Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I have a complexe request to send to the server . In sumary i am creating a feed system
So in my request i use 2 tables.
First i start with the login user id and i pull all the other users he is following from a FOLLOW table .
So now I have the logged in user plus an array of other user he is following .
Second step is i use a FEED table the complexity is i would like to pull all the action from this table that are eitheir performed by the main user or the following users.
I am using Graphql for all my other request ... however for a complxe request like this one . I am thinking that REST is more suited
I would like to know your thoughts
There's no such term as better. It all depends on what you need, what your architecture is and after all, what you know to use better.
GraphQL is great for such complex request because you can return exactly what you need and nothing more. So if you're asking if GraphQL can handle it, for sure it can!
Where is this complexity?
You can use one graphql query - user{followers{feeds{action.. and user{feeds{action... - both action arrays will be available in Apollo.
You can always combine results from these 2 arrays into one on client side from [normalized] Apollo cache [for some component needs]. You have both sets separated as they are separated in reality and universal for future needs/other app/client/admin.
If you really want/need it combined serverside just add user to his followers in resolver for query like user{userAndFollowers{feeds/action... - it can be done beside main/separated schema, just by adding additional 'branch'.
It always depends on details ... but REST better? in witch version/convention/'standard'? good joke ;) - no offence, tons of pro/cons/comparisions everywhere ... try/read/choose suitable to requirements.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I am trying to design a RESTful web API for mostly CRUD operations.
I have a design dilemma on how to model a save action for an entity which also can have optional side effects like updating other "child" entities that were not part of the original entity.
Example:
Template Entity
Child documents Entity
Template can have multiple child documents
If a template is updated, all or some of the children based on the entity can be updated.
GET /templates/{id} -> Returns template
POST /templates/ -> Creates template
PUT /templates/ -> Updates template
Now if we want to update template and also instruct the server to update all documents based on the template, what would be a good design?
1)
PUT /templates/
{
template: {
..
},
childDocumentsIds: [1, 3, 7...]
}
2)
PUT /templates?childDocumentIds=1,3,7
{
template
}
Similar questions has already been asked, but they do not quite answer my question:
How to design REST API for non-CRUD "commands" like activate and deactivate of a resource?
What RESTful HTTP request for executing actions on the server?
How to Route non-CRUD actions in a RESTful ASP.NET Web API?
I am trying to judge if other people have similar questions when designing REST APIs. Also lately after experience with few of them, I think we can do better than REST APIs.
I think we can do better than REST APIs.
The REST architectural constraints are designed with a particular problem in mind: "long-lived network-based applications that span multiple organizations." The reference application for REST is the world wide web. If that's not the kind of problem you have, then REST may not be the right fit.
HTTP is an application, whose application domain is the transfer of documents over a network. If you can frame your problem as document transfer over a network, then a whole bunch of the work has already been done for you, and you can leverage it if you are willing to conform to its constraints.
The remote authoring idioms in HTTP (primarily GET/PUT) are very crud like - please give me your latest representation of some document; here is my latest representation of some document, please make your copy look like mine. Our API is a facade -- we pretend to be a dumb document store that understands GET and PUT semantics, but behind the scenes we do useful work.
So we might have, for example, a simple todo list. At the beginning, it is empty
GET /todoList
200 OK
[]
And if we wanted to send an email to Bob, we would first edit our local copy of the document.
["Send an email to bob#example.org"]
And then we would ask the server to make its copy of the document look like our copy
PUT /todoList
["Send an email to bob#example.org"]
HTTP semantics tell the server how to interpret this message, but it gets to choose for itself what to do with it. The server might, for example, update it's own local copy of /todoList, send the email to Bob, update its representation of /recentlySentEmail, update its representation of /recentlySentEmailsToBob, and so on.
