We're using:
Backend - Beego (golang)
Frontend - Reactjs
Server - Openstack
So:
When reactjs calls listSomethingAPI, I calls openstackAPI and Openstack gives me that List.
it has some fields like this:
id | name | status
Problem is:
When Frontend calls PUT api, I calls API. But Openstack status change takes almost 10 seconds
Question:
How do i know status changes when frontend calls PUT api
Solution that i found:
frontend calls ListAPI every 5 seconds.
We cant use:
Websocket, AJAX
Is there any way to solve this problem?
Related
Salutations!
I have just completed my first REST API, deployed on heroku, and I decided it would be cool to make $0 a month through rapidAPI.
The rapidAPI testing dashboard passes the tests successfully - with one of their keys being a requirement for an API call.
However when I access the site on a browser or on Postman, there is no need for an API key and therefore no restrictions in get requests.
I have noticed that the test code makes a fetch request to the rapidAPI url for the project but how can I make the heroku url accessible only from rapidAPI?
I know it's extremely unlikely someone will find my heroku app url but it is technically possible.
I appreciate your time and insights.
RapidAPI provides 2 security features to support this:
set X-RapidAPI-Proxy-Secretin the API Dashboard: this token is added in the X-RapidAPI-Proxy-Secret HTTP header for each request. You should validate this for every API call. This is the default measure in place.
the list of IP addresses used by RapidAPI is provided: you can check/validate for every API call.
There might be Heroku Addon to help with the IP filtering, but those are typically enterprise-plugin (with associated cost).
RapidAPI allows you to add secret headers and/or query string parameters to API requests. The RapidAPI proxy adds these secrets to every request, but are hidden from the API consumers.
Find more details in this page: https://docs.rapidapi.com/docs/secret-headers-parameters
When user login or register it will generate a token by our web server and store in user mobile. Every time an API is call, the token is required to verify by our web server to see whether the user is authorized.
Now if the token is expired, it will return status code 401. I wonder how i should handle it?
Our apps is using redux and redux action, it can be very easily doable in the reducers, but the reducers are divided up into different modules, which means i have to do it all over the place.
If you all need any info i will update my post.
This depends on what you are using to make API calls in your app. If you are using GraphQL/Apollo, for example, you can use apollo-link-error to check if the error's status code is 401 and log the user out if it is. If you are using Axios, you can either specify the same kind of thing when you create the instance, or use something like axios interceptors to do it.
If you include what you are using to make requests in your app, I can give a more specific answer as far as the actual configuration goes.
I have a Meteor web deployed with Phusion Passenger integrated with Apache. The users access it with http://mycompany.org:3001.
That Meteor web communicates, via REST API, with another external server.
That external server has 3 versions of the same REST API:
http://external_server/v1/restapi
http://external_server/v2/restapi
http://external_server/v3/restapi
Each version of the above REST API manages a different user database, i.e. user_DB_1 -> v1, user_DB_2 -> v2, user_DB_3 -> v3.
Currently, my deployed Meteor web is making calls to the v1 of that REST API (http://external_server/v1/restapi).
Now, I have to call the other versions of the REST API (v2 and v3) with the same Meteor web, like this:
http://mycompany.org:3001/meteor_web_v1 (currently http://mycompany.org:3001)
http://mycompany.org:3001/meteor_web_v2
http://mycompany.org:3001/meteor_web_v3
Is it possible to capture the version of that URL and pass it as parameter to the Meteor web so that it calls the corresponding API?
For example, if the user make HTTP requests to http://mycompany.org/meteor_web_v1/login, then the web calls to http://external_server/v1/restapi, and so on...
Which is the approach here? Using maybe Apache mod_rewrite, Iron Router or which solution?
You can use either flow router or iron router to give you the url part as a parameter, you name it like this in your route declaration:
'/:myroute'
and then you will get a route parameter as a variable which you can use in your code to pass to your server method to do the http request.
You are doing the http request from the server, right ? Doing it that way prevents any CORS problems, and offloads the waiting to the server. The server should then update the database wth the received data, and the client will auto-refresh to make the results available.
I'm using JMeter to load test my web app. I created two HTTP Requests, one visit login page and the other, log into my account. The visit login page HTTP request works fine and returns 302 Found status. JMeter displays the login page and there 0% errors on that page.
However, when I try to login into my account using the POST Data I retrieved from Firebug POST, it doesn't work and returns a 500 status error.
