Using the wso2/scim/Users endpoint as described in doc i am supposed to get a response like this one
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"totalResults":2,
"Resources":[
{
"id":"0032fd29-55a9-4fb9-be82-b1c97c073f02",
"userName":"hasinitg",
"meta":{
"lastModified":"2016-01-26T16:46:53",
"created":"2016-01-26T16:46:53",
"location":"https://localhost:9443/wso2/scim/Users/0032fd29-55a9-4fb9-be82-b1c97c073f02"
}
},
{
"id":"b228b59d-db19-4064-b637-d33c31209fae",
"userName":"pulasthim",
"meta":{
"lastModified":"2016-01-26T17:00:33",
"created":"2016-01-26T17:00:33",
"location":"https://localhost:9443/wso2/scim/Users/b228b59d-db19-4064-b637-d33c31209fae"
}
}
]
}
But i need some extra info for every user and doing subsequent requests for every user using the id to get the extra information (like an email) is too bad.
Is it possible to configure the endpoint response so that i get the information needed for the users in one request ?
You should be able to do this with SCIM extensions.
This blog post has more details.
In WSO2 Identity server 5.3.0, you can achieve this by using the attributes query parameter.
eg. Following request will list all users along with their given names in a single call.
curl -k --user admin:admin 'https://localhost:9443/wso2/scim/Users?attributes=givenname'
Please refer the post here for more details.
Related
When sending an email via Shopware 6 admin api (https://shopware.stoplight.io/docs/admin-api/b3A6MTI2MjUzOTg-send-a-mail) i would like to pass only the mail template ID, and not the other information from the template (contentHtml, contentPlain, subject).
Do you know if this is possible ?
This endpoint was not implemented to fetch an existing mail_template entity by an id. You'll have to provide the mails content yourself.
Your best bet would be to send a request to the corresponding endpoint for mail templates, e.g. GET /api/mail-template/086f8adc94f14a618e3729d933befb8d, and retrieve the values for subject, contentHtml and contentPlain from the response. These will still be un-rendered Twig at that point. So there should be no problem in passing them with your POST /api/_action/mail-template/send request. Just remember that you have to provide the data for the variables used in the templates. It looks like this isn't documented, but you need to provide the data in the request body with the key mailTemplateData.
So as an example see this abbreviated request body:
{
"contentPlain": "Hello {{ user.firstName }}!", // retrieved by `/api/mail-template/:id`
"mailTemplateData": {
"user": {
"firstName": "Pete"
}
}
}
Question about security for POST method of HTTP:
I made a user called "MyAPP":
{
"userdef": [
"view",
"create"
],
"api_key": "dzn8k7hj2sdgddlvymfmefh1k2ddjl05",
"user_id": "MyAPP",
"name": "MyAPP",
"creator": "admin",
"edit": [],
"dbdef": [
"view",
"create"
],
"querydef": [
"view",
"create"
],
"databases": {
"Gaming": {
"dbuser": "mydbuser_here",
"dbpass": "mypass_here"
}
},
"password":
"$6$rounds=665736$x/Xp0k6Nj.5qzuM5$G.3w6Py1s.xZ83RHDU55qonNMpJe4Le8nD8PqjYKoOtgbab7T22knJPqwHspoT6BQxp.5gieLFuD0SdD9dyvi/",
"email": "",
"view": []
}
Then I wanted to issue a POST in order to execute a SQL Pass-thru
such as this:
http:///query/InsertBestScore/Score/99/ScreenName/GollyGolly.xml?apikey=dzn8k7hj2sdgddlvymfmefh1k2ddjl05
Where I built a query and named it "InsertBestScore":
insert into Gaming.Leaderboard
(ScreenName, Score)
values
(:ScreenName, :Score);
If I run this via POSTMAN using the POST method:
... then I get an access, 403 :
<?xml version="1.0" encoding="utf-8"?>
<SlashDB>
<http_code>403</http_code>
<description>Access was denied to this resource. Please log in with your username/password or resend your request with a valid API key.</description>
<url_template>/query/InsertBestScore/Score/{Score}/ScreenName/{ScreenName}.xml</url_template>
</SlashDB>
Also, I would be calling this POST (or PUT) request from an application, in my case a Python program running from within a AWS Lambda Function.
