Suppose super admin wants to see another sub admin's details
my current method is GET -- domain/api/user/get_by_id/{id}
I'm using JWT also.
is my method correct?? Is there any other method where I don't put the id directly in URL
my current method is GET -- domain/api/user/get_by_id/{id}
So, answering your questions one by one,
is my method correct??
If you are using RESt Web services as you have added that tag, then no, this should not be the url. I would suggest you to read upon REST web services a little as the url should look somewhat like this.
GET -- domain/api/user/{id}
Also the id you put in url is a public one and not the one of your database. So a entry in the database should look like:
Id | Username | userId (it is public)
1 | debabrata| r1398fh9238yhas89
So to call the url r1398fh9238yhas89 will be passed and not 1.
Is there any other method where I don't put the id directly in URL
You could encode the id in base64, jwt style or some kind of other encryption or as earlier stated just send a public ID which doesn't mean anything for your database.
Related
I am trying to set the AppClip invocation for my App which is already released on app store.
I need an url such that it provides me a jobId e.g.: https://example.com/task?jobId=00001.
My use case is that I send the sms with the url https://example.com/task?jobId=00001 to the user, the user clicks on the url and the app gets started. Then for the other user I send the next url with corresponding jobId.
I did setup the AASA file for my domain (contains the JSON with "applinks" and "appclip" objects) which is valid, also the Domain status is valid on App Store Connect. There is a default experience set with title, subtitle, image and action. I also configured an advance experience for the url https://example.com/task.
However, my app clip doesn't get invoked if I access the url from either sms text or safari. :(
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
Is it possible to invoke the AppClip this way? It is really important for me that the URL is dynamic and I pass that jobId every time for each individual booking.
There s no much documentation and I already read at least twice Apple documentation about AppClip.
Because of this:
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
The answer to this:
Is it possible to invoke the AppClip this way?
Is no. Sorry, you need to own the domain you're working with, or at the very least have means to access its CNAME config (thus, be able to induce the owner of that domain to change the CNAME configs to what you want it to be, similar to what branch.io and AppsFlyer does with its users/clients).
I read that the route for getting a nested resource in REST should look like this
/articles/:articleId/comments
The owner (:articleId) of the child resource will be visible.
But what if you have an owner that you don't want the client to know about?
For example, let's say I have an app where users have anonymous posts. I wouldn't want other users to see the client fetching the post by /users/123/post/321 because users could identify who wrote the post from the id and it wouldn't be anonymous.
Is the id necessary? Is it ok to instead do /users/posts/321 if all posts have a unique id?
There are no actual requirements for the URL format. It can be whatever you'd like it to be.
If it were me, I would use simply /posts/321 and leave users out of it, since a particular user isn't specified in your URL at all. I think that's the clearest way to handle it in your case.
I am trying to get the id from the public-profile-url. The query looks like:
https://api.linkedin.com/v1/people/url={https://www.linkedin.com/in/name}
However, what I get get back from linkedin is:
<error>
<status>400</status>
<timestamp>1460131755319</timestamp>
<request-id>2OV9FJ0DTR</request-id>
<error-code>0</error-code>
<message>[invalid.param.url]. Public profile URL is not correct,
{url=}; should be {https://www.linkedin.com/pub/[member-name/]x/y/z} or
{https://www.linkedin.com/in/string}</message>
The interesting part is:
Public profile URL is not correct, {url=}; should be {https://www.linkedin.com/pub/[member-name/]x/y/z} or {https://www.linkedin.com/in/string}
The url clearly adheres to the rules that they mention and the url works. Any idea on how to fix it?
You cannot reliably retrieve a member ID from a profile URL. id values that you can rely on are returned as part of Profile API calls. From time to time, LinkedIn changes the format of it's public profile URLs, so attempting to parse them or reconstruct them can leave your app in a broken state. The public-profile-url field should be considered read-only, and not something you try and parse or create yourself.
e.g.: GET https://api.linkedin.com/v1/people/~:(id,first-name,last-name,public-profile-url)?format=json
id values are encoded to specific LinkedIn applications and cannot be re-used between apps. As a result, any value you attempt to pull out of a URL won't be of any use to you. The information needs to be acquired via an API call.
Assume I want to create a very simple todolist RESTful API, where each user owns a list of todos. The user is already authenticated over http BASIC or DIGEST.
At this point I am not sure what the URL scheme should look like.
Would it be:
http://servername/todos/
where my server filters the appropriate todos according to the authentification given to me by the http header.
Or should I include the username in the URI instead:
http://servername/users/username/todos/
On some websites I have even seen that they hand over the user name as a parameter like this:
http://servername/todos?username=babsi
As far as I can tell all three choices are stateless as I always receive the username, but just over different sources. From what I can tell to make sure that the URI is accessed by the proper user I always need to check the http header anyways. So which of the ways would you consider the best URI design in REST or should I do in a different way entirely?
You can use the following:
http://servername/todos/ GET list all todos
http://servername/users/ GET list all users
http://servername/users/{user_id}/ GET list an user
http://servername/users/{user_id}/todos/ GET list all todos for an user
I think the point here is how you want to design the relationships between your resources, if a todo just can exist in the context of an user use a hierarchy like approach as above.
As general rule i usually follow this:
Use path variables to encode hierarchy: /parent/child
Put punctuation characters in path variables to avoid implying hierarchy where
none exists: /parent/child1;child2
Use query variables to imply inputs into an algorithm, for
example: /search?q=jellyfish&start=20
Having the username in the URL depends on what you want to do (if anything at all) when you receive a request where the username in the URL does not match the authentication. If you want to re-authorize the user in this situation then yes - it's OK to have the username in the URL, otherwise it's OK to have it just in your header or other authentication scheme if there is no such need.
One fairly common example of a valid requirement would be if you have to have a main user (or group of such users) that can impersonate other users.
When the user in question is always the user who is holding the authentication token, then use something like "me" in your path.
http://example.com/users/me/<path-to-inner-resource>
Otherwise, user should be treated just like any other resource in your system, in which case the resource identifier for that user becomes a part of the path.
http://example.com/users/<id>/<path-to-inner-resource>
Take a look at Twitter APIs as an example.
https://developer.twitter.com/en/docs/twitter-api/users/follows/quick-start/follows-lookup
tl;dr: No, there isn't a way.
Calling publish_action using the JS SDK is actually pretty straightforward. However (from the little info I gleaned from reading the documentation), there's no way for me to query facebook to have it return the action instance ID for an object that I have already published... is there?
Example:
User A loads the page, and the page sends an FB.api call to /me/news.reads, which returns an action instance ID.
User A reloads the page, and the page again sends an FB.api call to /me/news.reads, but this time, the Graph API returns:
{
error: {
code: 3501,
message: 'blahblahblah... already associated... blah blah'
type: 'OAuthException'
}
}
Pretty standard stuff, and expected, since I turned off the ability to publish the same URL multiple times.
Now then, is there any way for me to retrieve a previously published action instance ID from the Graph API by passing in the URL, or is it up to me to handle the returned action instance ID (from the original publication attempt) and save it to a database? I was hoping I wouldn't have to do that...
No, there is no way to retrieve instances of published actions other than:
Accessing action by id:
http://graph.facebook.com/ACTION_ID
Accessing all instances published by specific user:
http://graph.facebook.com/USER_ID/NAMESPACE:ACTION (NAMESPACE:ACTION may be replaces by the name of one of built-in actions like news.reads, music.listend, etc.
If you want to access details of published actions connected/referencing specific object you'll need to save that data on your end for later usage.