I'm designing a REST API that needs to create a database entry with only two columns, which together is the key. Because the ID is known in advance, I like to use PUT, like
PUT /lists/black/1.1.1.1
to black-list an IP. To remove it, I use
DELETE /lists/black/1.1.1.1
The problem is, many web servers doesn't allow PUT without a body (additional data arguments), and CURL doesn't send content-length: 0 by default, when doing a PUT request without arguments.
How do you suggest I design such an API?
I've implemented a REST API with a PUT without any content. It works fine. This is on Apache Tomcat v7
For cURL, use the header option -H "Content-Length: 0"
you can do following for sending put without a body:
this.httpClient.put<string>(`url/user/reset-password/${password}`, {});
Related
My use case is that I have pretty large files (>2GB, these are Cloud Optimized Geotiffs) on Google Cloud Storage, which can be used in applications through HTTP range requests.
I would like to filter out requests that are missing the Range header.
This would avoid the case of users downloading the whole file. (I guess someone could still make a range request for the whole file with a bit of work, but i am not concerned about this.)
The documentation (https://firebase.google.com/docs/storage/security/rules-conditions#request_evaluation) says "HTTP headers and authentication state are also included", so I would expect to be able to use this information in the security rules.
Is it possible at all and if it is, how?
I cannot find any example of using HTTP headers in the security rules conditions. I have also tried the rules playground in Firebase, but didn't figure out how to access the request headers.
It doesn't seem like there's any way to access HTTP headers. The only request variables are those in the document
You can try the request.params variable which will be populated with query params present in the request
eg. <firebase storage url>?myParam=true -> request.params.myParam == "true" should work
No, it is not possible to filter requests depending on HTTP headers.
The request variable in the security rules does not include HTTP headers. (As stated by a firebaser in the comments of Roopa M's answer.) The documentation has been updated since this question was asked, and does not state any longer that this information is included.
Roopa M's answer gives an idea to filter requests based on query parameters, which might help you, but is independent from HTTP headers.
In order to really handle queries according to HTTP headers in the context of firebase, it is probably necessary to rely on a cloud function that will act as middleware. These have access to the full HTTP request if i am not mistaken.
Alternatively, this kind of rule should be reasonably easy to implement in a regular web server like Nginx, if you have the option to build your project in such an environment.
net project for which I need to detect and parse changes made to a specific single text file in a repository between different pull requests.
I've been successfully able to access the pull requests and the commits using the Github API but I don't know how to retrieve the lines that changed in the last commit?
Is this possible using the API? What would be the best approach?
If not should I try to read the last two file versions and implement a differ algorithm locally?
Thanks!
A pull request contains a diff_url entry like
"diff_url": "https://github.com/octocat/Hello-World/pull/1347.diff"
You can do this for any commit. For example, to get the diff of commit 7fd1a60b01f91b3 on octocat's Hello-World it's https://github.com/octocat/Hello-World/commit/7fd1a60b01f91b314f59955a4e4d4e80d8edf11d.diff.
This also works for branches. Here's master on octocat's Hello-World. https://github.com/octocat/Hello-World/commit/master.diff.
The general form is:
https://github.com/<owner>/<repo>/commit/<commit>.diff
For private repositories:
curl -H "Accept: application/vnd.github.v3.diff" https://<personal access token>:x-oauth-basic#api.github.com/repos/<org>/<repo>/pulls/<pull request>
Also works with the normal cURL -u parameter.
See: https://docs.github.com/en/rest/reference/pulls#get-a-pull-request
The crux is in the requested media type. You can pass the Accept header with value
application/vnd.github.diff
see documentation. For full reference, a GET request with the above and Authorization header to https://api.github.com/repos/{orgName}/{repoName}/pulls/{prId} does the trick.
How would one authenticate and hit a HTTPS URL from LUA? In particular to get the resultant response back from the server?
Background: Basically want to use the https://docs.pushbullet.com/http/ API. I can see how to use it in curl, however I want to use it within LUA, and really want to get the responses back to see them.
You can use LuaSec and LuaSocket. Require ssl.https and use it like socket.http.
I'm designing a list endpoint for a resource that merits both full and light version of the resource called /transactions. By default, the response will include the complete resource, but there is also a need to provide clients with the "simplified" version of the resource list.
The first option is to use a custom param (e.g. /transactions?summary=true)
The second option is to use a custom endpoint, though not very RESTful (e.g. /transactions/summary)
The third option is to use content-type to allow a client to declare the alternative response body format. How would this look? (application/json+summary)? Are there any good examples of this being done?
Any other options come to mind?
The third option of using the Accept/Content-Type headers allows the media types to be a representation of a data, separate from the data itself.
A good example of this is github's API: https://developer.github.com/v3/media/
Which uses the http headers to allow clients to choose the format of the data, as well as the version. So in your case, the request could look something like:
curl http://api.host.com/transactions -H "Accept: application/summary+json"
And the response would contain a body of your simplified data format and the Content-Type header set to application/summary+json
If you want to be more pedantic about it, you could also use a vendor media type as application/vnd.yourcompany.summary+json. In this case, vnd implies that the media type is a vendor typically associated with application specific media types.
More Info:
Collection+JSON
A similar answer
A bit from restful API design
Here's the API.
This is my first time working with web APIs so bear with me. Where do the name-value pairs listed under each call belong in my HTTP request? Do they go in the URL, the headers, or the body? Is it different depending on if it's a GET request or a POST?
Are the answers to these questions true in general, i.e. for any web API?
Where do the name-value pairs listed under each call belong in my HTTP request?
In a GET, they're in the URL's query string. in a POST, they're in the request body. Headers never contain request parameters, but things like Content-length do control them, a bit. You might also run across JSON in a POST body (I can't remember if reddit does this). This is not reddit-specific, and is standard HTTP.