Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I have been writing my own api for my site, the api will only allow a consumer to read basic information.
Somebody suggested to me that I gave the consumer a public and private API key. The private API key would be for server side scripts such as php so the public can't view it and use it in a wrong way, and then a public key would be for languages such as javascript. For the public api key they told me I would have to check the original source of the request and match it to a url in my database.
But the way I was going to check the URL the request was coming from was by checking the refer, but I know that the referrer can be changed, so this wouldn't be a good idea.
I'm looking for a way to check the referring URL properly which is very reliable. Or could anyone suggest to me a difference way of doing this API?
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed last year.
Improve this question
I have url address which accept data from 3rd party server. How can I consume the data from that url? I know that this url accept only post request. So how I can I receive that data in my kotlin app?
This is usually done by using an HTTP client library, so you can more easily convert payloads etc.
There are many HTTP clients to pick from. Among them are Ktor client (Kotlin-first, coroutine-based), Retrofit (very classic on Android), or even the built-in JDK11 HttpClient (although this one is not very Kotlin-friendly), but also many others.
If your code is multiplatform, Ktor would be a particularly good choice.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
trying to develop an application that takes data from a user's respective Blackboard account and display that information in a different way. I have been reading the blackboard API documentation and I guess I have to go to an administrator with an App ID in order for me to obtain this kind of access. What type of information should I provide the admin being as I don't even know what an App ID is, let alone provide it. I'm just a student trying to make my life easier by consolidating information that's already available to me on blackboard. I appreciate any guidance on the development process.
The documentation you'll likely want to start with is at https://docs.blackboard.com/ - of particular note is the REST / Getting Started section. See also the swagger docs for the API, which detail the needed entitlements for each API call.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I have self-written API where urls are organized like:
GET /api/products
PUT /api/products/1
So there are controllers (ProductController.php, for example) and these controllers have four methods: get, post, put and delete.
Is this a right way to organize rest api?
If so, how to organize registration/authorization? Because both actions use POST method
Yes. I would recommend looking at how big companies are doing this kind of work. See how Github is structuring their API
Relies on what kind of authentication/authorization you want to use. Most companies choose Oauth with JWT, you could also use session-based authentication. For me, it's not clear what you exactly want to do. Maybe you can elaborate on that.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a REST service based on mvc 4 and web api. I need to monitor all the users who are using my service (eg: user name , organization that user belongs to, how many hours he is accessing service and so). can you please provide best architecture for this. what is the best way to doing this?
You can use a custom HttpMessageHandler for doing authentication and track all the information you need about the user in a database. You will need some background processing of that data and doing some statistics about the usage of the API. About the message handler, a good start is the one provided in Thinktecture.IdentityModel library (You can customize it),
http://leastprivilege.com/2013/04/22/asp-net-web-api-security-the-thinktecture-identitymodel-authenticationhandler/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm building a website with lots of images and want to stop bots from accessing those images. So I'm looking something beyond cookies since bots can handle cookies. My idea is that all authentication should reside purely on the server side. Any ideas?
Someone suggested a website, that makes a user visit a thumbnail page first. Somehow visiting that page triggers a server side variable, which allows the main image to be displayed later. How can that be implemented.
http://www.google.com/search?hl=en&q=Robots.txt
That will stop some bots from spidering images on your site.
Also look into a .httaccess file
http://www.google.com/search?hl=en&q=.htaccess