I have my public API running on AWS API Gateway, and now I want to add API keys to it, basically to see "who is using which endpoint and how many time per month/week/whatever". My API already has user management logic, with its own users db table.
The part I need help with is the analytics part - say I have this up and running, I need to be able to extract some sort of report saying, for each user (by name), how many calls were made to each endpoint. So far, the closest I've gotten was https://stackoverflow.com/a/52361117/1514576 which gets me the info I need by API key. The part that I'm missing is how I could potentially cross-reference this data with my "users" database table.
I was hoping one of you had faced a similar problem and could share how you handled it.
Related
I need to get sample data from sales force developer account but i am unable to find any API to get any data from sales force.
Is there any API exposed by sales force to accomplish the task.
Salesforce exposes a large number of thoroughly documented APIs.
Access to record data is most commonly achieved through the standard REST API.
You may be most interested in the endpoints named under Working with Records, which provide access to record data, or Working with Searches and Queries.
Let's assume I have a project similar to the google sample code:
https://github.com/googlesamples/android-architecture-components
I want to add an account system to the app. How can I persist data and make the following scenario work:
go to persistent-data-fragment and load data from backend
log out
log into a different account
go to that same fragment
As a result, I should not be able to see the first user's data and instead load them from backend for the second user. How to use Room for that?
It a generic question, so I can answer with a generic answer :).
1 - on the server side you need to authenticate a user that access to REST services. There are many ways to do this. JWT is a good solution. Start reading this article.
2 - on the client side, probably you need to introduce in your database a user table and link other database's entities to user identity. Using Room you have to declare a user bean and then link them to other room entities.
I hope it helps.
We're starting to migrate our Website to a REST Service based system and are in the process of developing the core right now.
In our current setup a user has one or more "accounts" assigned which define what data he can see on the website. Only one account can be active for a given user at any time. Right now we store the selected account in the database and use it to filter all queries.
Now I'm not sure how to handle this properly in a REST environment. Possible solutions I found are:
Sending the requested account with every request
Storing the current account in the auth token. (We're using JWT for that)
Having the current account stored on the server and calling a specific resource to change it
Each of these has its pros and cons for our setup. Currently we're using the 3rd approach in our Website. But what would be the correct way to handle such a thing in a REST environment?
Yea the design you are dealing with is fairly bad, and what you really want to do is remove the state completely out of this system.
For that reason the first option is by far superior:
Sending the requested account with every request
If this is simply an id, there's a very simple way to do this, just prefix all your (relevant) routes / uris with this account id. For example:
http://api.example.org/accounts/{id}/...
This way the 'state' is maintained by virtue of which url you are accessing, and the server can be unaware of the state.
I work for an ecommerce site and we are looking to expose much of our core functionality via a set of APIs. We plan on re-writing some of our own public facing applications (e.g. the main shop website and our mobile app) to call these new APIs also. We also want to offer some of these APIs out to third-parties who want to integrate with us.
My first question is - what is a suitable authentication method for these APIs? Everything I read is about OAuth, but am I right in saying that this doesn't fit in this case as we're not looking to use another log in system (e.g. Facebook, Google) but rather restrict access to our own API (so maybe an API key or JWT solution would be better?)
Secondly, our current website has it's own user accounts system. How do you offer /user endpoints (like GET user/1235/paymentmethods) in an API like this? Surely the actual user (website customer) needs to authenticate somehow in order for the given API consumer to access their data.
I've spent the last 2 days reading about this but I'm at a loss as to how to go about this! Any help much appreciated.
Using access logging, as detailed here: https://cloud.google.com/storage/docs/access-logs, we can download and analyze usage patterns for our data. However, looking at the actual data, I noticed that there is no data relating which user (or service-account) performed the operation. The closest seeming attribute in the usage logs as described here: https://cloud.google.com/storage/docs/access-logs#format is the cs_user_agent attribute. However, this attribute seems to describe more about the tool performing the access (i.e., gsutil or gcloud) rather than the user.
Is it possible to obtain information that relates the activity to a user/service-account? Perhaps using the s_request_id attribute?
Is there a technical reason this is missing? Or is it intended as a privacy-preserving mechanism?
You can read about the access log schema in our docs. cs_user_agent tells you what kind of program made the request, while s_request_id is a unique id for the request. The closest thing to what you need would be c_ip, which is the IP address of the machine making the request. You could possibly tie those to users. If this doesn't suffice, you could have your clients make requests only through some code you yourself have written which will log - in parallel to sending the request - the URL, method, any headers / metadata desired, and the user / account making the request.