I am in process of creating a REST API with image upload/retrieval capabiilty.
Instead of sending image data to server, for it to upload to the storage.
I am thinking of doing the following:
client directly uploads image to the storage (Azure Blob Storage)
obtain image url from the blob storage if upload is successful
send image metadata along with the image url in blob storage to Server to be maintained
Is this an acceptable approach in terms of managing image data (or videos or any non string data) through Rest API?
Also, what are some of pros/cons for setting up service this way?
There's nothing preventing you from doing it that way, but it introduces a bit of unnecessary complexity:
The client needs to be aware of different endpoints to handle this particular type of request.
If something changes in your Azure Blob Storage endpoint, you have to change the client code. And if you have users using an old cached version of the app, they may get odd errors.
Your client has to be carefully implemented to handle the process of first uploading the image to Azure and then sending the URL to the API. If the user refreshes, clicks the upload button again, or if there's a network issue, you will face complicated scenarios.
My recommendation is that you can encapsulate this complexity in the server, where you have better control of what's going on, by letting the client send a POST request with multipart/form-data MIME type. The server can respond to this with details about the endpoint for the image in the server.
Related
We are storing the videos in object storage (aws s3/oci os) and using object uri's we are able to play the videos from HTML video player. but if we make the bucket access as private then possible ways are use the pre-authenticated urls or use the object storage sdk api to get the input stream for video object, stream the data using data buffers with ResourceRegion in webflux (we can handle all the authentication stuff to access private bucket data).
My query is there any better way to access the private bucket videos (content delivery & streaming)? Can we provide a proxy url instead video object uri directly to client, because I can handle some authentication & authorisation stuff on this url and will hidden the actual video object uri so that we can prevent the video downloading from any third party apps.
Kindly provide suggestions on this.
Yes, there are ways. One way is to have a proxy server route external HTTP calls. But that will have only limited features. Another option is to have custom written microservice to stream data from a private/public bucket via an HTTP endpoint with additional custom business logic.
You may refer to this sample Spring Boot microservice code to stream content from OCI Object Storage.
https://github.com/oracle-devrel/oci-sdk-java-samples/tree/main/usecases/storage-file-streaming
You can generate a new access key and secret from your s3 storage, create a small/simple service/api with node or any language of your choice, and every time your app needs a url for a video, it can send a request to the service for a new url which can have an expiration time on it.
Also, in your api you can ensure only your app can access the request for new url.
However, if you mean you want only your browser or your client's to be the only ones that can access the video then that may be difficult. From the above, you can control who can access the url, how long the url is active and who can call the api. Third parties have to do a lot bypass your restrictions
In the first logic, the client uploads the file and then requests to return the response if is true I register the file to another API.
And in the second logic, the client is requested to the Register files API when the register API sends the file to storage S3 and waits for the response to return to the client after uploading to S3 storage.
My question what is the best practice for this scenario?
I am sorry for the English grammar, I am trying when type more and more to learn
I have a bunch of real time IP camera images on the web server.
Is there a way to develop an API (RESTFUL) with token to let developers access those images and still prevent unauthorized user to access those image url?
such as
http://example.com/camera1?token=1234&cameraID=camera1
If the API returns an URL of
http://example.com/camera1.png
then everyone can access the camera1 image without token if he already knows the camera1 image URL.
It seems I have to use an dynamic URL
http://example.com/adfaofnhafa.png
instead of fixed name URL to prevent this from happening.
Or I can use image BASE64 encode to conver the image to binary string and return the long string in JSON format.
What's the best way to do this? Each of my image size is under 200KB and I have 150 IP cameras images update in real time and saved on the server hard disk with the fixed name.
How did facebook or youtube do it? If I have already know your facebook photo URL when call the API for the 1st time, after that I can access it anytime and anywhere without call the API again.
I am trying upload files to directly to s3 but as per my research its need server side code or dependency on facebook,google etc. is there any way to upload files directly to amazon using fineuploder only?
There are three ways to upload files directly to S3 using Fine Uploader:
Allow Fine Uploader S3 to send a small request to your server before each API call it makes to S3. In this request, your server will respond with a signature that Fine Uploader needs to make the request. This signatures ensures the integrity of the request, and requires you to use your secret key, which should not be exposed client-side. This is discussed here: http://blog.fineuploader.com/2013/08/16/fine-uploader-s3-upload-directly-to-amazon-s3-from-your-browser/.
Ask Fine Uploader to sign all requests client-side. This is a good option if you don't want Fine Uploader to make any requests to your server at all. However, it is critical that you don't simply hardcode your AWS secret key. Again, this key should be kept a secret. By utilizing an identity provider such as Facebook, Google, or Amazon, you can request very limited and temporary credentials which are fed to Fine Uploader. It then uses these credentials to submit requests to S3. You can read more about this here: http://blog.fineuploader.com/2014/01/15/uploads-without-any-server-code/.
The third way to upload files directly to S3 using Fine Uploader is to either generate temporary security credentials yourself when you create a Fine Uploader instance, or simply hard-code them in your client-side code. I would suggest you not hard-code security credentials.
Yes, with fine uploader you can do.Here is a link that explains very well what you need to do http://blog.fineuploader.com/2013/08/16/fine-uploader-s3-upload-directly-to-amazon-s3-from-your-browser/
Here is what you need. In this blogpost fineuploader team introduces serverless s3 upload via javascript. http://blog.fineuploader.com/2014/01/15/uploads-without-any-server-code/
Using the imageshack API I can upload images to imageshack but I have to use an API key to do that. I can create a POST form for the image upload to imageshack but the key has to be put in the form and that exposes the API key publicly. How can I upload images to imageshack without exposing my API key?
I think the only way to do this properly is that the image is first POSTed to your OWN application by the user.
Then in your app you internally redirect this POST to ImageShack, where you can use your API key safely without anyone ever seeing it.
You can use something easy like RestClient to run the POST request from your back-end. You will need to store the image temporarily on your server, either in memory or on disk, for retransmission to ImageShack.
So:
User sends image with POST to your server
Your server receives the image in the POST request from the user
Your server runs a POST with this image to ImageShack using your API key
The POST request from step 1 returns successfully to the user