How to design a payload for a POST REST-API call? - api

Assume I have a function in the backend server like this:
function get_bot_id(bot_name) { ... }
[A] I design a payload for a POST REST-API request like this:
{
"get_bot_id": "my_beautyful_bot"
}
[B] My co-workers claim that this payload below has more security.
{
"action": "get_bot_id",
"value": "my_beautyful_bot"
}
However, as for security claims, I don't see that [B] is better than [A].
I believe we just make the payload unnecessarily and larger without other benefits.
Does anyone have any opinions? Thank you!

Related

How to map API response to output claims in B2C custom policy?

I have use Technical Profile in B2C custom policy to call REST API and it returned format like this
{
"value": [
{
"id":"00000000000"
"name": "",
}
]
}
So in case how to get id and map it to output claim ? Please let me know a way to do it, I have investigated but I can not find out a solution so far
Did you try this?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/json-transformations#getclaimfromjson
You want to extract value.0.id
Here you can see example json:
https://github.com/azure-ad-b2c/unit-tests/blob/main/claims-transformation/json/CT_GetClaimFromJson.xml

kucoin websocket api, how to "subscribe" to their public channel, they say no authorization required, but they ask for a token :(

The question is about kucoin websocket public channel (not trades) just last trades
I just want a live feed of trades like other crypto exchanges...
but when I want to connect to "wss://ws-api-futures.kucoin.com/endpoint" I get WebSocketError: Received unexpected status code (401 Unauthorized)
the documentation https://docs.kucoin.com/futures/#create-connection lack explications :(
normally with other exchanges I can just do this in javascript
bybit_market_ws = new WebSocket("wss://stream.bybit.com/spot/quote/ws/v2");
bybit_market_ws.onmessage = event => bybit_trades(event.data);
bybit_market_ws.onopen = event => bybit_market_ws.send(JSON.stringify({"topic":"trade","params":{"symbol":"BTCUSDT","binary":false},"event":"sub"}));
function bybit_trades (jsonx) { console.log(JSON.parse(jsonx)); }
so how can I do that with kucoin websocket ?
according to the documentation i would need a "public token"...
but there is no explication on how to get that token :(
does someone knows how I would retrieve the last trades via websocket (public) channel ?
Note that the following steps may be changed when the API is updated.
All information can be found at https://docs.kucoin.com/#apply-connect-token
Get the public token
Send a empty http POST (GET will not work) message to https://api.kucoin.com/api/v1/bullet-public.
Response:
{
"code": "200000",
"data": {
"token": "2neAiuYvAU61ZD...",
"instanceServers": [
{
"endpoint": "wss://ws-api.kucoin.com/endpoint",
"encrypt": true,
"protocol": "websocket",
"pingInterval": 18000,
"pingTimeout": 10000
}
]
}
}
Connect to the Websocket
With the data of the repsonse above:
websocket: endpoint + "?token=" + token
Example: wss://ws-api.kucoin.com/endpoint?token=2neAiu....
Get all supported trading pairs
send a http GET message to https://api.kucoin.com/api/v1/symbols
{
"code": "200000",
"data": [
{
"symbol": "REQ-ETH",
"name": "REQ-ETH",
"baseCurrency": "REQ",
"quoteCurrency": "ETH",
...
},
{
"symbol": "BTC-USDC",
"name": "BTC-USDC",
"baseCurrency": "BTC",
"quoteCurrency": "USDC",
...
},
...
Get trading data
When the websocket connection is established send a http POST message:
{
"type": "subscribe", //subscribe or unsubscribe
"topic": "/market/ticker:BTC-USDT,BTC-USDC"
}
maybe this answer will not please you at all, but i will try, most of the people who work from the API in KuCoin do it with python, in fact the SDK for Nodejs is out of date, your best bet is to ask in the telegram channel https://t.me/KuCoin_API, there are KuCoin engineers who always help, although most of them use python, there is also the academy channel https://t.me/kucoin_learning, where there are examples, in short I can only mention references because I was also where you are, and the best I could do was that and review the SDk code and from there intuit and create my own adjustments
PD: the datafeed.js file is your best option, check it out https://github.com/Kucoin/kucoin-futures-node-sdk/blob/master/src/lib/datafeed.js

Block.io token withdrawal

With Block.IO token withdrawal it seems we need to send more signature as per their doc: https://block.io/api/simple/signing
Like to know how to send cURL to execute (with more signature) ?
Their sample cURL is not working:
/api/v2/withdraw_from_addresses/?api_key=API KEY&from_addresses=ADDRESS1,ADDRESS2,...&to_addresses=ADDRESS1,ADDRESS2,...&amounts=AMOUNT1,AMOUNT2,...
response for above cURL is:
{[status, success]}
{[data, {
"reference_id": "24fe5a.....",
"more_signatures_needed": true,
"inputs": [
{
"input_no": 0,
"signatures_needed": 1,
"data_to_sign": "2498d....",
"signers": [
{
"signer_address": "1H4.....",
"signer_public_key": "037710.....",
"signed_data": null
}
]
}
],
"encrypted_passphrase": {
"signer_address": "1H4...",
"signer_public_key": "0377....",
"passphrase": "fDCM0...."
},
"unsigned_tx_hex": "01000...."
}]}
For your kind info. I am using PAID version but their support team not replied yet for this query. Friends, if anyone knows please support me to find a solution for token-withdrawal using API
preferred language is ASP.Net VB (if possible explain with sample codes pls. for better understanding)

JSON RPC Documentation Tool

Are there any Documentation Tools for JSON RPC API's?
I found a lot which are perfect for RESTful API's (Slate, Spotlight, Swagger) but sadly none suitable for JSON RPC API's.
Ideal would be a Tool that can handle both.
Are there any?
Thanks a lot!
Found a couple:
https://github.com/mzernetsch/jrgen
https://github.com/contributte/anabelle
Looking at using jrgen for my project.
Check this one: https://jsight.io
JSight has HTTP REST and also JSON-RPC 2.0 support, look here for details: https://jsight.io/docs/jsight-api-0-3-quick-tutorial
This is the JSON-RPC definition example from the site:
JSIGHT 0.3
URL /api/rpc
Protocol json-rpc-2.0
Method createCat // Create a cat.
Params
{
"cat": #cat
}
Result
{
"id": 1 // Cat’s id.
}
Method getCat // // Get a cat by its id.
Params
{
"id": 1 // Cat’s id.
}
Result
#cat
TYPE #cat
{
"id": 1,
"name": "Tom"
}
The same example in the cloud: https://editor.jsight.io/r/qjxRR6a/1

How to tune flasgger in order to use basic authentication in sending requests

I try to use flasgger for my simple RESTful API. The API requireds the authentication/authorization and uses the basic authentication to perform any query.
There is really good documentation about Basic Authentication in swagger.io
But how can those settings be implemented in flassger? I've tried to used template to set securityDefinitions into swaggler, but the attempt hasn't been successful yet.
UPD. Probably the issue hasn't been resolved yet. Flasgger doesnt support basic auth #103
I've resolved the issue of authentication adding the next code:
swagger_template = {
# Other settings
'securityDefinitions': {
'basicAuth': {
'type': 'basic'
}
},
# Other settings
}
app = Flask(__name__)
Swagger(app, swagger_config, template=swagger_template)
Thanks for Dimaf's answer, helped me a lot. Just want to update the new version, in case someone else run into the same problem.
For Swagger 3.0, the config has been updated to the following (this example is for bearer authorization):
swagger_template = {
"components": {
"securitySchemes": {
"BearerAuth": {
"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT",
"in": "header",
}
}
}
}