I am having difficulty getting the logging into my account feature to work. I have tried to send a POST request with the following:
1) __RequestVerificationToken
2) languageDropDown (My web app requires it)
3) UserName
4) Password
but I am still getting the error.
I followed this tutorial as it's the only one on ASP.NET MVC web apps...
http://build-failed.blogspot.pt/2012/07/load-testing-aspnet-mvc-part-3-jmeter.html
But I didn't do the feedback form data because I don't need it. Just grab the general concepts and regular expression from that webpage and tried it on my app but it fails.
Why? How do I fix it?
Is it because I have cookies to store session and only unique users can login my web app at one time? I did add a cookie manager though.
BTW, this is on a deployed web application (not localhost).
Some photos, I blocked out all sensitive information (sorry) and some of the token's (Just in case?)
Are you sure you have static authentication token? May it dynamic?
Look at second video that deals with token at 5:37 min to understand how to extract dynamic authentication token.
Exept HTTP Cookie manager, try to add HTTP Cache manager
I am currently implementing Paypal's express checkout using JAVA, interfacing with the PayPal NVP API. I have SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckout, DoAuthorization and DoCapture methods all working. However, I need to implement the Instant Update API in order to calculate shipping costs and taxes on our server and display in paypal's page. I followed all the steps and recommendations, however, the callback is never called. I have tried playing with the setExpressCheckout parameters as I read in this forum that those parameters could be the problem but couldn't make it work yet. When I log in or change shipping addresses the callback is never called, I'm in sandbox environment BTW.
My callback url is public and works properly. When trying with a webbrowser it invokes my payPalCheckoutUpdate method and writes in a log file in my server, so I'm positive that the url was called. The problem is that when I log in paypal's checkout mobile site or change shipping address this callback url is never called.
My paypal update method is hosted in an Apache Ofbiz based application, I found in different forums that paypal can't access ofbiz's urls in port 8443 or 8080. So I used apache to redirect from my callback URL to my actual method and avoid using a port different than 80 in the callback url. (this works fine when tested with a webbrowser)
This is my call to setExpressCheckout without the credentials (let me know if you see a problem in this call)
372623 [http-0.0.0.0-8443-3] INFO com.paypal.sdk.core.nvp.NVPAPICaller -
L_SHIPPINGOPTIONAMOUNT0=0.00&CANCELURL=https%3A%2F%2Fdev2.XXXjacker.com%3A8443%2FXXXjacker%2Fcontrol%2FpayPalCheckoutCancel&MAXAMT=80.99&L_SHIPPINGOPTIONLABEL0=Calculated+Offline&AMT=80.99&RETURNURL=https%3A%2F%2Fdev2.XXXjacker.com%3A8443%2FXXXjacker%2Fcontrol%2FpayPalCheckoutReturn&CALLBACK=http%3A%2F%2Fdev2.XXXjacker.com%2FpayPalCheckoutUpdate&L_SHIPPINGOPTIONISDEFAULT0=true&L_AMT0=80.99&TAXAMT=0.00&L_QTY0=1&L_NUMBER0=286202&SHIPPINGAMT=0.00&L_NAME0=DVD+%2B+VCR+w%2F+Line+in+%28no+tuner%29&ITEMAMT=80.99&CALLBACKVERSION+=84.0&VERSION=84.0&L_SHIPPINGOPTIONNAME0=Calculated+Offline&CALLBACKTIMEOUT=3&METHOD=SetExpressCheckout&CURRENCYCODE=USD&PWD=**&SOURCE=PAYPAL_JAVA_SDK_76.0&SIGNATURE=****&USER=xxxxx_12xxxx643_biz_api1.xxxxxxxxxxxxx.com
I tried with and without L_SHIPPINGOPTIONLABEL0 parameter, and also tried with version and callbackversion set to 76.0 (the default set by the java library I'm using, taken from paypal) I always get the same result, the callback url isn't invoked.
And this is the response from paypal:
373536 [http-0.0.0.0-8443-3] INFO com.paypal.sdk.core.nvp.NVPAPICaller - TOKEN=EC%2dXXXXXXXX03911650G&TIMESTAMP=2012%2d06%2d12T22%3a03%3a06Z&CORRELATIONID=f1e3c64211d5e&ACK=Success&VERSION=84%2e0&BUILD=2975009 Ack : 200 Elapsed Time : 914 ms
Thank you in advance for your assistance in this matter.
Callback may need to be SSL?:
http://www.konakart.com/forum/index.php?topic=280.0
http://afillyateit.com/forums/topic/500