Representational state transfer, or REST, is an architectural style for networking software to transfer information through the web.
1
vote
1answer
71 views
Is it correct to implement all the payment flow in the client rather than in the server?
I’m building a mobile app marketplace and I came to the point of integrating a payment tool. I'm using Mangopay, which has a nice workflow for making payments in a marketplace using its REST api. The ...
0
votes
1answer
37 views
sessions and stateless rest
I believe this question has been discussed to death.
I was reading up on REST and it says that it has to be stateless.
Yes i do understand there are application states and resource states.
Taking ...
0
votes
2answers
65 views
How to expose the database as the web service?
Currently my web-app is :
Tomcat + Jersey + business Logic + hibernate = Web Service
But due to 4 layers, performance of my web-app is not satisfactory. I have strong performance requirement.
I ...
0
votes
2answers
49 views
Microservices REST or AMQP, which case
I've read many articles concerning microservices architecture and I was wondering when to use AMQP or REST.
I've read that losing couple between services is a good thing and AMQP seems to be a good ...
1
vote
1answer
51 views
RESTful service layer with MVC
I need a advice on creating an architecture where I want API layer in between UI layer and business layer. UI layer should only consume REST services for displaying data.
Reason for doing this is ...
0
votes
2answers
38 views
Microservice, REST and AMQP
I m actually studying microservices architecture and I m having some trouble concerning API Gateway, REST API and AMQP.
In fact, I have read that the API Gateway is the entry point of the ...
0
votes
1answer
40 views
API Breaking Changes
I have a public REST API for creating new business profile records in my system. The request itself looks similar to this:
{
"BusinessName" : "AName",
"CurrencyCode" : "USD"
}
You can see ...
1
vote
1answer
43 views
REST API and user rights
I am developing an application using Angular and REST API and I'm facing a problem concerning user access right.
The application runs this way:
A user signup
The same user creates his organization
...
1
vote
1answer
27 views
Where to do post-processing of API call when used in MobileApp
Let's say I want to write an (iPhone) app, which tells you if you are in manhattan or not. This query involves additional computation after a google map API call (and is of course just an example).
...
-4
votes
1answer
52 views
REST and types of caching [closed]
Isn't it a code smell to have a "domain model caching" behind a REST API, given a "client key"? I have read that REST is supposed to ensure there is no affinity between clients and servers (the server ...
4
votes
2answers
77 views
REST API security Stored token vs JWT vs OAuth
I am still trying to find the best security solution for protecting REST API, because the amount of mobile applications and API is increasing every day.
I have tried different ways of ...
0
votes
1answer
51 views
How to avoid LazyInitializationException using Hibernate and Jersey
I am working with Spring Boot + Jersey + JPA/Hibernate to build a RESTful API. The issue I am encountering right now is when I have a relationship in my JPA Entity that is lazy loaded I get a lazy ...
1
vote
0answers
39 views
Server responding with UI logic, String representations of data as string over flags
I think there isn't a large enough degree of separation between Business Logic, Data and Presentation in some of our products. I'm trying to explain this to collegues but I'm finding it difficult as I ...
3
votes
4answers
116 views
What HTTP status using for REST search query which returns nos results
I'm wondering how to manage empty results returned by search queries in a REST web-service :
I there was a query like my_ressource_collection/{id} and the resource didn't exists i would return 404 - ...
3
votes
1answer
85 views
How should I pass login data from client to server using REST API
I want to create a new session, the new session will be created by logging in (naturally).
Should I pass the username and password:
via URL (POST request to ...
0
votes
2answers
96 views
How to secure public REST API endpoints?
Actual state
I have REST API and React JS application that communicates with this API. In the API there are some public endpoints - for user registration, processing lost password etc. And I am ...
1
vote
1answer
54 views
I am able to use PUT to act like GET when using my REST API
I wrote a simple REST API (just learning) using Go and I am calling it using python requests. I have two methods, "update_x", which updates the value of the resource, "get_x_times_n" which gets the ...
