Difference between REST API URLs - yodlee

I'm trying to understand what the difference between the two REST URLs used for fetching aggregation data in the Yodlee API. In particular, when I look at the sample API calls in Test Drive, the base REST URL that is used is:
https://rest.developer.yodlee.com/services/srest/restserver/v1.0/
But when I looked in the API Docs (https://developer.yodlee.com/apidocs/index.php) and in the Config.js file of the Node.JS sample application, the base REST URL that is used it:
https://developer.api.yodlee.com/ysl
I want to know what the difference between these two URLs are and which one I should really be using for both testing and production. Thanks!

https://developer.api.yodlee.com/ysl is used for new Yodlee REST API, and the https://rest.developer.yodlee.com/services/srest/restserver/v1.0/is the old one (Aggregation REST API).
Of course, Yodlee through mailing lists encourages developers to use new style api (so that's the one you should be using), but the documentation is less then ideal for it, so prepare for dragons ahead.
It doesn't help either that old api throughout Yodlee web site is sometimes just called "REST API", and sometimes the new one is also just called "REST API" without anyway to quickly distinguish for which one is the documentation.
For me the easiest way to distinguish new api from old one is the way version is declared in example urls:
new (Yodlee) api: /v1/
old (REST) api: /v1.0/

Related

Is there a REST API documentation that only publishes the root URL?

I´m trying to design a REST API for my application and I read a lot about best practices and how REST is supposed to work. One of the most important topics about REST is, that the resources should be linked via references and the client should only know the root URL of the API.
But I cannot find any API documentation that really does this. Every REST API documentation I ever read on the web shows an exact description of the URLs of the possible endpoints.
Is there any API documentation out there that only shows the root URL and describes how to navigate through the resources?
One of the most important topics about REST is, that the resources should be linked via references and the client should only know the root URL of the API.
The root URL and the media types, yes. The client needs to know where to start, and also how to interpret the responses it gets.
Your primary example of a REST API would be the world wide web. You point your browser at www.google.com, and then you just follow links and submit forms until you get the result you want.
Another REST API that might be familiar is Atom Syndication / Atom Pub.
More academically, there is RESTBucks. That paper was somewhat popular, and you can find a number of sample implementations around.
Jon Moore (2011) presented a good demonstration of a hypermedia API.
Every REST API documentation I ever read on the web shows an exact description of the URLs of the possible endpoints.
Yes; bad examples are much more common than good examples.

How to call Google NLP Api from a Google Chrome extension

My aim is to select some text from a web page, start a google chrome extension and give the text to a google cloud api (Natural Language API) in my case.
I want to do some sentimental analysis and then get back the result to mark/ highlight positive sentences in green and negative ones in red.
I am new to this and do not know how to start.
The extension consists of manifest, popup etc. How should I call an API from there that does Natural Language Processing?
Should I create a Google Cloud Application with an API_KEY to call? In that case I would have to upload my credentials right?
Sorry sounds a bit confusing I know but I just don't know how I can bring this 2 things together an would be more than happy about any help
The best way to authenticate your app will depend on the specific needs and use cases of your application. You can see an overview of all the different methods here.
If you are not planning on identifying users nor on using a back end server that handles authenticating (as I assume to be your case), the best option would indeed be to use API keys. They do not identify the user, but are enough for the Natural Language APIs.
To do this you will need to create an API key for the services you want and add the necessary restrictions to make the key as secure as possible. Detailed instructions on how to do this and how to use the key in a url can be found here.
The API call could be made from within the Chrome extension with any JavaScript method capable of performing POST requests. For example using XMLHttpRequest or the Fetch API. You can find an example of the parameters that need to be included in the request here.
You may run into CORS issues when making the request directly from the extension. I recommend reading this answer, where a couple of workarounds for these issues are suggested.

