I am building a rest api in mvc. When consuming the API, I need to be able to get the referring URL that is calling the service. I have tried Request.UrlReferer and it comes back null. How can I get the url that is consuming the service?
Are you sure you don't mean in the consumer you need to know the referer of the client making the REST call?
If this is the case what you need to do is look at the request header and extract from it the Referer.
Related
I was reading up on how to create a telegram bot and I see that to set a web hook you use the GET http method. I assume that your link will be stored somewhere on telegram servers.
So now my question is:
Why not use the POST http method? What is the advantage of this design of using GET http method in this case rather than POST http method for something that pushes data?
Bot API supports GET and POST HTTP methods both. It's up to you what to use. (See this or this). I think it makes the API easy and fast to get started with.
For the sake of simplicity one might choose a simple GET request to set a webhook - Put together a Url with some parameters and call it in a web browser, done! Webhook is now set.
Still it is possible to do the same with a POST request (and you can argue it is the preferred way to do so). But it would need tools like Postman, CURL or some browser extensions.
I am trying to build a Custom Connector in the Power Platform to connect to the BMC Helix (formerly Remedy) system to create work orders and such. I am using OAuth2 and was given a callback URL, auth URL, token URL, client ID and client secret.
I went to create a connector from scratch. I populated the fields, but I wasn't sure what to put for the 'Refresh URL', so I used the token URL there too.
I am trying to accomplish testing this connector and my successful test would be to get a JWT from doing a POST to the /api/jwt/login endpoint of BMC Helix. It should return a JWT which I can use to make subsequent calls.
Upon testing this, I go to create a connection, but a window opens (which I believe should be a prompt for authentication), but instead it contains an error saying 'unauthorized_client' coming back from the BMC Helix system at the /rsso/oauth2/authorize endpoint. It also contains a property within the URL of redirect_uri = https://global.consent.azure-apim.net/redirect.
Is there something on the Helix side I need to further configure? Not sure why I am getting this....
It sounds like you need TWO METHODS in your connector. A POST to call the token server, a GET (or another POST) to call the API (using the token received from Call 1).
One approach I've successfully used in the past is:
Use Postman to get your token server call working with OAUTH
Then use Postman to get your subsequent API calls working with the token appended
Save both requests to a single Postman collection
Export the Postman collection (as a V1 (deprecated) if I recall correctly)
Import this collection into PowerApps Custom Connector (create new/import from Postman Collection)
You'll have to massage it a bit after import, but it will give you a good headstart and you're starting from a known-good place (working Postman calls)
Good luck!
I want to write an internal REST API which returns some json data. How can I protect that API call, that it only can get called by the same domain? Should I do it with a dispatch listener?
Thanks!
You could indeed create a guard (an event listener). You can have a look at BjyAuthorize to see how it's implemented there: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Guard/Controller.php
Other than that, I'm not sure but how about trying server things? Like Same Origin Policy or CORS headers?
We have existed API like
/api/activiation_code
each time, the activiation_code will be different, then server will create a token for this call and return it, usually each call will have different activiation_code which return different token.
Since this API need server to create something so it is designed as POST.
Can we design this API as HTTP GET ?
What is the pro and cons ?
You could design the API to support GET requests, but I would not recommend this. If your API is accessible via a website, a user could accidentally activate an account multiple times since the URL will be stored in the browser's history. Additionally, web crawlers could potentially supply values to your API through the URL if you support GET requests.
POST requests are much better because the information is included in the body of the request, not the URL. Thus, it is much less likely that something will go wrong accidentally.
I have zero experience with Web API and JSON. My requirements are to create a service (I'm using Web API for this) that will accept MIME Encoded JSON data. The service will take that data, insert it into a database, and return the primary key value back to the client.
My hang-up is being able to know where to even start with this. A couple of questions that I have are:
When the device sends the JSON data, how will the service "accept" it? Meaning, what's being passed to the service isn't an URL that we commonly see with MVC (/Controller/Action/ID) which then invokes the Action Method. So, how will the service know what to invoke if I'm passing raw JSON data?
How would I test this if I don't have a device that sends the JSON data yet? Would I manually invoke an AJAX call and call that particular action method and pass in the JSON data that way?
I apologize for the seemingly elementary questions.
Thanks.
When you call a WebAPI-method you still have to specify the endpoint:
Example:
PUT /api/people
MVC knows from that that it should call the put-method on the PeopleController.
You can send raw JSON-data to test it. A good tool for that is HttpFiddler: http://fiddler2.com/
As for where to start, try to create a basic WebAPI-project with visual studio, it will include some samples and you can get going from that. If you run into wall, you can come back here