We are adding search API in our product offering powered by Algolia. We will like our customers to use Algolia search REST API directly in their apps but we want the REST API url to carry our service name and not Algolia. Does Algolia support custom domains that just DNS forward the traffic to their API with no proxy required in between?
Algolia doesn't support custom domains currently. The only way to achieve this would be with a proxy in-between as you mention.
Related
I have generated JAX-RS stubs for a REST service using Swagger and want to set up the security.
The security side is very new to me and I would like to use standards as far as possible. (In the past, for other J2EE applications, I have used Filters to handle Authentication which put User objects into a Session. As I understand it, Sessions should be avoided for REST.)
There are 4 types of user who will access the services
Customers and business partners (Authentication via oAuth or similar)
Employees (Authentication via NTLM & LDAP)
Developers (Mock authentication/authorisation of some kind)
Integration test (JUnit with pre-defined users and roles)
Is it possible to define a security mechanism which would handle all of these users?
How would I use the Swagger security directives?
Am I making this more complicated than it needs to be?
You could use an open source API gateway like Tyk? Here’s a link to some handy info on API Security in the tyk docs.
And here is a blog post that describes taking a layered approach to API Security that goes beyond the gateway.
Disclosure: I work for Tyk!
I do have some data stored in my Real-Time Firebase database. I am willing to expose some of this data via a REST API to my B2B customers.
I know that Firebase is itself a REST API but its authentication mechanisms don't fit my needs. I am willing my customers to access the API with a simple API Key passed in the HTTP request headers.
To summarize, I need an API layer sitting on top of my Firebase real-time database with the following properties:
Basic Authentication via an API key passed in the HTTP request headers
Some custom logic that makes sure customers respect the API limits (maximum requests per day for example)
The only thing I can think of is implementing this layer in AWS lambda but that also sounds a bit off. From the lambda, I would have to access my Firebase database and serve that data. That seems too many network requests; something native to Firebase would be great.
Thanks,
Guven.
Why not have a simple API which provides them an Oauth token for the original firebase REST API if they have the correct Api Key
It'll be more secure as only you'll be able to make the tokens as only you'll have the service account private key. Also saves you the headache of making a whole REST API. Also the Oauth tokens expire relatively quickly so it's less of a risk than a normal key that you furnish
I personally have created my own Servlets where a user posts their data if they are authenticated using an id pass combo.
In the Servlets i use the default REST API provided by Firebase with the Oauth generated in my servlet. This way, i can have the DB security rules set to false for all writes from any client api. And the REST API and their admin sdk on my server ignore the security rules by default.
After some research, I have decided that AWS is the best platform such API related features.
Gateway API lets you setup your API interface in a matter of seconds
DynamoDB stores your API data; you can easily populate the data here
AWS Lambda lets you write the integration code between Gateway API and DynamoDB
On top of these, the platform offers these features out of the box:
Creation & handling and verification of API keys for authentication
Usage plans to make sure that API consumers don't exceed your API usage limits
Most of what I was looking for is offered in these AWS services.
I am trying to use Google Analytics API to filter out an internal IP Address. I can only see solutions/guides on how to do this using Supermetrics/Analytics->Admin->User management->Filters option. I want to do this using the API. I just want to filter an API out, I don't want to view IP Addresses (I know this isn't possible). Can anyone help please?
What you are asking for is not as simple as you think.
The GA APIs include reporting APIs (v3 and v4, MCF and Real Time) that do not have access to the IP ... and a Management API that can create or edit Filters in your GA Account, which needs to be linked to the View you want to use.
I know this is old, but for anyone looking how to do this:
You can use the Google Analytics Management API to do this, here is the Filter Update Documentation showing you how to do this.
https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/filters/update
Does anyone know if it's legal to use Google suggestqueries in a commercial product ?
As I'm using the open stream of the ajax jsonp request https://suggestqueries.google.com/complete/search?callb.... in searchengine based product.
No - it can't be legally used and the search team changes the endpoint every now and then so apps can't abuse it , however there are wrapper services which emulate / Gather data from the endpoints through their own means - http://keywordtool.io/api is an example of that
I'm building a RESTful API (in PHP using Restler Framework v3.0) and I'm so confusing about what are the best pratices of how to use it.
I want to use the Rest API to authenticate users in more than one domain (same users, many domains) and get some "global" info (eg.: latest blog posts), but I have this questions.
My Questions:
Should I use REST instead of database queries?
Should I use the API only for XHR requests?
EDIT: I found this question that is like mine.
I want to build websites using the same users, get "latest posts", etc... If I make the REST API I could use it to get the users instead of querying database and duplicating code.