I am developing a client to access weather information from a RESTful API (http://api.worldweatheronline.com/free/v1/weather.ashx). I am using ASP.NET MVC4 and i have two choices as of my limited knowledge.
using jQuery.ajax({....});
using .NET4.0 HttpClient.
The API requires a key parameter key=xxxxxxxxxxxx as part of the request, and i do not want to reveal the key to the users of the site.
Please guide me someone and also let me know if there are some best practices/standard way of doing this?
If you don't want to reveal the key to users of the site, then you have no choice but to use HttpClient from within your ASP.NET web site. If you allow the call to be made by jQuery in the client browser then it is impossible to hide that key.
Related
I am using ELMAH in a Web API 2 project. I wrote my own IAuthenticationFilter to authenticate against Atlassian's CROWD.
I want to secure ELMAH also against CROWD. Is there any way to achieve this?
Are you wanting to make a secure Web API call that shows the most recent or the most common errors in your ELMAH data store? If so, why not write those data-fetching calls and secure them with your custom filter the same way as your other API calls.
I'm trying to build an app with comment system and wanna know if
is there any safe way to use the mongolab api without share my key with everyone?
if not what you guys recommend to use instead of mongolab api key with ajax.
Thanks.
Unfortunately there is no way to use the mLab Data API with Ajax and keep the API Key safe. We recommend implementing your own RESTful API server on top of your mLab database that can act as a gatekeeper to the database. Your client application would then make Ajax requests to the API server.
Although this tutorial uses Angular instead of Ajax, here is a good example of the architecture I've described: https://devcenter.heroku.com/articles/mean-apps-restful-api.
We want to write a new web site for customer using SQL DB
and implement only one specific client.
what the recommended technology to be used:
Peure MVC.net
Web API and client side using AJAX
I will be glad to hear the causes, the consideration and the cost.
Thanks!
I tend to favour a web api to handle all of the database work (via entity framework), but use MVC for my front end application.
This way you have all the flexibility of an API should you want to use different frameworks in the future (Angular, ASP.net 5 etc), but you can still have the pleasure of working MVC in your front end site.
I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.
We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.
Basic scenario:
Client wants to log in
API Consumer (php web project) takes this request, directs user to API
User send his/her user credentials to the api, gets the token.
User comes back to our website, pass token to the consumer.
Consumer goes to the api server, gets the access token.
Now consumer (php project) has access to user's private information.
Since this is a social network website, we want app developers to be able to use our API in the future.
I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?
Sure, API design is basically point where you need to choose technology.
Either it can be PHP or .net or Java.
I would prefer either PHP or .Net as we get lot of flexibility in it.
API will return XML or Json depending upon the request.
There are lot of CMS in php which can be helped.
.net we have Service Stack to help you.
API's had to be fully independent from other world as well as within API method as well.
If you are able to achieve this, then you will surely create a good architecture.
I am in the middle of building a PhoneGap (Cordova) app which I would like to be able to talk to a Django site of mine. The steps needed to get the app working are:
Authenticate the user (stay logged-in across app restarts) (e.g. get session cookie from Django for communication with the service - where to store?). Note: The Django endpoint uses https.
When app receives push notification load some data from my django site.
Make selection on data and submit response back to my django site (will need the csrf token?)
I was able to sort out the push notifications but now I am wondering which solution would work best for the communication with Django.
As I understand there are two possible approaches:
Either to implement a REST service with something like tastypie or
try to setup the communication via ajax (e.g. jQuery)
At the moment I am thinking that going simply ajax might be the best approach since the app is fairly small and there are no additional requirement for a REST API.
It would be great if anyone could give me any pointers on how to solve this or share some experiece / code. Especially the steps of the authentication process are unclear to me.
I am not sure if this is still an open question but it is sure an interesting one.
I would strongly suggest on using the django-tastypie and you could start by using the docs which are indeed a great point of reference.
My experience until now has shown that I should always start by making my api clear(and rest) than choosing an easier faster solution(e.g. ajax) because if your app is a successful one, frameworks like tastypie help you scale.
The authentication process is pretty straightforward if you choose the basic one.
You just ask for the user credentials and there are many clients implementing the client side basic auth.
Fortunately, tastypie supports more than this. For example, the api authentication and you could read more here.
If you need anything else, please let me know.
Regards,
Michael.