i have a order catalogue web site and i want to create a REST API so people can create their own apps and Add an Order or Update an existing order:
Lets say an order has:
OrderId
Product
Quantity
ShippingType
So i need some API to allow someone to send in a new order (orderid would be blank as that would be in the response).
How do you deal with passing in items like Product or Shipping type. These are tables in my db and are keyed off their own specific primary key id. Should the NewOrder API ask for a string name for these fields, should it ask for the id. If it asked for the ID, that would assume they would have to call the GiveMeProductList() method upfront (which gives you the name and id of all product as a dataset).
What is the standard for dealing with this?
Martin Fowler has a good post about the steps toward the glory of REST that you might find useful to come up with REST API.
The media type that I use for sending this information to the server can handle both scenarios, Id and Code/Name. If the user enters the product code manually then I send up the code, if the user asks to pick from a list then I provide the list and send back the Id.
Related
I am new to web development and I have a question which might sound dumb.
The question:
Let's say we have a microservices architecture, where the microservices live in the back end and in the front end there is a client app that collects data from the microservices by consuming their APIs and then builds some HTML, populates it with that data and serves it to the user.
How can I know that the data that the user POSTs back to my client app, and eventually to my microservices, isn't "altered" by the user in a way to exploit our business model? By the term "altered" it doesn't mean necessary malicious data to harm our system, like an SQL injection input, or invalid data, like unaccepted values, but valid data that are not in their original values, like a "mistake" happened.
Example:
Imagine we have an "e-commerce" website based on microservices, where there is a "Catalog" microservice, which holds all the products of our business along with their information (price, stock, etc) and a "Basket" microservice which holds the Basket for each user of our website. We also have an MVC client app that communicates with these microservices by internally consuming the APIs provided by them.
In the Catalog API there is a GetAllProducts endpoint, that GETs all the products of our Catalog to the caller. The client app calls that endpoint on Catalog API, gets the data, populates the HTML and serves it to the user.
In the Basket API there is an AddProductToBasket endpoit, that POSTs a ProductDTO object which the microservice will validate and then store to the user's Basket. The ProductDTO object contains information like ProductId, ProductName, UnitPrice, Units, etc.
A scenario like the one I tried to describe above is when the user, after GETing all the Catalog products through the client app, he creates an "altered" ProductDTO and POSTs it back to AddProductToBasket endpoint (again through the client app). The "altered" ProductDTO will look like this:
"ProductDTO":{
"ProductId":"1234",
"ProductName":"PlayStation 5",
"UnitPrice":5,
"Units":1
}
While it should have looked like this, based on the data the Catalog API returned:
"ProductDTO":{
"ProductId":"1234",
"ProductName":"PlayStation 5",
"UnitPrice":500,
"Units":1
}
As you can see, the user is trying to exploit our business model by adding a product to his Basket with a lower price than the original. But the same alteration in POSTed data could happen with any of the ProductDTO properties.
My question is, how can I know, when I receive the ProductDTO at the Basket microserice, that the Price field has an incorrect value? Note that the Basket microservice doesn't store the information of the products, as this is out of the Basket's context. Products information are stored in Catalog microservice.
A probable solution:
A solution I can think of is to change the POSTed ProductDTOs to look like this:
"ProductDTO":{
"ProductId":"1234",
"Units":1
}
The idea is that now the ProductDTO object will instead be POSTed to the Catalog API endpoint (let's say to a RequestToAddProductToBasket endpoint) and the Catalog will only receive the ProductId and the desired Units from the user. It will then perform some business-rules level validation (e.g. there is available Stock for the desired Units) and then it will send to the Basket a new ProductDTO object, populated with all the necessary values, like ProductName, Price, Units, etc, though a back-end communication channel (like an Event Bus).
Basket, in turn, will receive the new ProductDTO and will use the data from it to add the Product to the user's Basket. This way it's "guaranteed" that the newly added Product has original data.
-
I just have a feeling that my way of thinking misses something obvious and I am over-complexing the solution. It's also probable that I have not understand how the client apps work and that it isn't that easy to POST an "altered" object to an API through the client app.
Please, let me know if the "problem" that I'm seeing here is real or not and if my proposed solution is a viable one or if there is a better workaround.
Thanks in advance.
Today when I receive a call, I get:
{"call_state":"PENDING","call_to":"client:test123","call_from":"client:test321","call_sid":"CA45af5dadsad3e699b9cb8d9"}
To not display test123, at the moment that I receive the event I search in my database the specific ID (123) and then I give to the user the right name.
That said, I would like to know if there's another way to add more information at the Client Identifiers avoiding the database search.
Twilio developer evangelist here.
You can't add more information in that request, however you could make your Client ID more useful.
You want your client identifier to be unique, and I assume the names you want to display aren't necessarily. So, if you make the client identifier something like "#{id}-#{username}" it will be unique as it contains the ID, but you could split the string on "-" and use the username to display to your user.
Let me know if that helps at all.
I am working w/ the Event Brite API and I have a need that I am trying to figure out the best approach for. Right now, I have an event that people will be registering for. At the final step of the registration process, I need to ask them some questions that are specific to my event. Sadly, these questions are data-driven from my website, so I am unable to use the packaged surveys w/ Event Bright.
In a perfect world, I would use the basic flow detailed in the Website Workflow of the EB documentation, ending upon the "3rd Party Next Steps" step (redirect method).
http://developer.eventbrite.com/doc/workflows/
Upon landing on that page, I would like to be able to access the order data that we just created in order to update my database and to send emails to each person who purchased a seat. This email would contain the information needed to kick off the survey portion of my registration process.
