We have a dotnetnuke website, wherein we need to implement PublishThis, now as i went through the site, i came to know it just have supports for (wordpress and drupal) for other CMS'es they have an API, which can be consumed and pull respective content from PublishThis and store it in our database.They have mentioned about CMS EndPoints on their site, but it's not clear how we can create a CMS Endpoints, so that PublishThis can verify us, there are no examples of doing the same, when i tried to create new cms and added my website url as a Client, it threw below error:
Oops. Your CMS could not be verified. Error message: The endpoint is not returning JSON but text/html; charset=utf-8
Can anyone tell me how should i create a CMS EndPoints for PublishThis.
This page describes CMS endpoint setup.
http://docs.publishthis.com/edcenter/developers-and-admins/setting-up-a-cms-publishing-option/implementing-your-cms-endpoint-actions/
First of all you need to ensure that your server returns MIME type 'application/json'. Then you need to return correct response that depends on your specific query and is described in documentation.
Related
Background
Consider having 3 resources: reports, comments and attachments. The report can have many comments, and the comment can have many attachments.
Additionally, attachments which are attached to a specific report (in the report -> comment -> attachment tree) can only be reached by users who have permission to the specific report.
Question
Now, I'm a fan of flat URL structures while designing REST APIs, but in the case above I have no idea how could I do this without creating a very long resource like:
/reports/:id/comments/:id/attachments/:id
Is there any way to meet these requirements (permissions) and be able to reach the attachment from a flat URL like /attachments/:id?
or maybe I'm exaggerating and it's totally ok to have these kinds of long resource URLs?
Disclaimer: I've created an attachments resource (and not report-attachments) because there are other resources which also need to have attachments - I didn't want to duplicate the structure.
it's totally ok to have these kinds of long resource URLs?
It's totally ok to have any kind of resource URLs. REST doesn't care how you spell your resource identifiers -- that's kind of the point. So if you need a log URL because the server needs to encode a lot of information into it, that's fine.
If you are worried about length, you can strip down the semantic hints
/reports/:id/comments/:id/attachments/:id
/reports/:id/c/:id/a/:id
/reports/:id/:id/:id
/:id/:id/:id
Some of these spellings will be easier for the routing framework that you are using on the server, but that's an implementation detail that you control.
There's no rule that says that you have to have the information encoded directly into the identifier; URL shorteners work.
In HTML, we also have the ability to construct (some) identifiers from information provided by the client, via a form. That's because the definition of the HTML media type includes processing rules that describe how the form data is assembled into an application/x-www-form-urlencoded representation that is included in the query part.
So you can introduce a similar mechanism into your own media types.
There's also RFC 6570, which describes URI templates. That gives you another way to communicate with the client how to encode information into a URL.
Is there any way to meet these requirements (permissions) and be able to reach the attachment from a flat URL like /attachments/:id?
Sure. You just need to be able to use :id to look up / calculate the correct permission set, then check the request to see if the permissions are satisfied.
I have attempted to use the provided test data from the Cybersource documentation to create a token for a test PAN. However, when attempting to do so (assuming it was a REST Api) it results in a "403 - Forbidden" error. The documentation is limited, as it doesn't give much information on the API other than the following:
(Test) Endpoint: https://testsecureacceptance.cybersource.com/silent/token/create
Request to create a standalone payment token:
reference_number=123456789
transaction_type=create_payment_token
currency=usd
amount=100.00
locale=en
access_key=e2b0c0d0e0f0g0h0i0j0k0l0m0n0o0p3
profile_id=0FFEAFFB-8171-4F34-A22D-1CD38A28A384
transaction_uuid=02815b4f08e56882751a043839b7b481
signed_date_time=2013-07-11T15:16:54Z
signed_field_names=comma separated list of signed fields
unsigned_field_names=comma separated list of unsigned fields
signature=WrXOhTzhBjYMZROwiCug2My3jiZHOqATimcz5EBA07M=
payment_method=card
card_type=001
card_number=4111111111111111
card_expiry_date=12-2022
card_cvn=005
bill_to_forename=Joe
bill_to_surname=Smith
bill_to_email=joesmith#example.com
bill_to_address_line1=1 My Apartment
bill_to_address_city=Mountain View
bill_to_address_postal_code=94043
bill_to_address_state=CA
bill_to_address_country=US
Is this a REST or SOAP API? How can this be tested in Postman? I tested to check if either works, and was unsuccessful. There is no information on what to include in the header either, so this is a bit puzzling.
