restful-architecture

I am writing a RESTful API for a fairly complex web application (further referred as api.mywebapp.com) The requirements include that api.mywebapp.com should handle: API level authentication (authorizing client application eg.: mobile app) User level authentication (authorizing www.mywebapp.com registered users so they can access their protected resources) Usage example: Mobile application connects to the https://api.mywebapp.com with a valid basic HTTP authorization header (Authorization: Basic [base64_encoded_username:password]) api.mywebapp.com authenticates mobile app and on successful

OK, I know already all the reasons on paper why I should not use a HTTP GET when making a RESTful call to update the state of something on the server. Thus returning possibly different data each time. And I know this is wrong for the following 'on paper' reasons: HTTP GET calls should be idempotent N > 0 calls should always GET the same data back Violates HTTP spec HTTP GET call is typically read-only And I am sure there are more reasons. But I need a concrete simple example for justification other than "Well, that violates the HTTP Spec!". ...or at least I am hoping for one. I have also

I have an existing app, that runs in tomcat. Now I am evaluating dropwizard for my new rest webservices. Now, dropwizard comes with inbuilt jetty. How do I deploy it with my tomcat container and not with its jetty container? You can't do this. Dropwizard embeds Jetty. You should look into just using Jersey as a standard web application. It makes a lot of sense to roll out your application as a jar, but sometimes you are bounded by company/enterprise standards and you're obliged to deploy on a given application server in production. 'Dropwizard in a box' ( https://github.com/rvs-fluid-it/wizard

Sometime back I developed a Restful service in Java with only 1 GET resource. It was accessed like this: GET http://localhost:8080/my-project/customers/transactions This GET request returns all the customer transactions. Now, I have another project request where they want to insert customer transactions in a different schema in same database. I thought instead of creating other service I could enhance this service since underlying database is same and it's about customer transactions. So, I created another method in my service interface createCustomerTransactions and I am thinking to name it

Objectives My objective was to send some extra (non-defined) properties with an entity Product. For example in an an AngularJs listing view, I need to show some products as links(accessible) and others not accessible based on the permissions calculated from current user (which I get from session)' data and the productId. What forces me to have this problem Now, Odata doesn't allow me to add extra properties while sending a IQueryable result like this. public IQueryable<Product> GET() { return db.Products.AsQueryable<Product>(); } simply because the returning type is Product and adding extra

Im trying to send a local file by client curl app. I found some examples to do that with files from a form. In my case, I have no form, but a local file. $fileName = $_SERVER["DOCUMENT_ROOT"]."/www/images/test.pdf"; if(!file_exists($fileName)) { $out['status'] = 'error'; $out['message'] = 'File not found.'; exit(json_encode($out)); } $data = array('name' => 'Foo', 'file' => '@'.$fileName); $cURL = curl_init("http://myapi/upload-images"); curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true); curl_setopt($cURL, CURLOPT_POST, 1); curl_setopt($cURL, CURLOPT_POSTFIELDS, $data); $response = curl_exec(

The HTTP/1.1 standard states that if a POST operation results in the creation of a resource, then the response should include a Location header with the address of the new resource. If a resource has been created on the origin server, the response SHOULD be 201 (Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header (see section 14.30). and in section 14.30, For 201 (Created) responses, the Location is that of the new resource which was created by the request. Now suppose that my API allows batch creation of resources by

I create a wcf service as you can see : [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "Admin")] [WebInvoke(Method = "GET", UriTemplate = "/Data/{data}")] string GetData(string data); So I create a custom authorize as you can see : public class AuthorizationPolicy : IAuthorizationPolicy { string id = Guid.NewGuid().ToString(); public string Id { get { return this.id; } } public System.IdentityModel.Claims.ClaimSet Issuer { get { return System.IdentityModel.Claims.ClaimSet.System; } } // this method gets called after the authentication stage public bool Evaluate