I have an app set up on Api.ai that uses a webhook for fulfillment. The webhook is just a Laravel PHP api running on Nginx that returns the JSON response. All of the google documentation mentions using Node.js. Will my app be rejected if I dont use Node.js for the fulfillment?
Using Node.js is not required. The Node.js client library is a convenience so you don't have to deal with the JSON payload directly.
You are free to implement your webhook on any platform using any language to handle the incoming HTTP requests with their JSON payloads and provide the necessary JSON response.
Your app will not be rejected if you don't use Node.js for fulfillment.
Related
We're developing a web application (SPA) consisting of the following parts:
NextJS container
Django backend for user management
Data API (FastAPI) protected with API keys, for which we also provide 3rd party access
The NextJS container uses an API key to access the data API. We don't want to expose the API key to the client (browser), so the browser sends the API requests to the NextJS container, which then relays it to the data API, see here. This seems secure, but is more complicated and slower than sending requests from the browser to the data API directly.
I'm wondering if it's possible to whitelist the web application in the data API, so that the client (browser) can call the data API directly without API key, but 3rd parties can't. FastAPI provides a TrustedHostMiddleware, but it's insecure because it's possible to spoof the host header. It has been suggested to whitelist IPs instead, but we don't have a dedicated IP for our web application. I looked into using the referer header, but it's not available in the FastAPI request object for some reason (I suspect some config problem in our hosting). Also, the referer header could be spoofed as well.
Is there even a safe way to whitelist our web application for data API access, or do we need to relay the request via NextJS container and use an API key?
Is there even a safe way to whitelist our web application for data API
access,
No, you need in all case an Authentication mechanism, something before the backend that check if the client is an authorize client.
The simplest pattern is using the NextJS container as the proxy. Proxy that have an api-key to call the backend ( what you are currently doing ).
There is many way to implement a secured proxy for a backend, but this authentication logic should not be inside the backend but in a separate service ( like envoy , nginx ... )
I can not get the Rest API to work with Basic Authentication like in the guide i.e. https://myAppID:javascript-key=myJavaScriptKey#api.parse.com/1/classes/GameScore/Ed1nuqPvcm.
I can make it work if I use curl and pass the keys via HTTP Headers, however I'm trying to use a WebHook from another service and I don't have the ability to send HTTP headers.
2 issues when trying locally:
http(s) does not work even locally.
http gives me error:unauthorized.
I'm using parse-server installed via npm globally but don't see a place to add cert.
Please help!
I was able to use http local and remote using the format http://myAppId:myMasterKey#mydomain.com:1337/parse/classes/myClass and it worked fine. If you use Postman you have to turn on Basic Auth in the header section.
I have used local JIRA Server and i am using Webhook integration concept in JIRA. Here i am giving the Webhook URL is "localhost:8081/webhook" and Event is Create and Update issue. when i am create or update issue means it will be pass to "localhost:8081/webhook". The same address only i gave in mule also but its not working in my MULE. Mule didn't listen the webservice. How can i USE REST API in mule. Which flow is used for receive the JSON format REST API data. It's possible means how can i do this work.
By far the easiest way to do this in Mule now is to use the new Api Kit and write your service description in RAML.
Intro material with docs and examples at: ww.mulesoft.org/documentation/display/current/APIkit
The mule http components may be outboud e.g call your rest api or inbound where the mule server will listen for an event on a http port and url
You say mule is not listening, you should be able to quite simply setup a mule inbound http component flow .. and trigger this flow by pointing your browser at it. I think you will find mule is listening correctly, and you may have mis-configured some of your settings?
We're trying to test out WSO2 API manager and having troubles adding some APIs. MailChimp was added easily because MC has not OAuth Credentials itself. But when trying to add Facebook or another API that has it's own API manager it doesn't work and constantly get a 401 Unauthorized. This is becaused both Facebook and WSO2 API Manager need OAuth tokens and obviously you can only send one Authorization header. Any help here?
WSO2 ApiManager 1.0 still does not support (OAuth) secured back-end services out of the box. Hence it is not possible to register facebook, twitter apis via APIM.
Right now, an application is sending and authorization header to the APIM with a key issued by the APIM. Ideally if you send another authorization header, that will be forwarded to facebook api, but at the API Gateway level you need to remove the processed header which belongs to the APIM authorization.
Adding backend services with security will be added as a new feature to APIM future releases.
Regards,
/Nuwan
Can you please explain why you want to use the API manager here? You can directly send your request to Facebook where the request is authorised.
So i have a assignment to write some REST client calls to a REST web service which does not exist.
To work around it i created a mock web service using Jersey. But i am not sure what technology the actual REST service would use.
Please advise on what technology should i use to send down the REST calls to the server.
Also if possible also give me a sample of how to send down a XML GET request to the REST service.
Thanks much for the help.
Please advise on what technology should i use to send down the REST calls to the server.
REST is HTTP. You can use anything that sends HTTP requests:
Jersey Client
Any web browser
cURL
telnet
carrier pigeon
...
Also if possible also give me a sample of how to send down a XML GET request to the REST service.
It's just an HTTP GET request. How it's built/generated/sent depends on what library and programming language you're writing the client in. But the actual request itself would look something like this:
GET /foo/bar/baz HTTP/1.1
Host: www.example.com
Accept: text/xml
As far as I know Both Java and .Net environment has the tools to generate WebServices (SOAP and rest). What's your client development language ?
REST :Representational state transfer in simple terms used to send data between client and server . As
Client use some persistent URL for communication and it is stateless communication .
Java uses Jersey, the reference implementation of JAX-RS, implements support for the annotations defined in JSR 311, making it easy for developers to build RESTful web services by using the Java programming language.
So All u have to use for creating services is just some dependencies , bean configuration and some annotations (To Expose Service ) .
For calling REST Service , u can either call from browser . Browsers like (chrome ,mozilla ) provide some plugins to calling REST service or u can create a client to call REST Service .