1
vote
3answers
91 views
Service oriented web architecture speed
Imagine a simple service architecture setup: single server where I have one service acting as a REST API (PHP), another service for rendering frontend (nodejs), and maybe a database service.
They all ...
2
votes
1answer
122 views
REST API security: HMAC/key hashing vs JWT
I just read this article that is a few years old but describes a clever way of securing your REST APIs. Essentially:
Each client has a unique public/private key pair
Only the client and the server ...
5
votes
5answers
286 views
OAuth2 ROPC vs Basic Auth for public REST APIs?
The specific use case I'm interested in here is authenticating REST clients against publicly-available server endpoints (such as a public REST API).
The simplest solution here is Basic Auth. But I ...
0
votes
2answers
123 views
Too many REST API calls on a page?
A web app designed with highly modular, small components (in this case using AngularJS directives but could just as easily be WebComponents, ReactJS components, or any other technology). Components ...
2
votes
3answers
88 views
How to consume standard routed API in a clean way?
Let's take an example of a generic API endpoint that looks as follows:
https://api.imgur.com/3/gallery/{section}/{sort}/{window}/{showViral}/{page}
Conditions on this endpoint are as follows:
...
2
votes
2answers
100 views
Designing a REST API: setting business logic error codes in http headers or within the response payload
I am designing a REST api backend that is meant to be consumed by a javascript front-end.
I am not sure how to communicate server-side business logic errors (e.g. a user trying to retrieve his ...
1
vote
2answers
162 views
How do I prevent people from abusing my endpoint that accepts files? [duplicate]
So I have a Django app hosted on Heroku that has an endpoint which accepts image uploads. The images are saved to my AWS bucket, which is charged to me. Right now, I am able to upload images by making ...
4
votes
2answers
133 views
Rest design - Multiple calls vs returning all data in one call
I am trying to build a rest API for an android app. Suppose I have a users table with (id, name, email) and a songs table with (id, song_name, album) and a rich join association between them as ...
2
votes
0answers
66 views
Architecture: mobile apps for different clients with their own dbs different servers?
My general feeling is that this is a question which must have been answered but I am struggling to find resources for it. I know little about mobile app dev but my knowledge of web services is pretty ...
1
vote
2answers
80 views
REST autocomplete endpoint design
We're designing a rest endpoint for retreiving name autocompletion suggestions for hotel names.
Currently it's defined like this: GET /suggest/:term, so that if you queried `/suggest/hil' you would ...
0
votes
1answer
37 views
Combining Fitnesse, .NET and RESTful APIs
I know there is Fitsharp for combining Fitnesse and .NET. And there is RestFixture to combine Fitnesse and REST.
Is there a way to test a RESTful service with Fitnesse under .NET?
If not, is there ...
1
vote
1answer
105 views
Rest Client API design and implementation (with RestEasy)
I am working on a design to create a generic rest client for our application for current and future integration's with multiple services (different external systems). Following is a high level diagram
...
2
votes
2answers
135 views
Restful User/Password Authentication
I'm currently designing a REST-API with the following properties:
Backend for a single page application (Later Apps)
Integrated user database for each instance
HTTPS/TLS only
Authentication with ...
15
votes
1answer
326 views
Rest APIs - mobile specific challenges
I'm working on a new iOS app project, on the mobile side. Some architecture changes are happening and it turns out we will have to rely on a custom built private API that will be used by the app we ...
5
votes
3answers
121 views
Designing CRUD part of an HTTP API
This question is in the context of web based applications. A web server
exposing an HTTP api for clients (e.g. running in a browser but not
necessarily). Usually the web server would be connected to ...
1
vote
1answer
88 views
Handling Many to Many Relationship using Restful Uri
I am having confusion while choosing a database relation and Restful URI for application I am developing.
I am making a simple library application with following requirements.
Book can belong to ...