Is this possible in the current API? Does the redirect post any data back to the 3rd party site? I saw a few SO posts that gave a few keywords that could be included in the redirect URL (is there a comprehensive list?). If so, is there a way to use that data to look up order information for that order only?
Right now, my only other alternative is to set up a polling service that would pull EB API data, check for new values, and then kick off the process on intervals. This would be pretty noisy for all parties involved, create delay for my attendees, and I would like to avoid it if possible. Thoughts?
Thanks!
Here are the full set of parameters which we support after an attendee places an order:
http://yoursite.com/?eid=$event_id&attid=$attendee_id&oid=$order_id
It's possible that order_id and attendee_id would not be a numeric value, in which case it would return a value of "unknown." You'll always have the event_id though.
If you want to get order-specific data after redirecting an attendee to your site, you can using the event_list_attendees method, along with the modified_after parameter. You'll still have to look through the result set for the new order_id, but the result set will be much smaller and easier to navigate. You can get more information here: http://developer.eventbrite.com/doc/events/event_list_attendees/
You can pass the order_id in your redirect URL in order to solve this.
When you define a redirect URL, Evenbrite will automatically swap in the order_id value in place of the string "$order_id".
http://your3rdpartywebsite.com/welcome_back/?order_id=$order_id
or:
http://your3rdpartywebsite.com/welcome_back/$order_id/
When the user completes their transaction, they will be redirected to your external site, as shown here: /http://developer.eventbrite.com/doc/workflows/
When your post-transaction landing page is loaded, grab the order_id from the request URL, and call the event_list_attendees API method to find the order information in the response.
I'm new to the Jira admin side of things after having used it in a previous company as an end-user for several years. We are using the standard Jira workflow. The scenario I'm struggling with is the following. I'm attempting to match some of the functionality of our old-proprietary issue database. Right now I'm using many of the standard Jira fields, with only two new custom fields (both single Select Lists populated manually by me):
1) Customer = customer name who sent the new issue email to our support team
2) Customer Contact = the main customer contact, currently populated by the custom list
I created these two custom fields because we have external customers who call or email issues they have using our hosted software. Currently our system creates a simple new issue when a customer sends an email to our support email account. Our support team then goes in and cleans up the data and makes sure that all the required Jira fields have data, the comments are good, reproducible steps, etc. (Currently we do not strip out the customer domain name to auto-populate the Customer custom field, but I might try doing that soon.)
Our support team is asking that I add the following two new customer fields:
3) Customer phone number
4) Customer connection / login info
What I would like to implement is a system that goes something like this:
Customer name gets inputted (either automatically by grabbing domain name of customer email address or manually by our support team) into the Customer custom field. Customer name selected should be "pushed" into the Customer Contact Select List to help sub-select values for that particular customer.
The Customer Contact Select list should be "smart" or dynamic in that some pre-processing is done where the Customer name is grabbed so that it doesn't show ALL customers contacts for the tech support person to select, it just shows them the customer contacts for the customer that was selected.
Along with the filtered customer contacts, I would want to only see the Customer phone number for the contact that was populated in the Customer Contact select list.
And finally I would want to see the Customer connection information for the particular Customer that was selected.I've done this type of smart combo boxes in the past when I created Java / Database applications, so I have a feeling that this is possible in Jira. I'm just looking for the easiest way to implement this. It seems like there might be some external plugins that might help do this (ex. the values for the Custom fields are stored in a database table so they can be queried and the proper filtered result sets can be populated into the select lists.), or maybe using post functions (update issue), etc. But before I spent more effort investigating, I know this sort of thing has to be somewhere common and wanted to ask the Jira admin experts what the best practice would be for this type of functionality in custom fields. Please share your experience with how to solve this type of scenario. Thanks in advance!
Here is the way that tells how to import multiple options at once. Probably that would help u.
https://answers.atlassian.com/questions/92385/importing-project-from-another-jira-instance-how-do-we-mass-import-custom-field-multi-select-options?page=1#92622
EDIT
and here is the complete code to update another select list using new select list.
How to add new values to select list field in jira dynamically or using plug-in
I'm trying to create something which does the following:
if I have a products table that lists all products.
then I have a "purchase" table, which contains all transactions for people buying products.
lets say the products are like groupons (digital products) - they have to be set to "used" once they're used, either by the person who bought them, or the person who sold them.
person X buys a product, with key "XYZABC123"
the product is from company Micromartsystems
Micromartsystems has the api key "DFJSDda3290dssdj1"
if someone redeems their product on Micromartsystems, and uses the redemption key "XYZABC123", The admin of Micromartsystems see that in their backend.
Then lets say say they visit a link like mysite.com/redeem?api_key=DFJSDda3290dssdj1&redemption_key=XYZABC123
Because only Micromartsystems knows their API key, and only they should see a product with the key XYZABC123 (as each key will be unique for each purchase) - they can make links in their backend which automatically mark products as used on mysite.com.
From my side of things, it'll be pretty easy to grab those params and mark a transaction as redeemed if the URL has been accessed.
Does this make sense as a good way to do this?
I've never built an api, or something that links up with external apps, so I'm kind of just guessing here.
That will work. Personally, I will design the api restfully instead of using url params. something like this:
http://yousite.com/account/DFJSDda3290dssdj1/redeem/XYZABC123