Example POST test I am attempting:
POST https://testsecureacceptance.cybersource.com/silent/token/create
Content-Type:application/json
Accept:application/json
{
reference_number:123456789
transaction_type:create_payment_token
currency:usd
amount:100.00
locale:en
access_key:e2b0c0d0e0f0g0h0i0j0k0l0m0n0o0p3
profile_id:0FFEAFFB-8171-4F34-A22D-1CD38A28A384
transaction_uuid:02815b4f08e56882751a043839b7b481
signed_date_time:2019-03-07T06:16:54Z
signed_field_names:profile_id,access_key,transaction_uuid,signed_field_names,unsigned_field_names,signed_date_time,locale,transaction_type,reference_number,auth_trans_ref_no,amount,currency,card_type,card_number,card_expiry_date,card_cvn,payment_method,bill_to_forename,bill_to_surname,bill_to_email,bill_to_address_line1,bill_to_address_city,bill_to_address_postal_code,bill_to_address_state,bill_to_address_country
unsigned_field_names:
signature:WrXOhTzhBjYMZROwiCug2My3jiZHOqATimcz5EBA07M=
payment_method:card
card_type:001
card_number:4111111111111111
card_expiry_date:12-2022
card_cvn:005
bill_to_forename:Joe
bill_to_surname:Smith
bill_to_email:joesmith#example.com
bill_to_address_line1:1 My Apartment
bill_to_address_city:Mountain View
bill_to_address_postal_code:94043
bill_to_address_state:CA
bill_to_address_country:US
}
"Is this a REST or SOAP API?"
The URL, https://testsecureacceptance.cybersource.com/silent/token/create, is used for Secure Acceptance Checkout API. Secure Acceptance Checkout API is neither a SOAP API or a REST API. It is designed to be used as an HTML form POST from a customers browser.
If your goal is to use a REST API from the browser then you will want to use Secure Acceptance Flexible Token documented here.
If your goal is to use Secure Acceptance Checkout API the full documentation for that is here.
"How can this be tested in Postman?"
Since this is not meant to be a REST API call but an HTML form POST and HTML response you may have limited success with Postman. For example even if you get the request to work successfully the response will be an HTML document not JSON.
One problem I see is that you are using the example signature, and that will not work for you. Ensure that you follow the documentation on how to create your signature as well as set the signed and unsigned fields.
#J.J. - the error you encountered -- "This field is invalid or missing.Please contact Customer Support.: ots_profileid' ". Is telling you that you are missing (or have an invalid) profileID in your request payload. The system doesn't know what profile to use when processing this request.
Context:
I'm designing an API gateway for some microservices. The idea is:
I intercept all the incoming requests in a global interceptor, analyze them for accessibility based on some permissions and finally use a simple redirect to call the actual URL. For example, I'm doing the following at one place:
if(permAction && authorizationService.hasPermission(user, micro, permAction)) {
if(microName != "umm"){
log.info("Successfully Authorized. Forwarding request to: ${micro?.ipAddress}${req}")
redirect(url: "${micro?.ipAddress}${req}", params: params)
return false
}
log.info("Successfully Authorized. Forwarding request to: ${req}")
return true
}
For simple GET requests, it works fine.
Questions
I'm having some problems with this approach.
When I hit the API from the front end, through my gateway, it gives a 302 and finally gives a 200 whether the original API exists or not in the original microservice. It gives a 404 if directly hit. What's happening?
