I'm designing a REST API. I'd like to provide to API caller optional debugging information in responses (e.g. execution times of some activities and internal details).
Let me give you an example of response:
{
"result": "XYZ",
"details": [{
"step": "FIRST_STEP",
"executionTime": "12 ms"
}, {
"step": "SECONT_STEP",
"executionTime": "12 ms"
}, ...
]
}
Given that I want that the API caller explicitly asks for debugging information, I'm thinking that it may add an additional query parameter like debug=true to the call. BUT I don't know if there are common conventions. If you know some API guidelines and/or best practices that solve my doubt, any suggestion will be appreciated.
Related
I have a scenario where I want to restrict access to a document based on his IP address using ory/keto authorization service.
It looks like I can't achieve contextual attribute based authorization using ory/keto. I couldn't find any docs on that in ory/keto doc space. I tried few authorization check payloads to pass the dynamic attributes for the user. An example is provided below (I tried and it didn't work, ory/keto doesn't allow nested subject_sets).
{
"namespace": "document",
"object": "document",
"relation": "view",
"subject_set": {
"namespace": "user",
"object": "john",
"relation": "is",
"subject_set": {
"namespace": "ip-address-range",
"object": "0.0.0.10/11"
}
}
}
Can we achieve Contextual and Time-based authorization with ory/keto? If we can, can I get an example of how could I do it?
There is an issue for this (which was probably the inspiration for Auth0/OpenFGA): https://github.com/ory/keto/issues/319
It is a cool feature but there is no implementation effort yet.
So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.
We have set "analytics_label" in the message as stated in the documentation and the message is getting delivered as well. But we do not see any entry in the report. Please check our message string and let us know what might be wrong. Appreciate your help.
REST API being called
https://fcm.googleapis.com/fcm/send
Message being sent
{"topic":"81xxxxx42","android":{"priority":"high"},"priority":"high","fcm_options":{"analytics_label":"nwy81xxxxx42"},"data":{"MID":-1,"frm":"99xxxxx32","MTP":9,"msg":""}}
I'm not certain what library you're using or if you're just POSTing directly to the REST API, but looking at code that I know works I think you just need to make fcm_options and analytics_label camel case.
{
"topic": "81xxxxx42",
"android": {
"priority": "high"
},
"priority": "high",
"fcmOptions": {
"analyticsLabel": "nwy81xxxxx42"
},
"data": {
"MID": -1,
"frm": "99xxxxx32",
"MTP": 9,
"msg": ""
}
}
I am new to Dialogflow so my question may be too simple. However, I do not understand what is the purpose of naming actions in Dialogflow. I have watched videos on youtube and people in them are using actions when they have a webhook. For example they may have an if condition in their source code
(e.g. in python
if action == 'action_name':
...
)
which executes something particular in this case.
However the json output which is retrieved by the source code has the following form:
{
"id": "123d9e8e-314f-451b-8b15-5e3b55baa980",
"timestamp": "2018-03-16T17:03:05.987Z",
"lang": "en",
"result": {
"source": "agent",
"resolvedQuery": "Hello",
"action": "input.welcome",
"actionIncomplete": false,
"parameters": {},
"contexts": [],
"metadata": {
"intentId": "effe6b2b-3372-4f89-882f-ff937b2b2abb",
"webhookUsed": "false",
"webhookForSlotFillingUsed": "false",
"intentName": "Welcome"
},
"fulfillment": {
"speech": "Hello, how can I help you?",
"messages": [
{
"type": 0,
"speech": "Hello, how can I help you?"
}
]
},
"score": 1
},
"status": {
"code": 200,
"errorType": "success",
"webhookTimedOut": false
},
"sessionId": "491d57cb-0af2-45ac-a658-9e47ec6658ce",
"alternativeResultsFromKnowledgeService": {}
}
Since the json data contains the IntentName why to bother naming an unique action for this specific intent when you can get directly the name of the intent in your json?
