dokucama

User Tools

Site Tools

Trace: restapi desktop_applications
scripting:restapi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
scripting:restapi [2022/09/06 19:39] jotasandokuscripting:restapi [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 1: Line 1:
- **__POSTMAN TUTO__**\\ +__REST API (OR REST-API)__ 
-INSTALL POSTMAN: [[https://learning.postman.com/docs/getting-started/installation-and-updates/#installing-postman-on-linux|External Link]]\\ +\\ 
-  ~Download it in Downloads folder +__BUILDING THE URL__ 
-  sudo tar -xvzf ~/Downloads/Postman-linux-x64-7.33.1.tar.gz -C /opt +\\ 
-  sudo ln -s /opt/Postman/Postman /usr/bin/postman+[[https://mydevice.mycompany.com/getstuff?queryName=errors&queryResults=yes]] 
 +\\ 
 +  Parameters 
 +    Terms 
 +  * Endpointendpoint is the whole URL. Leftside is Domain name; Rightside is URI 
 +  * A group of **resources** is called a **collection.** [[https://openclassrooms.com/en/courses/6121936-build-your-web-projects-with-rest-apis/6268226-use-rest-resources-and-collections|External Link]]  
 +   
 +  * method, headers, data(body) [[https://www.smashingmagazine.com/2018/01/understanding-using-rest-api/|External Link]]
  
-  * PASSWORD MANAGEMENT: For authentication, providing credentials are static, we do: Basic Auth > Update Request > [Check headers to see authorization token is generated] > Test > Save it  +---- 
-    * Other popular authentication methods: 'token bearer' ; token created manually in the header (header tab: key : 'Authentication' value :' Token ee8jgfjhfkhvhjvjh1'  +FILTERS:
-  * CODE GENERATED: Note verify=False for the ssl verification & removed: cache-control and postman-token +
-{{:scripting:postman1.png?600|}}+
  
-  * Accept headerNote that this is misleading. It goes in the request (GETand specifies **the media types which are acceptable for the response**.+  * [[https://example.com/api/sp/alerts/?filter=/data/attributes/alert_class=dos%20AND%20/data/attributes/importance=2&page=10]]  
 +  * Match booleans: ongoing.eq.true  ; match with numbers : attributes/ip_version.eq.4 
 +\\ 
 +  * The URL above has **two parameters** separated by **&** 
 +    * The second parameter has **two terms** separated by ' AND ' 
 + 
 + 
 +  * If we are told to separate anything with Space, this is how is encoded in the URL : ''%20''. So, if we need something like ' AND ' we encode it as: ''%20AND%20'' 
 +    * [[https://www.w3schools.com/tags/ref_urlencode.ASP|URL_encoding_reference]] 
 + 
 + 
 +__SECURITY__ [[https://restfulapi.net/security-essentials/|External_Link]] 
 +  * CREDENTIALS: 
 +    * Token bearer 
 +    * Non-standard token (in the header itself)
 +    Content-Type : Content-Type 
 +    X-Arbux-APIToken : xxxxxxx 
 + 
 +__Rest API resource ''internals''__ [[https://medium.com/@h4t0n/rest-api-uuid-v3-is-the-right-way-3ca0695610dc|LINK]] 
 +\\ 
 +  REST API should expose named UUID-V3 identifierUUID should be generated from the resource logical key 
 +  * BACKEND should use/store numeric (ID) primary keys for its logics  
  
  
 ---- ----
 +
 +  * [[https://restfulapi.net/security-essentials/|Security_Principles]]
 +  * Sample domains:
 +    * [[http://ip.jsontest.com]]
 +    * [[https://www.w3schools.com/python/demopage.js]]
 +
 +----
 +
  
 **CURL** **CURL**
 \\ \\
-**TODO: curl most common flags**+**TODO: curl most common flags** [[https://gist.github.com/eneko/dc2d8edd9a4b25c5b0725dd123f98b10|External Link]] 
 +  * -H (header) 
 +  * -X (request verb to use. Example -X PUT)
 \\ \\
 **CRAFTED REQUESTS**\\ **CRAFTED REQUESTS**\\
Line 41: Line 77:
 Also see curl examples in [[https://softbackbone.duckdns.org/doku.php?id=network_stuff:linux|External Link]] \\ Also see curl examples in [[https://softbackbone.duckdns.org/doku.php?id=network_stuff:linux|External Link]] \\
  