Regarding the use of API's

My app is a Personal Assistant who's main job is to redirect the user to something that complies with his/her wishes. I realize, for example that AllRecipies.com has no API. My question is that can I, say open the browser app with the url as
http://allrecipes.com/search/results/?wt=QUERY>&sort=re.
Is this considered as using their API? Not just AllRecipies, but numerous other such services. If I am using this method, then do I have to request API key, etc? I am not retrieving anything. I am simply redirecting the user to their page with the query pre-written. Does this require all the licensing fees, API Key, etc?
Do I have to agree to this fees(If they ask), Request API Key, etc?
With the particular URL in question, it is simply an HTML web server URL, rather than a web API, as such. You can still get data out of it, but you'd have to parse the HTML yourself to extract what you want from the HTML response.
They may have an API that you can use to access data more directly as JSON, XML, etc, but you'll have to look into that yourself. And you will possibly require an API key to access it. But perhaps not, if it's publicly available and they don't care how many calls they get to it by anonymous users.
You may find this resource useful. It contains a lot of open APIs and code snippets to access them: http://www.programmableweb.com/
If you are simply trying to hit a URL or directing a user to this particular URL which you already know and is static meaning you always hit the same url without change in parameters, then this is not considered an API call and will not be requiring any API key.
However, if they have some APIs exposed, you will need to go through their documentation and using this API most likely requires the use of an API key(alhough this might not be true always). Usually, most platforms have a bunch of APIs available for different scenarios and these are called based on user specific parameters and requirements.

Activity endpoint?

Will there be an "activity" endpoint for us 3rd Party developers to use so we may build apps that have the same information as the "official" apps?
Even piecing together data from other endpoints we cannot build such a feature since there's no way for us to get checkin history for users other than "self". We can only get other users last checkin.
Thought I'd read some time ago that the website and official apps were just going to use the api so there must be some hidden/not public endpoints.
Just curious.
The official app does use the same endpoints exposed through the API, but the public API is only a subset of what the official app uses :) (e.g., we don't allow account creation)
Having said that, there's currently no "activity" endpoint we expose, nor will we likely expose one in the future. Sorry bout that!

Can client side mess with my API?

I have a website that revolves around transactions between two users. Each user needs to agree to the same terms. If I want an API so other websites can implement this into their own website, then I want to make sure that the other websites cannot mess with the process by including more fields in between or things that are irrelevant to my application. Is this possible?
If I was to implement such a thing, I would allow other websites to use tokens/URLs/widgets that would link them to my website. So, for example, website X wants to use my service to agree user A and B on the same terms. Their page will have an embedded form/frame which would be generated from my website and user B will also receive an email with link to my website's page (or a page of website X with a form/frame generated from my server).
Consider how different sites use eBay to enable users to pay. You buy everything on the site but when you are paying, either you are taken to ebay page and come back after payment, or the website has a small form/frame that is directly linked to ebay.
But this is my solution, one way of doing it. Hope this helps.
It depends on how your API is implemented. It takes considerably more work, thought, and engineering to build an API that can literally take any kind of data or to build an API that can take additional, named, key/value pairs as fields.
If you have implemented your API in this manner, then it's quite possible that users of this API could use it to extend functionality or build something slightly different by passing in additional data.
However, if your API is built to where specific values must be passed and these fields are required, then it becomes much more difficult for your API to be used in a manner that differs from what you originally intended.
For example, Google has many different API's for different purposes, and each API has a very specific number of required parameters that a developer must use in order to make a successful HTTP request. While the goal of these API's are to allow developers to extend functionality, they do allow access to only very specific pieces of data.
Lastly, you can use authentication to prevent unauthorized access to your API. The specific implementation details depend largely on the platform you're working with as well as how the API will be used. For instance, if users must login to use services provided by your API, then a form of OAuth may suffice. However, if other servers will consume your API, then the authorization will have to take place in the HTTP headers.
For more information on API best practices, see 7 Rules of Thumb When You Build an API, and a slideshow from a Google Engineer titled How to Design a Good API and Why That Matters.