SIMPLE APPS For a simple app it’s ok It depends on the data you are exposing via this simple app, because in Europe for example GDPR law is very strict for anyone that ends up in a data breach situation for Personal Identifiable Information(PII) due to the lack of security measures, and the complexity of … Read more
Native Groovy GET and POST // GET def get = new URL(“https://httpbin.org/get”).openConnection(); def getRC = get.getResponseCode(); println(getRC); if (getRC.equals(200)) { println(get.getInputStream().getText()); } // POST def post = new URL(“https://httpbin.org/post”).openConnection(); def message=”{“message”:”this is a message”}” post.setRequestMethod(“POST”) post.setDoOutput(true) post.setRequestProperty(“Content-Type”, “application/json”) post.getOutputStream().write(message.getBytes(“UTF-8”)); def postRC = post.getResponseCode(); println(postRC); if (postRC.equals(200)) { println(post.getInputStream().getText()); }
I don’t think you will get a good answer to this, partly because nobody really agrees on what REST is. The wikipedia page is heavy on buzzwords and light on explanation. The discussion page is worth a skim just to see how much people disagree on this. As far as I can tell however, REST … Read more
You basically have two options: Use PATCH (but note that you have to define your own media type that specifies what will happen exactly) Use POST to a sub resource and return 303 See Other with the Location header pointing to the main resource. The intention of the 303 is to tell the client: “I … Read more
@ray, excellent discussion @jgerman, don’t forget that just because it’s REST, doesn’t mean resources have to be set in stone from POST. What you choose to include in any given representation of a resource is up to you. Your case of the the covers referenced separately is merely the creation of a parent resource (comic … Read more
You can use one of these approaches: Configure your Xdebug (by editing php.ini) to attempt to debug every PHP script. The key option: Xdebug v2: xdebug.remote_autostart = 1 Xdebug v3: xdebug.start_with_request = yes Add Xdebug session start parameter to the actual URL (XDEBUG_SESSION_START={{KEY}} — https://xdebug.org/docs/step_debug#manual-init), for example: ?XDEBUG_SESSION_START=PHPSTORM Pass Xdebug cookie as part of the … Read more
Simply put: In REST applications, each request must contain all of the information necessary to be understood by the server, rather than be dependent on the server remembering prior requests. Storing session state on the server violates the stateless constraint of the REST architecture. So the session state must be handled entirely by the client. … Read more
Look at http.request var options = { host: url, port: 80, path: ‘/resource?id=foo&bar=baz’, method: ‘POST’ }; http.request(options, function(res) { console.log(‘STATUS: ‘ + res.statusCode); console.log(‘HEADERS: ‘ + JSON.stringify(res.headers)); res.setEncoding(‘utf8’); res.on(‘data’, function (chunk) { console.log(‘BODY: ‘ + chunk); }); }).end();
A previous answer only mentioned SSL in the context of data transfer and didn’t actually cover authentication. You’re really asking about securely authenticating REST API clients. Unless you’re using TLS client authentication, SSL alone is NOT a viable authentication mechanism for a REST API. SSL without client authc only authenticates the server, which is irrelevant … Read more
REST is the underlying architectural principle of the web. The amazing thing about the web is the fact that clients (browsers) and servers can interact in complex ways without the client knowing anything beforehand about the server and the resources it hosts. The key constraint is that the server and client must both agree on … Read more