The response from the server takes a number of standard forms; 202 Accepted -- I understood your request, and I may do it later; 204 -- No Content -- I edited my copy of the document to match yours, here's some meta data; 200 OK -- I've made changes to my representation of the document, here they are (or alternatively, I've made changes to my copy of the document, you can ask me for a refreshed copy).
if we want to update template and also instruct the server to update all documents based on the template, what would be a good design?
The most straight forward example would be to just send the revised template, and allow the server to update other resources as it sees fit
GET /template
200 ....
[original representation of template]
// make edits
PUT /template
[revised representation of template]
200 OK
If the server knows which documents need to be updated, it can just update them. Ta-Da.
If the client needs to know which resources have been updated, just send that list back
PUT /template
[revised representation of template]
200 OK
[URI of resources changed by the template]
It can be a useful design exercise to work through how you might achieve the result using a web site. How might it go. You would GET a resource that includes a form; the form might include a text area with some string representation of a template. You would replace the representation in the form with the one you wanted, and submit the form, carrying the template to the server. It would make changes, then give you back a new form, with check boxes for the different resources that will be affected by the change, allowing you to perhaps change the default selections. You would submit that form, and then the server could make the appropriate changes.
That, right there, is REST -- because you are using standardized media types, general purpose components (like browsers) can do all of the HTTP and HTML book keeping. The browser knows how forms work, it knows how to take the form processing rules and meta data to create the appropriate requests. The web caches all know which representations can be stored, and which should be invalidated.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to develop a RESTful API using ASP.NET Core. According to RESTful guidelines I should use plural nouns for resource names and keep verbs out of my base URLs.
This looks like simple, but maybe not.
I currently have firmwares and the following URIs:
1.GET /firmwares - get list of firmwares (name, version, date)
2.GET /firmwares/{id} - get details of firmware with Id (name, version, date)
3.POST /firmwares - create a new firmware in DB name, version, date) and upload a file
4.PATCH /firmwares/{id} - change name of firmware with Id
5.DELETE /firmwares/{id} - deletes record from DB and deletes a file
Now I need to add an endpoint to download a file. What URI eliminates verbs like GET /firmware/{id}/download?
These are some I thought of
GET /firmware/{id}?action=download
GET /firmware/{file_name}
GET /firmware/{id}/files
Could you (who have already implemented this) provide a URI that is more in keeping with REST?
This
GET /firmware/{id}/files/filename
fits nicely within REST non-verb nomenclature. Also, firmware is both singular and plural so would make more sense than firmwares in your URI.
With only one file ever available, these options also avoid the verbs
/firmware/{id}/file (file name doesn't really matter in URI)
/firmware/{id}/filename (if you want to show the name)
/firmware/{id}/file/filename (a mix of both)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Within Delphi Seattle, I am using the Delphi Rest components to retrieve data via REST services. My data provider appears to limit results to 1000 rows at a time, meaning I need to use pagination. I know a pagination URL is returned in the REST data stream. So a couple questions...
(1) Do the Delphi components support a GetNextPage (or something similar?). If so, I could not find it.
(2) How do I retrieve the URL to get the next page? Do I then update the TRESTRequest resource property and EXECUTE again?
(3). I am using a RestResponseDataSetAdapter to access this data (via DataSource and ClientDataSet). I am assuming that there is NO WAY to "combine" the data results from multiple REST calls. For example, if I retrieve 1,000 rows via my first call, and 300 rows via the second call, there is no way to access all 1300 rows at the same time?
I have looked on Google, as well as REST documentation and did not find anything useful. Any help appreciated.
There is no single standard way to implement pagination, as different Web/REST servers implement it in their own way. It's next to impossible for these components to have built-in pagination options covering any and every possible scenario.
Whatever service you're using should provide you details of how to implement pagination. Usually, this is part of the query string. For example...
http://someserver.com/someresource?pageSize=100&page=1
...or sometimes perhaps in the resource...
http://someserver.com/someresource/1/
...or sometimes in the HTTP headers...
