How can you forward an intact request from one API to another using Guzzle? I need to forward from a public API to a private one (so can't redirect) and return the response.
The requirement comes about because the original request header contains an encrypted hash of the body for verification, so I don't want to alter the payload at all if possible.
Only the private API can validate the hash, not the public one.
Related
I want to test an API using Postman. I have 6 collections folder, in the 3 folders I call this API with the same request. If I use key-value pair, it will take times when there is a change in the request. So I put the request in collections variable as RAW JSON, but when I use this, the API returns Bad Request (400).
I'm using .NET 6 Web API, and my API look like this:
[HttpPost]
public async Task<IActionResult> Create([FromForm] TestViewModel vm)
{
// Process Data
}
For the notes, I use [FromForm] because I have file input in the form.
Is there any workaround for this?
Thanks in advance
if you want to post json to api it's better to user [FromBody] attribute, if you want to use [FromForm] you must use key-value form in form-data in postman.
for converting your model to json to store in collection use Newtonsoft.Json package.
follow below steps to send data as FromForm in Postman
Request Type: Post
In body select form-body or x-www-form-urlencoded send data as key value pairs. Class property as Key and value is your Requested Data
I'm developing microservise which receives HTTP POST requests and then redirects them to another destination point in order to receive response, handle it and hand it to another system.
My question is - how can I avoid deserealization while receiving these requests? The microservice don't handle incoming JSONs. From the performance point of view, it's better to avoid deserealization.
I heard I can use Nginx or Apache but how can I embed them into the microservice?
Is there any proven solution? Just don't want to invent a bicycle.
I don't know what is the technology stack you are using (programming language, framework.. etc) but I suppose that in all of them is a way to recieve incoming rest requests without need to deserialize the body.
For example in a java/spring scenario you can define in the corresponding controller method the body parameter as string and in this case there isn't any deserialization of the body, the method will recieve it as a plain string so you can forward it as is to the other service:
#PostMapping(value = "/path")
public ResponseEntity controllerMethod(#RequestBody String body) {
// your code here
}
I have a rest api set up at api/books, and one can send a new book object there, and it will be added to the database. The guestion is, how can I correctly catch what is being POST'ed, so one can for example, validate what is being sent?
#RequestMapping(value="/api/books", method = RequestMethod.POST)
public String bookSavePost(#RequestBody Book book) {
bookRepository.save(book);
return "redirect:/api/books";
}
This works, as in it saves the book and I can catch what the user sends, but with this enabled, it overrides the default REST method, which doesn't allow one to actually view the api anymore. If I change this particular method to GET, it returns a string "redirect:/api/books", so it doesn't even redirect anything. Is there some way to actually redirect it to the rest api endpoint?
You can write your own reuquest Interceptor .
Spring provides HandlerInterceptor class :
https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/servlet/HandlerInterceptor.html
Here is a quick sample how to do this:
https://www.baeldung.com/spring-mvc-handlerinterceptor
A redirect requires three two things to be successful: A HTTP code of 301 or 302 AND a location header that includes the endpoint to which you want the client to visit.
E.g., in the headers section you should have
location: '/correct/endpoint'
i have created a bank application where i want to write a rest service to delete account . so for that we need an account no . for that i think for security reasons i cant pass account no in url . so i am passing it in request body . i think if i try using it with delete it runs fine but again that could be a security issue .
so in that case will i need to use post instead of delete so that i can pass account no in request body ?
#PostMapping("/account")
public void deleteAccount(#RequestBody #Valid final AccountNoDto accountNoDto) {
return accountService.deleteAccount(accountNoDto);
}
or
#DeleteMapping("/account/{accountNo}")
public void deleteAccount(#PathVariable Long accountNo) {
return accountService.deleteAccount(accountNo);
}
You should use #DeleteMapping because you are deleting a record.
The HTTP verbs should be compliant with what the function does.
But dont send the account Number along with the endPoint.
Write the endpoint as -
#DeleteMapping("/account")
The Account Number should be retrived at the backend from the token you will be sending along with the request.So All requests GET,POST,PUT,DELETE will have the same uri and the account number will be fetched from the token at the backend.
If you want to know how it is done in spring read about SecurityContextHolder class
Idealy we use #DeleteMapping for delete operation and we use #PostMapping for new creation and updation of data . I dont think account id is that much sensitive information to reveal in url. You can go for #DeleteMapping
Is is mandatory for the object sent through RestTemplate.postForObject to match exactly the type of object on the server side? I have written server a server side API that accepts a base class of the specific objects being sent through RestTemplate, and I'm receiving a 400 Bad Response from server. If the class of object is the same on both sides, it works fine.
Yes it is mandatory to match because resttemplate converts your object to specified representation(eg: into XMl or JSON) and at the serverside #requestbody unmarshalls to specifed object so if you are using baseclass, your root element changes making it impossible to unmarshal.
Hope this helps.