Now, I came across this in the documentation:
Two parameters API key
SlashDB also allows a two parameters credentials in this authentication method - app id and api key. This may come handy when integrating with API management systems like 3Scale. By default header and query string argument would be:
• appid - identifies certain application
• apikey - secret for the application
Request with API key in header - Access granted
... however in the example above, I don't see where the appid comes into play.
Can you tell me how one would call the SlashDB endpoint and pass a APIkey and assure that the userid is known as MyAPP.
So, to sum up, the Documentation mentions:
• Another application utilizes an API key to authenticate, which is sent with every request. The application is recognized as SlashDB user App2, which uses database login db_admin. Effectively this application can SELECT, UPDATE, INSERT and DELETE data.
So I want to actually, do just what is in that bullet: Identify myself as the user (instead of App2, I'm user MyAPP), and then use the dbuser and dbpass that was assigned to access that "Gaming" database.
Idea?
Make sure you've given user MyAPP permission to execute the query.
To do so:
login as admin,
go to Configure -> Queries,
open your query definition,
update field Execute. It accepts comma separated user ids.
OK, there are really two questions here:
Why was access denied?
What is the appid and how to use it.
Ad. 1: There are two authorization barriers that the request has to clear.
The first one is imposed by SlashDB in that the user executing the query must be listed in the Execute field on the query definition screen. This is done under Configure -> Queries -> "edit" button on your query.
The second barrier is imposed by the database. The SlashDB user who is executing your POST request must be mapped to a physical database user with INSERT privileges to the Gaming.Leaderboard table. It goes without saying that this database user must be associated with the database schema in which the table exists.
Ad. 2. To enable the appid the user api key must be composed out of two parts separated by colon ":". The first part will be interpreted as the appid and the second will be the apikey.
To do that, use Configuration -> Users -> 'edit' button for the user in question. Then simply add a colon at the beginning of the API key and type in your desired appid to the left of the colon. The app will have to supply both keys to execute the request. Note that the names of those keys (i.e. appid) are configurable in /etc/slashdb/slashdb.ini.
The reasoning behind this feature is to facilitate API Management platforms, which can help with key management, especially when API will be exposed to third party developers.
please tell me how to get available maintenance windows by using a SoftLayer REST API.
I tried it in the following way, but it did not work.
curl -K support -d #Maintence.json -X POST https://api.softlayer.com/rest/v3/SoftLayer_Provisioning_Maintenance_Window/getMaintenceWindows
When executing the command, the following error message is displayed:
{"error":"End date must be a later date than begin
date.","code":"SoftLayer_Exception"}
The contents of the JSON file are described below:
{
"parameters":[
{
"beginDate": "2016-12-22T00:00",
"endDate": "2016-12-29T00:00",
"locationId": 138124,
"slotsNeeded" : 1
}]
}
The proper API to use here is SoftLayer_Provisioning_Maintenance_Window::getMaintenanceWindows() as opposed to the misspelled getMaintenceWindows
The API payload is still the same.
curl -K support -d #Maintence.json -X POST https://api.softlayer.com/rest/v3/SoftLayer_Provisioning_Maintenance_Window/getMaintenanceWindows
{
"parameters":[
"2016-12-22T00:00",
"2016-12-29T00:00",
138124,
1
]
}
When making API calls to the softlayer API, the parameters are not named, just listed in order that matches the documentation.
You just need to send the parameters (It's not necesary to define them in an object), so try with this json:
{
"parameters":[
"2016-12-22T00:00",
"2016-12-29T00:00",
138124,
1
]
}
References:
SoftLayer_Provisioning_Maintenance_Window::getMaintenceWindows
I have a question regarding the use of the getBandwidthDataByDate request using the SoftLayer REST API.
