Lets say I am calling a web api such as:
http://testapi.com/search?type=2
That would work fine for a single type, but what if I wanted type 1 and type 2. Is there a standard way to call this? I tried:
http://testapi.com/search?type=2|1
http://testapi.com/search?type=2&type=1
With no success..
Or is the only way typically to do this with web apis to make two calls and then combine the results yourself?
In case it helps - Specifically in this instance I believe the website developer has made the website and API via codeigniter.
So based on the comments it appears that there is no 'standard way'. If you need something like this you have two choices:
a. Place an enhancement request against the API for some custom syntax to allow OR (this is what I did and now use)
or
b. Right code to loop through each of the possibilities and union results.
Related
I wrote a simple tool to decode JWT tokens and I'd like to use it in a similar way as the Interactive Regex Evaluator.
Is there a way to either automatically hide a query (e.g., via the Util class) or to even register it to something like Ctrl+Shift+F2?
Unfortunately that functionality doesn't exist.
You'll notice when using the Interactive Regex Evaluator it's opening the sample of the same name but doing extra work to hide the query panel. Looking at LinqPads code using it's own ILSpy, there's a method called LINQPad.UI.MainForm.miRegex_Click and it's calling the method LINQPad.UI.QueryControl.ToggleFullPaneResults which does that functionality but unfortunately the method is internal.
If you'd like to suggest the feature head over to the LinqPad forums over at http://forum.linqpad.net/ and make the suggestion. Joseph is good at getting back to people.
By going through this API documentation page, is it possible to tell which database is being used in the backend?
Zomato API
MySQL would require a php file on the server to handle the requests, make queries, pack data in JSON format then send it back to the device. But in this case parameters are passed to .json files. Please advice
There is no way to "see through" to what the backend service actually used to provide you with the information you may query for. Are you sure you want to continue using this product? The site notes that Zomato will no longer be available to individuals, and that your API key will be disabled if you don't use it monthly.
I haven't read the specs for that particular API. But in general, is it possible to tell what database is being used on the back end by studying an API? No. That's the whole point of an API: It's supposed to shield the API-user from implementation details.
It's probably true that in many cases you could make reasonable guesses about what tools are being used on the back end. Like if you see that the API gives you a syntax for doing comparisons that looks exactly like the proprietary compare function used in Foobar SQL and not found in any other database product, that would be a strong clue. But even something like that wouldn't be proof. Maybe originally they were using Foobar SQL, then they switched to another database, but to maintain compatibility they wrote code to translate the Foobar SQL compare to standard SQL syntax.
We are creating a RESTful API (PHP on apache server) which will communicate with an Android application. Im new for this so excuse me if my question is dumb.
I want to ask for data from the api so I need to use GET method in the request taking into account the semantics. I have to send some additional data to specify what data am I requesting. In GET requests, I cannot send form data fields so how should I attach the data?
Using POST (but this is not semantic)
request header: POST http://example.com/api/v1/serials
request data: date_from=2013.01.01&date_to=2014.01.01&userid=112&is_in=0&starts_with=afx00
using GET and adding url params (I don't know if is this a good practice in a REST API)
request header: GET http://example.com/api/v1/serials?date_from=2013.01.01&date_to=2014.01.01&userid=112&is_in=0&starts_with=afx00
or making well formed URIs with no url params in GET (not sure about this as well.)
request header: GET http://example.com/api/v1/serials/date_from/2013.01.01/date_to/2014.01.01/userid/112/is_in/0/starts_with/afx00
Which one fits the best in the RESTful API architecture? Which should I use and why? Or maybe are there any other options for what I want?
Without question using URL parameters is best. It allows consumers to query for serials using their choice of filters. Your API should support returning results based on UserId alone, or a date range, or both. Or other combinations of inputs that make sense.
