Forgive me my ignorance, however I was trying to figure it out by myself and I did not find the right solution by myself.
I'm building a website, based on node. I'm also using alot of front-end javascript, such as AJAX in order to load the content dynamically. And, my problem is; I would like to limit GET requests for front-end only. Is there any way to achieve this? Like, we do have CSRF for POST requests, and I was thinking about enabling something like CSRF for specific GET requests. API tokens are not the way achieve the success in here, because those would be available for anyone, after inspecting the markup.
Related
There is a website https://api.somewebsite.com/
I need to get api methods (routes) and queries to get data from them
Lets pretend they dont have any docs.
Is there a way to do it?
I tried to find some website to do that for me.
I didn't come with a better idea than bruteforce uri and look at the responses
Basically, I'm looking for the absolute simplest way to add an email (which is effectively a Customer object with no other parameters) to my list of Customers. The use-case is a jQuery-based pop-up email collector that I'm writing because I'm not happy with/don't want to pay for more established solutions.
Everything is working correctly, except I'm stuck on how exactly to authenticate to my Shopify store. Via Javascript I can only perform a few API calls, none of which I need. There are also very complex solutions for creating full-fledged apps for Shopify which are able to do everything, but I think that's overkill for this one API request I need to make.
I know that all I need to do is make a POST request once authenticated per these instructions. What is the best way to do this?
If you want to create user from jQuery you can generate using AJAX POST call in appropriate URL generated using Private App, but be careful before placing authorization details in front end since it will be visible and any one can misuse it.
The better way is to create user using HTTP Post call from some server side language like JAVA or PhP or some language.
I am trying to create a REST API for my web service.
I want to make the users of the API able to initiate a new request with my service. This involves uploading one or two zip files along with some other parameters.
How can I make this all combined into one request? Or is it better to do it multiple requests somehow?
I don't have a lot of familiarity with making REST APIs so I don't know how people usually do it.
I'm using PHP for my site if that matters.
To do this, you'd need your client to upload in mime/multipart format. I don't know PHP, but I'm sure there's a library out there that will support receiving/parsing the multipart messages you get.
As for whether it's a good idea .. If initiating the request is the creation of a single resource, it's not unreasonable to accept mime/multipart. If the parts being sent are themselves full-fledged resources, it would probably be better to make the client send them up separately, and reference them in the initiation request. Also note that mime/multipart is going to be a bit harder for your clients to deal with than simple requests.
This post seems to be related to what you're trying to accomplish.
I need to have the Shopify Web Hook parsed in the way I want it to look myself, I want it to HTTP POST only a few lines of information that are taken from the order that the Web Hook will be sent for.
I work with third parties that need order information that I send to them, these third parties have to adapt in 1 way or another to the web hooks but as of right now Web Hooks looks fairly limiting. Is there any way I can edit the contents of a web hook through the Shopify API???
I want to make use of the Web Hooks but be able to use it as a regular HTTP POST mechanism where I can choose myself exactly what I will send to the link I set to have the information sent to.
It works like this.
Shopify sends you an Order via Webhook. It's not sophisticated computing. They just keep on sending the complete order to your URL endpoint until you return a 200 OK status that you got it or they just give up on you.
Now that you have the entire order, you parse it, take out only the note stuff you want, and now YOU can send just your precious note stuff to your favorite person via HTTP POST using your computing engine... be it some PHP, Python, Ruby, Java or .Net concoction.
Shopify ==(order)==> Your App (you process) ===> do what you want...
Is it possible to shorten a URL using the Goo.gl shortening api with a GET request? Their only instructions are for POST and it doesn't make much sense that they wouldn't have a way to do this via GET.
It's actually unlikely that they support GET to do that. Good practice requires that GET requests not cause side effects (permanent data changes) in web applications. This prevents problems related to web spiders causing havoc simply by trying to crawl a site (imagine a "delete" button that worked with a GET, causing a spider to inadvertently remove content).
Additionally, GET requests are a lot easier to force a third party to do (i.e. embed the url in an image tag on a forum) which often is a security problem. In the case of goo.gl, it would allow trivial and hard to block DoS type attacks on the service.