I tend to think of this in two ways, depending on exactly what I'm building. (Or sometimes a combination of these two ways.)
The Intent Name is a human-usable name, while the Action is something that is more intended for use by the webhook and more directly maps to a function.
Since you can have more than one Intent use the same Action, it can be convenient to map a few different ways the user may say something (and the parameters they may send along with them) to the same method. While you could do that by listing all the different Intent names in your code, it is easier to do that on the Dialogflow side.
In truth - use whatever works best for you. I tend to name my Intents and my Actions very similarly, but do branching based on what makes the most sense for the code (which sometimes also includes other values that may be sent).
Re-posting from a direct API support contact.
I would like to know how many days of data can I get access to per API call? If limited, how far can we go back in time?
Are you limiting the number of API calls.
I know you don't allow storing data on my side, that's why I would like to query every data in one time to analyze it.
Each endpoint has it's own methods and parameters for retrieving data over time, but in general, the UP API does not place limits on the amount of data you can request in a single call.
If the amount of data you have requested exceeds a certain limit, the API response will automatically page the requested data and provide you with a next URL that you can use to retrieve the next page of data.
The only limitation is how much historical data a particular UP user has.
Here's an example request/response from the moves endpoint.
Request
GET https://jawbone.com/nudge/api/v.1.1/users/#me/moves?start_time=1383289200 HTTP/1.1
Host: jawbone.com
Response
(Scroll to the bottom to see the next link)
HTTP 200 OK
{
“meta”:
{
“user_xid”: “6xl39CsoVp2KirfHwVq_Fx”,
“message”: “OK”,
“code”: 200
"time": 1386122022
},
“data”:
{
"items":
[{
"xid": "40F7_htRRnQwoMjIFucJ2g",
"title": "16,804 steps",
"type": "move",
"time_created": 1384963500,
"time_updated": 1385049599,
"time_completed": 1385099220,
"date": 20131121
"snapshot_image": "/nudge/image/e/1385107737/40F7_htRRnQwoMjIFucJ2g/grEGutn_XYZ.png"
"details":
{
"distance": 14745,
"km": 14.745,
"steps": 16804,
"active_time": 11927,
"longest_active": 2516,
"inactive_time": 32760,
"longest_idle": 27180,
"calories": 1760.30480012,
"bmr_day": 1697.47946931,
"bmr": 1697.47946931,
"bg_calories": 1099.9439497,
"wo_calories": 388.506116077,
"wo_time": 11484,
"wo_active_time": 3902,
"wo_count": 2,
"wo_longest": 2516,
"sunrise": 1409578680,
"sunset": 1409625420,
"tz": "America/Los Angeles",
"tzs":
[
[1384963500, "America/Phoenix"],
[1385055720, "America/Los_Angeles"]
],
"hourly_totals":
{
"2013112101":
{
"distance": 1324,
"calories": 90.0120018125,
"steps": 1603,
"active_time": 793,
"inactive_time": 220,
"longest_active_time": 302,
"longest_idle_time": 780
},
"2013112101":
{
"distance": 626,
"calories": 47.0120018125,
"steps": 455,
"active_time": 246,
"inactive_time": 260,
"longest_active_time": 203,
"longest_idle_time": 650
},
... more hours ...
}
}
},
{
... more items ....
}],
"links":
{
"next": "/nudge/api/v.1.1/users/6xl39CsoVp2KirfHwVq_Fx/moves?page_token=1384390680"
},
“size”: 10
}
}
The UP API will not limit the number of calls you can make. However, the API does have Rate Limiting, which could keep you from issuing a large amount of requests over a short period of time. Here's the details from the FAQ:
What is the rate limit for your API?
The API includes very high rate-limiting safety valves that should be
more than enough for the standard application. If you find that your
application is exceeding these limits, please let us know your
intended use and call volume, so we can review the provisions.
And finally, there is no rule preventing you from storing data that you have retrieved from the API. The only requirement is that you comply with the privacy and data removal policies outlined in the UP API terms.