1
vote
2answers
59 views
Good practice to save the last time user accessed the app
Using a JWT authentication, the user doesn't have to log in each time he uses my app.
I would like to save in DB the last time the user used/opened the app.
Technically, I have a set of REST API ...
0
votes
1answer
105 views
Asp.net MVC web application and iOS mobile app
I am currently writing a web application in ASP.NET MVC, so far it is mostly a simple CRUD web app. The database is hosted on the cloud and I am using Entity Framework to interact with it.
I know ...
0
votes
0answers
68 views
Better Approach for retrieving multiple RESTful calls
I have an Android application that associates bluetooth beacons with data that is retrieved from a server via RESTful calls.
Once the app is launched, we have a page with a table that is being filled ...
1
vote
1answer
65 views
Field level permission checks for REST API - is this validation?
Let's say that we have some sort of "schema" for a rest resource, something like (pseudocode):
ExampleResource:
field1 = field(validate=is_string())
field2 = field(validate=is_int())
...
0
votes
0answers
34 views
SPA with RESTful backend
I'm building an app based on ng-seed which is angular setup with routing out of the box. I'm backing the app with a rest interface of which I aim for Richardson level 3 compliance.
Often it seems ...
2
votes
3answers
147 views
Best practice for a REST-ful API where objects would naturally have a “/” in their identifier
I am designing a REST api for a document management system. To make the API more natural, I thought about using the natural identifier for a file, which is it's path (usually having forward slashes ...
1
vote
0answers
121 views
Why does convention say DB table names should be singular but RESTful resources plural?
It's a pretty established convention that database table names, in SQL at least, should be singular. SELECT * FROM user; See this question and discussion.
It's also a pretty established convention ...
3
votes
1answer
51 views
How to handle mismatched request body and content-type header?
If someone makes a request with a Content-Type that doesn't match the syntax of the request body, how should the server respond? Is there a standard way of handling this (seems like there would be), ...
-2
votes
1answer
75 views
Less PHP request to REST API
I had an argument with my PHP developer today who tried to convince me that REST API has to provide all the request from PHP since a server is faster than client devices such as desktop. As I am a ...
1
vote
2answers
172 views
What is a good way for Tomcat to interact with another Java application running on the local machine
I'm new to using Java within a web environment. At the moment I have a Java application that we run on a local machine, we'll call it the server app. We want to add the ability to communicate with ...
2
votes
2answers
104 views
Why use a unique hashkey for form submissions?
I have multiple forms and use AJAX to submit them. I asked my boss if he needed any specific format for the form ID and he told me to generate a unique hash and keep it in session; check it whenever ...
0
votes
0answers
26 views
Resource manager for restful service
I was just brought onto a project with a service oriented architecture. There is a central WCF "profile service" that all projects call to get information on users etc.
That central profile service ...
2
votes
5answers
831 views
Securing ajax calls to rest api
I need for my app to consume a rest api service and since I will call it from javascript/jquery i need to expose it to the end user.
In this case I would also need to expose credentials to the end ...
2
votes
1answer
110 views
How can I create a RESTful-style website if HTML forms only allow to use GET and POST?
Let's say that I want to create a website where users will be able to create, edit and delete some kind of resources, for example posts.
I have created a RESTful API, so user can create a post by ...
0
votes
1answer
173 views
When to implement WCF Rest Service and WebApi
I have gone through many articles to understand why we need WebApi's when we can create restful architecture using WCF rest services but could not find some solid reason. Can we use these ...
2
votes
1answer
76 views
REST API paging via headers
Let's say I have REST API which provides me list of something and I want to implement paging support - possibility to tell "give me records 20-29 (page 3)". Currently, I don't care about ...
2
votes
1answer
76 views
what the best practice in REST to append or delete to a list
Suppose
GET /users/<id>
{
user_id : "asdasdas-da-sd-asd-as-d",
firs_name : "asdasd",
....
department : [{
id : "asdas-da-sdasd-asd",
name : "asdasdasdasd",
...
...