Page-Size: 100
Page: 1
I've also seen some servers which provide a URL in their response, pre-defined and ready for you to use to navigate to the next page of results...
{
"next_page": "http://someserver.com/someresource?pageSize=100&page=3",
"prev_page": "http://someserver.com/someresource?pageSize=100&page=1"
}
But again, every server is different. I've never seen any two REST servers which follow the exact same rules as each other.
You will just have to read the rules as instructed by this service, and implement your pagination in each and every request, as you need.
That being said, whenever I write any sort of API wrapper, the first step is to establish a standard communication layer, which implements anything which is common across all requests available on that particular service. Here, I would add pagination options, working according to how that service was designed.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am an newbie to obj-c programming. I am trying to send data from a UITableView into any type of database. I have 2 questions.
1: What type of database should I use (ex. MySQL, access)?
2: How will I transfer the database from a table view to the type of database I should use?
If my question is not direct in any way, please notify me in the contacts section. Please do not vote down on this post.
1: What type of database should I use (ex. MySQL, access)?
If you want local database go for CoreData. If you want shared database then any other database will go like MySql, Oracle, etc.
2: How will I transfer the database from a table view to the type of database I should use?
For CoreData you have managedObject classes and few others to save, retrieve etc.
For other databases you need to use webservice calls then the server will connect your app to database.
NOTE: TableView doesn't contain any data. Data are contained by some model objects, you need to store the data in array, dictionary, strings or any other form and send these data via webservice (json, xml, soap) then it will handle.
For the following scenario you can use Different database
Store/Retrive data to/from within Application
User Coredata or SQlite
CORE DATA
SQLITE TUTORIAL
You need to store/retrive big size of datas
You can use Web Service you achieve the goal.
Web service is developed by many programming languages.you will use any type of web service to achieve this goal.
Note: Its only work with Internet connectivity
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
We all know that Meteor offers the miniMongo driver which seamlessly allows the client to access the persistent layer (MongoDB).
If any client can access the persistent API how does one secure his application?
What are the security mechanisms that Meteor provides and in what context should they be used?
When you create a app using meteor command, by default the app includes the following packages:
AUTOPUBLISH
INSECURE
Together, these mimic the effect of each client having full read/write access to the server's database. These are useful prototyping tools (development purposes only), but typically not appropriate for production applications. When you're ready for production release, just remove these packages.
To add more, Meteor supports Facebook / Twitter / and Much More packages to handle authentication, and the coolest is the Accounts-UI package
In the collections doc says:
Currently the client is given full write access to the collection.
They can execute arbitrary Mongo update commands. Once we build
authentication, you will be able to limit the client's direct access
to insert, update, and remove. We are also considering validators and
other ORM-like functionality.
If you are talking about restricting the client not to use any of your unauthorized insert/update/delete API, thats possible.
See their, todo app at https://github.com/meteor/meteor/tree/171816005fa2e263ba54d08d596e5b94dea47b0d/examples/todos
Also, they have now added a built in AUTH module, that lets you login and register. So its safe. As far as you are taking care of XSS , Valiations, client headers etc.
but you can anyday convert meteor app into fully working nodejs application by deploying to node. So if you know how to secure a nodejs application you should be able to secure meteor.
As of 0.6.4, during development mode, is_client and is_server blocks still both go to the client system. I can't say if these are segregated when you turn off development mode.
However, if they are not, a hacker might be able to gain insight from the system by review the blocks of if(Meteor.is_server ) code. That particularly concerns me, especially because I noted that I still at this point can't segregate Collections into separate files on client and server.
Update
Well, the point is don't put security related code in an is_server block in a non-server directory (i.e. - make sure it is in something under the /server .
I wanted to see if I was just nuts about not being able to segregate client and server Collections in the client and server directories. In fact there is no problem with this.
Here is my test. It's a simple example of the publish/subscribe model that seems to work fine.
http://goo.gl/E1c56