't want to explicitly expose the parameter showTitle=true to the user (meaning user will only see http://..../view). This URL is automatically generated and serves as a redirect destination URL. So, I have to remove it manually somewhere before the page load. But I still need this value of this query parameter to query data. Is there a way to achieve that (A example would be great)? What about do it without refreshing the router?
Actually, an example of your scenario would be greater :)
There are some other ways to store data while transitioning to a route. Such as: storing the params in transition object or storing the value in a service. Create a redirection route, use beforeModel hook to grab the value from query params then do a redirection to the real route.
A working example is: ember-twiddle-1
By the way, even if you don't describe your queryParamsin your routes, you can access them via transition.queryParams. This seems a bit hacky. But it works: ember-twiddle-2 (Note: It doesn't work in the same route.)
Updated:
At the setupController hook you can override the controller parameters. So you can remove the parameters from the url. ember-twiddle-3
is there an API in blackberry that can validate URL ?
i'm using stupid method startsWith(http://)
and read the Index of the string to make sure it contain ".com/" and other strings to ensure it look like a validate URL.
but i feel like it's a stupid and long way to use.
is there any API that can make it easier ?
I'm looking for away to make it within blackberry APIs not external packages
In the API the only classes are:
URLTextFilter: Useful only to add it to a text field (Call EditField.setFilter). It will discard invalid chars.
URI: It lets you to validate a URI by calling URI.create. Of course, not all URIs are URLs, but URLs should be URIs.
** I am currently implementing fancy URLs to see if these 'solves' this. eg /me/soundcloudconnect rather than index.php?c=me&a=soundcloudconnect via mod_rewrite **
I have been using the Soundcloud JS SDK and SC.Connect() etc function(s) which automates much of the Auth process. I have been using a Normal html file: sc.html which worked fine and allowed me to get /me/ and /me/tracks etc.
However I now realise? that I will need to perform Auth myself as I need to add a State variable as documented below, so that it prepends these params to the end of the Redirect_URI.
http://groups.google.com/group/soundcloudapi/browse_thread/thread/7bddbc296f3b80af
The URL that I am trying to redirect back to is:
index.php?c=me&a=soundcloudconnect
which is the 'me' controller and 'soundcloudconnect' action.
So could someone please point me in the right direction?
Either I want to be able to use SC.Connect() etc (but also be able to get and save Token) as well as redirect back to the URI above
Or, I need to do the same thing (Auth and store token) but not using SC.Connect() but normal JS instead.
I read that Soundcloud Developer support is via Stackoverflow - so hopefully someone can help?
The normal HTML file with working SC Auth:
http://socialartist.co/sc.html
The dynamic page which does not work with SC Auth:
http://socialartist.co/index.php?c=me&a=soundcloudconnect#
The issue is probably that those query parameters are interfering with the original url. E.g. http://www.soundcloud.com/register/?token=blagha23412&redirect_uri=http://anydomain.com/index.php?c=me&a=soundcloudconnect
How would SoundCloud distinguish between your parameters and its parameters? You might be able to wrap the redirect_uri value in quotes.
An alternative might be to use the path as your parameters. E.g. http://anydomain.com/index.php/me/soundcloudconnect and then you should be able to grab whatever you need out of the path on your server.
** SOLVED!! **
If you need to pass parameters to SC connect/auth then the only way to do this is to setup fancy urls via mod_rewrite.
There 'seems' to be another method here, but you need to be doing the Auth in 2 steps and not via SC.Connect.
http://groups.google.com/group/soundcloudapi/browse_thread/thread/7bddbc296f3b80af
I was trying to get URL_redirect to work with:
index.php?c=me&a=soundcloudconnect
But in the End just used Fancy URLs which worked
http://socialartist.co/me/soundcloudconnect
I'm considering using the hash method to create static urls to content that is managed by ajax calls in a Asp.Net MVC. The proof of concept i'm working on is a profile page /user/profile where one can browse and edit different sections. You could always ask for the following url /user/profile#password to access directly to you profile page, in the change password section
However, i'm wondering if i'm not starting this the bad way, since apparently i can't access the part after the hash in any way, except by declaring a route value for the hash in global.asax. So i'm wondering if this is the right way to access this part of the url?
Am i supposed to declare a route value, or is there another way to work with hash values (a framework, javascript or mvc)?
Edited to add:
In pure javascript, i have no problem using the window.location.hash property, i'm not sure though how standard it is in today's browsers, hence the question about a javascript framework/plugin that would use it.
The thing is that the part that follows the hash (#) is never sent to the server into the HTTP request so the server has absolutely no way of reading it. So no need to waste time in searching for something that doesn't exist.
You could on the other hand tune your routes to generate links that contain the hash part so that client scripts can read it.
Send the hash value document.location.hash as a parameter to the controller action of your choice.
This can be done in the code if needed...
RedirectResult(Url.Action("profile") + "#password");
should work fine