I have 2 development API's and deployed AWS.I need to map this api API gateway for getting outsides AWS. And also need separate keys for Security. Whether i need to create 2 api gateway ?What is the best practice in this scenario .Also expecting multiple version of API's in future.
I need to know
How many API gateway need to create
How many stages need to create if it only one.
In API gateway apikey used to mapp the stages of the gateway.
Key points to remember:
Access/Throttle/Limits are controlled by usage plan and api key at stage level not at individual resources/methods within that api.
Who can call what api is usually controlled by authorizer, whether it is IAM Auth or a custom Authorizer.
Stages are usually used for multiple environments. we can't have some resources/methods is one stage but not in other stage.
With these in mind, hopefully we can make decisions. My Typical approach is this.
Have one Api Gateway for One Business Function Ex: order-api , for CRUD on Order, Ship order, etc.
Each Api with 2 stages, live & staging. Publish first to staging, if everything looks good publish to Live.
Create one or more usage plans. Create 1 Api Key per client, even if they use same usage plan.
Related
I use two independent eCommerce platforms that don't officially support communication with one another, however, both have exposed REST API for managing products, orders, etc.
My question is: how can I leverage their APIs to allow the two platforms to exchange data?
Neither platform offers a workspace to code API calls and execute on retrieved records, so I don't understand how this scenario fits in the client server model.
Would this require a third node to be set up to act as the client with each of the eCommerce platforms acting as servers?
If so, then I surmise that this client would need to, for example, perform a GET request from Platform A, store the retrieved records in a database, then perform a POST to create the records in Platform B.
If my above understanding is correct, can anyone please advise on a platform/service with which this functionality can be built and managed? Is Postman what I'm looking for?
I'm still new to web API development, so please excuse my ignorance.
Any help would be much appreciated.
Thanks
Let say we are build an ecommerce application for web and mobile using REST API with Admin, Merchants and customers roles using Laravel/Lumen.
Is it a good best practice to have separated application for each roles with single database?
One application will usually suffice. It is usually best practice to have a single API (or a single set of microservices) where endpoints enforce your security policies for each role - rather than separate services for each role. This is more maintainable because these services typically share a lot of logic.
On the front end, it may be a different story. You might want a separate Admin app that has such different functionality that it makes sense to build it separately.
I host my database on Azure. I would like to search data on the table in that database. I am trying to use B4I and the tech help their said I need to use REST API's. I am pretty sure I need to use ODATA. I have the auth token but I am not sure if this is even possible.
In order to query Azure SQL with an API you need to add a layer between it and the destination. As mentioned in this question, OData is a specification that can be implemented fairly easily as there are plenty of libraries that will take care of the bulk of the code for you.
As far as where to host the API, you have several options within Azure. The most common being App Services, Azure Functions, and Logic Apps.
Hey guys I wonder if anyone can help with this.
Now I am facing a problem at my company. We are developing a Magento 2 Community multistore for our customers.
The idea is to have several stores in the same Magento 2 installation, where each store is for each independent company. The problem is the integration with our ERP system. With the API REST we have full control in the installation, even if we are not with the admin master credential. if we run commands like this in postman: https://magentostore.com/rest/V1/orders?searchCriteria
we have all the orders in installation, all stores. So the companies with their credentials would have the same control and it is a very bad problem of security. The stores would have access to data from each other.
We have tried extensions for advanced permissions like Aitoc and Amasty but it's only works at a frontend level and does not take any effect in API REST. We know that Magento was not made for this kind of thing so my question is:
is it possible to change the API REST to filter the queries by store? and where can I find these API REST queries?
I'd thank you so much.
So you can override api calls using webapi.xml file in your module, Just point it in your service interface and change acl if you want. In your service interface inject the original one and add some your filter before calling original.
The second approach to write a plugin on OrderRepositoryInterface and add filter there (but first solution is better because this service is used not only in api so you may do not want to restrict all calls)
User context:
An school administrator logs into a dashboard. The page displays a block of data at the top of the page:
Number of students who used the service over the past week
The aggregate feedback (positive, negative, neutral) left by the students over the past week in percentages.
Other aggregate data
Underneath is a bunch of charts and graphs representing usage of the service broken down by month, daily usage broken down by hour, etc.
My problem:
I'm trying to build an API following REST principals where endpoints should define a resource and HTTP verbs as the action to take on those resources. My problem is going about building endpoints for this more 'analytical' and aggregate data that doesn't really seem to fit anywhere in my resources. Ideally, each graph or chart could be one request to an endpoint, and the block of aggregate data at the top would also be its own request, rather than 3 requests (1 for each piece of data). Can someone guide me in the right direction on how to go about building the endpoints for these specific scenarios?
Thanks
Can someone guide me in the right direction on how to go about building the endpoints for these specific scenarios?
TL;DR: How would you build a web site to support those scenarios? Do that.
If you were using something like a document store, then you would take the URI, say /feedbackReports/lastWeek, and use that as a key, and pull from the document store a representation of that report, and return it to the client (along with various bits of metadata).
If you were using something like a file system, then you would take the URI, and construct some reference to a file, like /www_root/feedbackReports/lastWeek, and read the representation of that report from disk, and return it to the client (along with various bits of metadata).
Is you were using something like a relational database, then you would take the URI, and see that the "last week" report was being asked for, and from that you would inject a bunch of "-7 days" parameters into prepared statements, and run them, then reshape the data in memory into some representation of that report, and return it to the client (along with various bits of metadata).
I'm trying to build an API following REST principals where endpoints should define a resource and HTTP verbs as the action to take on those resources
The REST principle in question is that the API isolates the clients (and intermediary components) from all of the implementation details. The API is the mask that your application wears so that web integrations just work.
My problem is going about building endpoints for this more 'analytical' and aggregate data that doesn't really seem to fit anywhere in my resources.
So create more resources.
Note: these are integration resources; which is to say that they produce the representations that web clients need to interact with your domain.
Jim Webber, in 2008
URIs do NOT map onto domain objects - that violates encapsulation.
Work (ex: issuing commands to the domain model) is a side effect of
managing resources. In other words, the resources are part of the
anti-corruption layer. You should expect to have many many more
resources in your integration domain than you do business objects
in your business domain.