I'm creating an app for iOS that will use CocoaHTTPServer to provide some RESTful web services. Is there a normal convention for publishing the api so that the available calls can be discovered by another device?
Related
I am trying to create a secured .Net web API application that is used to call Azure Ad Graph API's crud operations. I don't see any sample applications in GitHub? Is there any such example available anywhere?
You can use this sample that demonstrate the On-Behalf-Of flow - which can be used to call any downstream Web API, including Microsoft Graph.
More information about the On Behalf Of flow here
I have hosted my REST services on API management and consuming those in the Azure Web app service which consists of only HTML pages, javascript files and CSS files.
I would like to know how to restrict accessing the REST endpoints of the API management only from the web app without Azure AD and OAuth setup.
Client side application sources are by design available in clear text to anyone using it. Any user can open developer tools in browser and look at code you've written to make app work. So even if you secure your REST API with some secret and use it in app code to talk to that REST API anyone in the world will be able to take that secret our of the app and call your REST API directly, and you would have no way to distinguish their calls from calls made by your app.
OAuth and AAD would work to a certain extent but even they allow you to authenticate user, not the app. Same user can easily trace calls made by your app to REST API and reproduce them in any other app, and you again would have to way of figuring that out.
I think your best bet is to throttle calls made by a certain user identifying it any way you want (even if by IP address).
You can use Certificate authentication from web app to api management. The ssl certficate thumbprint on you web app you can validate in api management policy.
I would like to develop a REST API app that I can access from both web app and mobile app.
The REST API need to support simple authentication that can be done in both from a web app and from a mobile app (like Xamarin.forms)
I don't need multiple users, I need simple access control to my API.
I tried to develop a Azure API app with AD authentication, but it seem like it is very difficult to add support to Azure API App.
To summarized my questions:
How to do simple authentication in Azure API App or Mobile App?
Should I use API App or Mobile App or something else?
Does it support Xamarin and Web app access?
This is way too broad. Are you doing data access? Do you need simple auth? Have you tried any of the quickstarts to try to learn about your task?
Look at Azure App Service Authentication / Authorization - it provides a server directed flow for web and mobile access
This should have been your first question. You want an ASP.NET app, running on App Service (I'm biased here). It should cover both API, Mobile and Web together.
Yes, the App Service covers all your needs.
I am implementing REST APIs using Flask Restful and want to add session based auth for users. Currently I am NOT implementing a web app. I am wondering if the Flask-Login extension can only be used for web apps or can I use them for my REST application too?
Altough a RESTful service should be stateless by definition,
I would avoid that one. It's more "form-oriented".
Go for OAuth2, it's the de facto standard for RESTful web services.
A good implementation is Flask-OAuthlib, available on GitHub.
My web application is developed using AribaWeb framework and I want to integrate my application with Facebook. I need to post some info to my product's wall when i'm saving my sample page. I have some doubts to do this,
Is there any need of Web services. if so what are they?
Is it possible to do without JavaScript?
Study the facebook API. I am sure there is a REST service that allows you to do that. Then you can send a REST request from your application using available REST frameworks such as RESTeasy or Jersey .