In the documentation it lists 3 parameters for this request, but it's a GET request. Does anyone know how to make this request and/or have an example?
https://api.softlayer.com/rest/v3/SoftLayer_Virtual_Guest/getBandwidthDataByDate/'device_id'.json
I'm not sure where to add the parameters here.(startDateTime, endDateTime, networkType)
And what does the dateTime object look like?
Thanks
This is a POST request, so you need to pass the parameters in "Payload" (I'm using Advanced REST client for Chrome).
Try the following REST request:
https://$user:$apiKey#api.softlayer.com/rest/v3/SoftLayer_Virtual_Guest/$device_id/getBandwidthDataByDate
Method: Post (Copy the below code in "Payload")
{
"parameters":[
"2016-03-10T00:00:00",
"2016-03-15T00:00:00",
"public"
]
}
Note: Replace $user, $apiKey and $device_id with your own information
References:
SoftLayer_Virtual_Guest::getBandwidthDataByDate
TL;DR
In my current API, I've got two endpoints to handle the context:
GET /context/get
POST /context/set '{"id": "123"}'
What's the recommended way of having this global, id-less state accessible from RESTful API?
Please assume that the context concept can't be changed.
Background
Let's say I've got a user that is logged. He's by default assigned to a context that he can change.
After the context change, all the subsequent API calls will return different data, according to the context.
Example:
// Backend
Context = "Poland"
then
$ curl -X GET http://api.myapp.com/cities
will respond:
{
"cities": [{
"id": "1",
"name": Warszawa"
}, {
"id": "2",
"name": Wrocław"
}]
}
However, if you change the context:
// Backend
Context = "USA"
then, the same URL:
$ curl -X GET http://api.myapp.com/cities
should return the different set of data:
{
"cities": [{
"id": "3",
"name": New York City"
}, {
"id": "4",
"name": Boston"
}]
}
Question
As the context is just a global state on the backend side, it doesn't have an id. It doesn't belong to any collection either. Still, I want it to be accessible in the API. There are three possible solutions I see:
Solution #1 - existing
Set a context
$ curl -X POST http://api.myapp.com/context/set '{"id": "123"}'
Get a context
$ curl -X GET http://api.myapp.com/context/get
This one doesn't really feel like a RESTful API and still, on the frontend side, I have to mock the id (using ember-data). And the resource name is singular instead of plural.
Solution #2 - mocking the id
Set a context
$ curl -X POST http://api.myapp.com/context/1 '{"contextId": "123"}'
Get a context
$ curl -X GET http://api.myapp.com/context/1
Here I mock the id to always equal to one but I feel that it's super hacky and certainly not self-explanatory... Moreover, I've got a name conflict: id vs contextId. And the resource name is singular instead of plural.
Solution #3 - actions
Set a context
$ curl -X POST http://api.myapp.com/context/actions/set '{"id": "123"}'
Get a context
$ curl -X GET http://api.myapp.com/context/actions/get
This is very similar to the first one but using actions that could be a part of my whole API design (taken from e.g. gocardless. Still, I'll have a problem how to model it on the frontend side nicely. And the resource name is singular instead of plural again.
Is there any #4 option? How should I address this problem?
Thanks!
Your three solutions are RPC, not REST. Not only they are not stateless, but setting a resource to some other resource by setting an id is very RCP'ish.
A RESTful solution, if you really want to go that way, is to set the context in a header. The client should send a header like X-ContextId or something like that, and you determine the request context you need from that.
However, don't worry too much about being RESTful if that's not what your application requires. I recommend reading the answer here: SOAP vs REST (differences)
What's the recommended way of having this global, id-less state
accessible from RESTful API?
A RESTful API is by definition stateless, no client context should be stored on the server between requests.
If you want your API to be RESTful, you'll have to pass this id with each request.