What is the difference between get_jwt_identity and verify_jwt_in_request_optional ? Which one is an efficient way to get the token from the API?
Related
So I'm using Jira Rest API, where the user can type their own JQL query and then a table will display tasks. The only problem is my Rest API is very slow, and I think it's due to login before it can access the data. Is there a way to make the Rest API faster?
a simple call which GETs around 20 task results takes up to 17sec, before the user gets the requested information.
the URL can be something like:
https://jirabd.xxx.com/rest/api/latest/search?jql=project%20in%20(BUG%2CFIELDB)%20AND%20component%20in%20(%22Fieldb%20Components%22)%20%22AND%20issuetype%20=%20BUG%20AND%20status%20!=%20%22Closed%22&fields=customfield_10100,customfield_10101,status
I simply just need to know where I might have to look to boost the performance, since I have no clue how/where to start looking.
EDIT
Did some more digging regarding login, and it seems its the way our accounts has been setup in the company. The service account I use for login, takes 17sec to login, where a regular account takes 1-2sec to login, so that's why. Now I just have to figure out why this is the case.
If the issue is login, try keeping the authentication cookie for the next requests:
https://developer.atlassian.com/server/jira/platform/cookie-based-authentication/
or OAuth as they do suggest
With there being rate limits should I ask for an increase when trying to get all access approval? Since my app asks the driver/ rider to sign in using their uber credentials will this help limit the calls to the API?
Thanks in advance.
Probably not, but it depends entirely on your purpose.
Calls to an API are usually done to get or update data on the home servers, in this case Uber's servers. As such, any Uber specific information you require will likely need to be accessed through their API.
Now, I've not reviewed Uber's API so if you can use the return from the login request to resolve all your needs then great. However, if you need to get data from their servers it would only reduce calls to the API if they require data returned on the login which can only otherwise be retrieved by making another call to their API.
I am currently building a restful API for a project, I have read up alot of standards followed for JSON backed RESTful API, what I am wondering is when/how I should authenticate certain calls.
When retrieving a singular user, would an 'idtoken' (I use google auth and use idtokens to verify any action made) should be used in the GET, because I want the API usage in the future but also want to protect the current users.
currently all my API are used with 'POST', and then read like
{action: 'get', idtoken: '213125325vmeis134bo234' }
and the query, once the data is verified will be returned.
I am not sure if I should just have a GET request for this instead, and if so should I remove authentication on it, or just modify what is received by the client?
Apart from this I grasp most of the other aspects of the API, I was just wondering how more robust business APIs manage these sorts of things.
Note Currently I verify every request made with the ID token, even just standard GETs, I feel this isnt the way to use RESTful properly and want to ensure good programming practices
What should be the standard approach for getting user information after login ?
POST request to validate user/password and retrieve information on response
POST request to validate user/password followed by GET request to retrieve information?
As far as I understand, GET should be the preferred one to retrieve data, but it seems burdensome to performe two requests; at the same time, it feels weird to get data back on POST response. Which should be preferred?
My 2 cents:) if you really want to follow REST Paradigm then you should use standard http method as GET. Although an overloaded POST might do the job however it’s not following the standard.
In SOAP world everything is POST and you can do a lot of funky stuff however in REST world there is a standard on what method used for what purpose ideally.
I'm new using REST api and I understood that OAuth 2.0 is a greate way to handle authentication security but: Is there a standard/best-practice to return only the authenticated user's datas ?
For example,
User 1 authenticated try to access (GET) the url .#/myBooks that doesn't give the same result as if the User 2 is logged in.
Is it possible using Firebase ?
What is the server guideline using Sails or Express on Nodejs ?
Any good tutorial (because I could not find any) would also be appreciate! ;-)
Many thanks...
You can secure your data in Firebase using its security rules. With the correct .read rules in place, a user can only see their own data.
Did you read this quick start? https://www.firebase.com/docs/security/quickstart.html
There is also a nice tool to simplify creating advanced security rules. I don't think you'll need it for the use-case you described, but it may come in handy later: https://github.com/firebase/blaze_compiler
Maybe this is what you're looking for? http://passportjs.org/