Embedding the key/value pairs of the filter in the resource path is an anti-pattern. It's difficult to understand what each path element means, and you would need to contort your routing engine to accommodate additional filter criteria. It also provides no flexibility in terms of choosing what filter criteria to use - you would in fact need to construct multiple resources paths for each combination of filters. And there is the management of ordering each pair (with URL params, ordering doesn't matter). Probably more reasons to avoid this, but those are the first that spring to mind.
Bot GET methods can be used. It is your choise. But I'll prefer using url params. It is easier.
What is the best way to avoid SOQL Injection when querying salesforce through the APIs?
The two main APIs I am interested in are the SOAP and REST APIs.
My current methods are to never use any input from the user (which is impractical if they are searching for a Company Name) or encoding certain characters within the string.
However I saw that there was parameterisation within the APEX, so i was wondering if there was a similar way of doing it through the APIs.
I think all you really need to do is to make sure that the input, in this case the company name, is escaped properly. I am not aware of a parameterized way of building a query object for either of the API's.
However, if you needed to you could expose a custom web service method from within Salesforce so that you can pass the value in. Then from within the Salesforce Apex Code language you can parameterize the value using a syntax similar to below:
public Account[] queryCompany(string companyName) {
return [SELECT Id FROM Account WHERE Name = :companyName];
}
Philosophical rant
What are you after really :)
If your application should work same way accessed from different sources (Salesforce UI, PHP connector, some mobile applications) then it probably makes most sense to think about Apex like some stored procedures that will be reused. This means you'd be passing safe parameters to them.
If you plan to hand-craft queries & not rely on Apex too hard - maybe what you need is something like database.com or other cloud-based DB solutions?
Actual answer
I'm not aware of an out of the box way to pass separately the query command and separately the params to it (like bind variables/prepared statements) through APIs. Both REST and SOAP API give you what's essentially Database.query() within Apex. Sure, there are some differences like retrieve() command or queryMore() but that's the baseline.
What you could do is to either expose some commonly used searches with methods similar to what John proposed (bonus points for extra performance - they're precompiled) or build something generic?
List<sObject> runQuery(String query, List<List<String>> params){...}
If the runQuery will contain bind variables like params[0] it should work. Looks crazy and I didn't test it though ;) I'd say that bind variables are the best method. Alternative would be to escape user's input but SQL and XSS injections can become amazingly creative. Check Examples of XSS that I can use to test my page input? for a start (yes, I'm aware you asked about SOQL only).
As for actual SOQL injection: http://wiki.developerforce.com/page/Secure_Coding_SQL_Injection. Since "worst that can happen" is that users will search for more than they were supposed to (no way to convert SELECT into INSERT) escaping should be safe-ish...
I'm writing a webapp that uses the YouTube Code API to do specific types of searches. In this case, I'm trying to search for all videos that match a query, and which were uploaded between two dates. This document says I can use published-min and published-max parameters, while this one says I can use updated-min and updated-max.
Both of these parameter sets cause YouTube to return an error:
published-min returns "This service does not support the 'published-min parameter"
updated-min returns "This service does not support the 'updated-max' parameter"
With neither returns a correct result set.
How can I limit my result set to hits within a specified date range?
The Reference Guide for YouTube's Data API doesn't list anything that would suggest the possibility to filter on time interval in general.
The published-min argument is only advertised in the "User activity feeds" section which is something different and probably not the thing you wanted. Or is it?
The updated-min argument in your link is referenced in a generic gdata context. It looks like they intended to describe all the things common to all the specialized APIs, but somehow updated-min isn't available everywhere.
When it comes to your very problem. I would suggest sorting on time (orderby=published) and do the filtering on the client side. I know this is not the optimal way, but the only one I can see with what Google gives us.
youtube api v3 supports publishedAfter and publishedBefore parameters with search results. For example:
https://www.googleapis.com/youtube/v3/search?key={{YOUKEY}}&channelId={{CHANNELID}}&part=snippet,id&order=date&maxResults=50&publishedAfter=2014-09-21T00:00:00Z&publishedBefore=2014-09-22T02:00:00Z