There is an error in the console saying preflight cors disabled. What is that? It wasn't there without redirection.
I want all the GET, PUT and POST requests to redirect to various microservices.As far as I searched, redirect in grails only support a GET request.
Is there any other (better) approach to achieve the same? Maybe RESTClient on the server side or something similar.
Some of these questions have been partially answered but not in this context. Any insights about the problems in the context would be great.
Complete interceptor file is given here. This repository contains the whole project for the Grails API gateway.
Update : 4:30 pm
Resolved question 2 by allowing OPTIONSin the Allowed-Methods on the server side.
Update: 11:12 pm
For number 4, I implemented a rest client at the gateway backend. It works fine as far as functionality is concerned. However, with rest client at the backend, client requests gateway, which in turn requests the microservice, gets the response and gives it back to the client. This sort of two-way involvement of gateway is costly. This also resolves question number 3 by the way.
Is there any other better solution for a gateway in some other language or technology which can provide robustness out of the box?
I need to build a way to demo a REST API that takes three or four inputs, makes a REST call to an external server, then displays the response. This demo needs to be performed by a rather limited technical audience to business so REST clients are out.
It seemed like a simple HTML page that would do an ajax call would be fine for this, except I ran into the No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access fun messages because my localhost domain does not match the target domain. I don't have access to the target REST web service, so I can't make the necessary changes for the CORS headers.
Any ideas?
Build a very small and simple web application that shows the same HTML but does the REST call with its own REST client and shows the results.
Then run that on a local server.
Can you use a product where you can host your REST API? (There are number of API hosting products available. )If so you can try wso2 APImanager.? It is free and opensource. You do not need to develop any HTML page. You can try available swagger client or REST tool to test your APIs. You can do CORS settings too..
You can also use ExploREST, a project created with this goal in mind (production demo here).
With this tool, you can make GET/POST/PUT/DEL requests, but you can also create special links in the text documenting your API so that each time someone click on it, it will make the request you defined.
Example:
## My API is very good, I am documenting it. Try
%{
"text": "to post",
"post": {
"address": "/character",
"data": {
"name":"Dark Vador",
"type": "sith"
}
}
}%
Will result in a link that make a post when the user clicks on it.
The project is open source so do not hesitate to contribute !
I am working with Drupal 8.0 alpha 11. I've been able to follow the Drupal guides for REST services:
POST for creating content entities (https://drupal.org/node/2098511) and the related guides, GET on content entities and GET on Views-generated lists
"GET"s work great, but I haven't been able to get any "POST" to work (I've posted the issue on the drupal.org site, too).
I've tested POST for both a basic page and my own content entity and neither works. I've tried a lot of variations, including removing "entity" from the url as per the recent changes in Drupal 8, but the POST still does not work. I'm using Postman in Chrome for testing and again, I can "GET" a basic page and my own content entity just fine, but with POST, I always get a return code of 200 "OK", never "201" (which is what I should receive according to the guide) and the nodes don't get created.
I've updated the rest.settings.yml for both the basic page and my content type, have established permissions for the user, am using basic auth, and have added Content Type application/hal+json and cross-origin details to the header info.
Any idea what's missing? Do I need to add coding in my create entity form to "receive" the posted data? Where do I do this/in which directories should the files go? Is this required for the default Basic Page content type, too?
Thanks for any help...I've spent weeks on this and can't figure out what I'm missing.
Thank you!
On Drupal 8 alpha 11 it will work but make sure I am assuming that you have enabled REST , HAL, HTTP basic authentication, Serialization module on your site.
You have enabled POST method for 'entity:node' with basic_auth authentication type and hal_json as format
Give enough permission to a admin so that it can create node via REST , To do so navigate to admin/people/permissions on your drupal installation.
now /entity/node is REST end point to create node I am using REST Client to demonstrate POST request
this is link to image that will make it more clear
https://dl.dropboxusercontent.com/u/100492838/POST_Node.png
now make a POST request with Content-Type = hal+json and also set basic_auth header.
change URL according to your site.