Once again, support listens + delivers on a timely basis .. a formula that far too many organizations manage to not accomplish.
Keep up the great work, Vladimir!
8.3 - vote for OAuth support for exposed REST services.
Re: 8.3 - vote for OAuth support for exposed REST services.
Tom - V8.8 build 3137 - MySql / PostGres
Re: 8.3 - vote for OAuth support for exposed REST services.
This is excellent news, thank you support.Good news for those who need this feature. It WILL be included in the next version
Any Idea when the next version is due for release? .
Would it not be possible to make this security feature available in an Update?
-
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object.
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
This is news to me.aware_support wrote:Himanshu, why are you saying that? When you define REST properties of an exposed service you can exclude attributes from being encoded. Are you saying that this functionality doesn't work?Code: Select all
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object.
Its been discussed this on the forum before and its always been the entire data structure that gets returned (unless you make a DTO as the main file).
I wrote here:
This underscores the need for ability to control which attributes are made available/sent/returned by the Service.
I guess we have to wait for Vlad to officially say how to do this - or if this will be a future enhancement.
(ex. If you only want to return a list of Customers (name, address, phone), you certainly don't want all OutgoingEmails being sent.)
Remember, Himanshu started his project before the conference - previous to v8.
Is this some new ability "to exclude attributes" since v7?
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.
Jaymer
Aware Programming & Consulting - Tampa FL
Jaymer
Aware Programming & Consulting - Tampa FL
Re: 8.3 - vote for OAuth support for exposed REST services.
Jaymer,
You are correct AwareIM support to define certain attributes which are required to be exposed. I had must missed this section . Today, I still used most of the API outside AwareIM which gives more flexibility and control, so that also may be reason it was skipped. But I will give a try on this sooner.
Thanks for catching me!
You are correct AwareIM support to define certain attributes which are required to be exposed. I had must missed this section . Today, I still used most of the API outside AwareIM which gives more flexibility and control, so that also may be reason it was skipped. But I will give a try on this sooner.
Thanks for catching me!
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
-
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Himanshu,
could you please explain the following items on your list of issues:
When you expose a REST service it supports both GET and POST. Why this comment?
Why cannot you use credentials in a URL string or part of a JSON? Why do you specifically need a header?
Can you please explain this one in more detail? I don't understand what it is about.
could you please explain the following items on your list of issues:
Code: Select all
3. All are GET API, POST API is recommended for sending data from client to server.
Code: Select all
Not able to send credential data under using Authorization Header.
Code: Select all
6. When there are multiple records and API request does not have any data, No way to define response.
Aware IM Support Team
-
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
Multiple responses cannot be paged
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
Hi Support,
Below are the points with my understanding
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object. [I might had missed something, Anyhow AwareIM supports exposing of objects thanks Jammer for correcting me. I am going to give a try.] WORKING
2. Multiple responses cannot be paged
- There are situation in my recent projects where we need to page the size of return records accordingly.
There are 100 products records and client request for first set of 10 records and after next set 11-20 and so on. Right now I cannot imagine if that will work.
3. All are GET API, POST API is recommended for sending data from client to server.
- I have tested GET method works fine but when I try to send data on the same API using POST method putting parameters under body it fails. "HTTP Status 500 – Internal Server Error"
4. Not able to send credential data under using Authorization Header.
- Sending data under Authorization header is a basic security advisory. Because Url parameters are exposed to public which is not recommended.
6. When there are multiple records and API request does not have any data, No way to define response.
Example I have multiple addresses and there is API which pulls the Address data as response object.
{address [address1, address2]}
Now, when FIND Addresses does not return any record API response is empty.
Since I was using 70% of my API outside AwareIM which has there adavantage and it looks like may be I had missed something on AwareIM in this area. Will sure going to do quick test to take more advantage of AwareIM REST service.
Please correct me if still wrong on any above points.
Below are the points with my understanding
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object. [I might had missed something, Anyhow AwareIM supports exposing of objects thanks Jammer for correcting me. I am going to give a try.] WORKING
2. Multiple responses cannot be paged
- There are situation in my recent projects where we need to page the size of return records accordingly.
Here is the exampleNot true. The FIND action supports the LIMIT expression (see the Rule Language Guide). This should make it possible to extract only the specified page
There are 100 products records and client request for first set of 10 records and after next set 11-20 and so on. Right now I cannot imagine if that will work.
3. All are GET API, POST API is recommended for sending data from client to server.
- I have tested GET method works fine but when I try to send data on the same API using POST method putting parameters under body it fails. "HTTP Status 500 – Internal Server Error"
4. Not able to send credential data under using Authorization Header.
- Sending data under Authorization header is a basic security advisory. Because Url parameters are exposed to public which is not recommended.
6. When there are multiple records and API request does not have any data, No way to define response.
Example I have multiple addresses and there is API which pulls the Address data as response object.
{address [address1, address2]}
Now, when FIND Addresses does not return any record API response is empty.
Since I was using 70% of my API outside AwareIM which has there adavantage and it looks like may be I had missed something on AwareIM in this area. Will sure going to do quick test to take more advantage of AwareIM REST service.
Please correct me if still wrong on any above points.
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
-
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
Here is the example
There are 100 products records and client request for first set of 10 records and after next set 11-20 and so on. Right now I cannot imagine if that will work.
FIND Object WHERE ... LIMIT ParamObj.StartRange, ParamObj.RangeSpan
Code: Select all
when I try to send data on the same API using POST method putting parameters under body it fails. "HTTP Status 500 – Internal Server Error"
Code: Select all
Sending data under Authorization header is a basic security advisory. Because Url parameters are exposed to public which is not recommended.
Code: Select all
Now, when FIND Addresses does not return any record API response is empty.
Aware IM Support Team