-  curl --socks5 127.0.0.1:1080 -X GET --header 'Accept: application/json' --header 'X-CSRFToken: WBC93zWg6SMnpzs6vvBXnejzLzpJJQ4LSeuGHsHVbeSHDa7cwlWcrwyGL8v1CTOn' 'http://netbox.uswest-cluster.aws.mycompany1.co.uk:8080/api/dcim/devices/' +  curl --socks5 127.0.0.1:1080 -X GET --header 'Accept: application/json' --header 'X-CSRFToken: XXXXYYYY' 'http://netbox.uswest-cluster.aws.mycompany1.co.uk:8080/api/dcim/devices/'
- +
----- +
-__BUILDING THE URL__ +
-\\ +
-  * Parameters +
-    * Terms +
- +
-[[https://example.com/api/sp/alerts/?filter=/data/attributes/alert_class=dos%20AND%20/data/attributes/importance=2&page=10]]  +
-\\ +
-  * The URL above has **two parameters** separated by **&** +
-    * The second parameter has **two terms** separated by ' AND ' +
- +
- +
-  * If we are told to separate anything with Space, this is how is encoded in the URL : ''%20''. So, if we need something like ' AND ' we encode it as: ''%20AND%20'' +
- +
-__CREDENTIALS__ +
-\\ +
-  * Token bearer +
-  * Non-standard token (in the header itself): +
-    * Content-Type : Content-Type +
-    * X-Arbux-APIToken : xxxxxxx +
- +
-__Rest API resource ''internals''__ [[https://medium.com/@h4t0n/rest-api-uuid-v3-is-the-right-way-3ca0695610dc|LINK]] +
-\\ +
-  * REST API should expose named UUID-V3 identifier. UUID should be generated from the resource logical key +
-  * BACKEND should use/store numeric (ID) primary keys for its logics   +
  
 ---- ----
Line 153: Line 162:
 \\ \\
 **__THE HTTP HEADER__** **__THE HTTP HEADER__**
-  * [[https://code.tutsplus.com/tutorials/http-headers-for-dummies--net-8039]]+  * [[https://en.wikipedia.org/wiki/List_of_HTTP_header_fields|List_of_HTTP_headers]]
   * [[https://www.websparrow.org/misc/how-to-view-http-headers-in-mozilla-firefox]]   * [[https://www.websparrow.org/misc/how-to-view-http-headers-in-mozilla-firefox]]
  
Line 169: Line 178:
   Cache-Control: no-cache   Cache-Control: no-cache
  
- 
-\\ 
 METHOD \\ METHOD \\
   * GET - used when retrieving data   * GET - used when retrieving data
Line 184: Line 191:
  
 \\ \\
-AUTHENTICATION+AUTHENTICATION [[https://blog.restcase.com/4-most-used-rest-api-authentication-methods/|External Link]]
 \\ \\
   * You need to know the authentication type to use. Basic HTTP, and OAuth are common types.   * You need to know the authentication type to use. Basic HTTP, and OAuth are common types.
   * Authentication credentials   * Authentication credentials
-\\ 
 \\ \\
 CUSTOM HEADER: CUSTOM HEADER:
   * Does the API require you to send any HTTP Headers?   * Does the API require you to send any HTTP Headers?
   * Example: Content-Type: application/json   * Example: Content-Type: application/json
-\\ 
 \\ \\
 REQUEST BODY\\ REQUEST BODY\\
 JSON or XML containing data that is needed to complete request can be sent in the body of the request JSON or XML containing data that is needed to complete request can be sent in the body of the request
 +\\ 
 +CONNECTION:\\ 
 +Only values are ''keep-alive'' or ''close''
  
 ---- ----
Line 210: Line 217:
  
   console.log(myObj.People[1].Lastname); # in js code and in json with top level code as curly, will access the second curly brackets inside the tlc and then to the value associated to the 'LastName' in that curly block. see DevNet(43) video for more info.   console.log(myObj.People[1].Lastname); # in js code and in json with top level code as curly, will access the second curly brackets inside the tlc and then to the value associated to the 'LastName' in that curly block. see DevNet(43) video for more info.
 +  
 +  
 +----
 + **__POSTMAN TUTO__**\\
 +INSTALL POSTMAN: [[https://learning.postman.com/docs/getting-started/installation-and-updates/#installing-postman-on-linux|External Link]]\\
 +  ~Download it in Downloads folder
 +  sudo tar -xvzf ~/Downloads/Postman-linux-x64-7.33.1.tar.gz -C /opt
 +  sudo ln -s /opt/Postman/Postman /usr/bin/postman
 +
 +  * PASSWORD MANAGEMENT: For authentication, providing credentials are static, we do: Basic Auth > Update Request > [Check headers to see authorization token is generated] > Test > Save it 
 +    * Other popular authentication methods: 'token bearer' ; token created manually in the header (header tab: key : 'Authentication' value :' Token ee8jgfjhfkhvhjvjh1' 
 +  * CODE GENERATED: Note verify=False for the ssl verification & removed: cache-control and postman-token
 +{{:scripting:postman1.png?600|}}
 +
 +  * Accept header: Note that this is misleading. It goes in the request (GET) and specifies **the media types which are acceptable for the response**.
scripting/restapi.1662493178.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki