When creating a new activity, input and output parameters are not separated as it was need in v2. How does the design automation service distinguish between them?
Is it via the verb? I hope not, because sometimes there are poorly designed Rest-APIs or GraphQL endpoints that require a POST request for receiving data.
You are correct!, it is via verb - based on type of verb, Design Automation service takes an action if it requires to download the resource (get) or upload the resource (put | post) etc, V3 also supports other types of verbs like read, patch etc.
Related
What is the correct way to hit an internal Foundry API from a Code Repository using, for example, a Python transform?
This is possible but somewhat discouraged because of the security impacts. Specifically the token that is used to call the API. Historically, Foundry jobs were run with the building user's complete token. This allows making any API call the user could make, but could be abused by a nefarious actor. Therefore most build today use a project-scoped token which can only read and write datasets, and not make API calls.
Thus you must either un-project-scope the repository so that it uses user tokens, which can be done through the Jemma API, or by supplying a hard-coded token, which can be done through a secured dataset with an appropriate marking, but be aware anyone who can read this dataset could steal the token.
A product support solution called logic flows is coming to make this process smoother.
Once you have a token making the API calls is similar to any other API. Here's an example in python, there's more information in the documentation.
URL = f"https://foundry.url/stemma/api/repos/{repo}/checks"
headers = {
"Authorization": "Bearer " + token
}
req = requests.get(URL, headers=headers)
if req.status_code > 299:
continue
req_json = req.json()
Currently the functionality for accessing Foundry APIs from within a Code Repository is not by default supported.
Because of the mentioned Foundry limitations and project scoped tokens, we create dedicated Service Accounts for automations, create a bearer token for the service account and store it in a dataset which we secure with a Marking. In the transform where we use the token to make api calls, we stop_propagating the Marking to downstream transforms.
This is, unfortunately, rather cumbersome and we are looking here at Palantir's product development team for a better solution.
I have 2 different restful api-s, and I would like to use Tyk for gateway.
My plan is to have a common url (like: http://viktorservices) which can towards messages to those two api endpoints.
For example, the first api is a user manager api, and has an endpoint:
GET: http://localhost:8080/usermanager/users
And the other api is a car manager api, and it's endpoint:
GET: http://localhost:8081/carmanager/cars
Is it possible somehow, to upload a Swagger JSON for the Tyk Catalog (For developer portal) to be able to se only one API called: User and Car Manager?
And when I click on "View Documentation" in Tyk's developer site, all of the endpoints from both APIs are visible, grouped by their main API names?
I tried to put the two swagger jsons into one as an array, but then it is not visible on the Developer Site.
I am able to upload the swaggers one by one, but then I will have two API-s on the Dev site of Tyk.
I think the main point here is that developer portal documentation/swagger does not have to correlate with the actual APIs you have. Portal gets organized by catalogues/policies. So you can have multiple internal Tyk APIs, but expose them as the single catalog in Portal, by creating Policy which gives access to both APIs. So, just create new "public" swagger file for documentation purpose, which includes endpoints from both of your internal APIs.
Does it make sense?
have been with mvc for a little while. the usual case when an action returning json, it is initialized by ajax in the view and the view is expecting info inside the json.
is there a case the action returning json to the view and is caught by something else instead of javascript? Thanks.
Yes, a JSON API can be consumed by a large variety of clients. It can be the browser sending an AJAX request, but it can also be a desktop application fetching data from the Internet, a server-side job scraping the data for analysis, etc.
For example, let's say you're running a stock exchange website, and you're publishing current stock values as JSON. You can use that JSON on your website to display the data, but you (or any other developer) can also write a desktop application which will get that data and process it on a local machine (to, for example, show the user which stocks they should buy). Or aggregate data from different sources.
Many websites make their APIs public, so that third party developers can write alternative clients, integrate the API's functionality in their own products, and so on. For example, GitHub's APIs are public - the GitHub website can utilize them for the AJAX requests, and GitHub for Windows can show you the list of repositories you own by making a request to that API using C#'s WebClient.
Once I have created my Web App with Zend2 , zfcUser and bjyAuthorize it's time to create the mobile App.
Our approach is to create and app with a json interaction with the Zend2 background.
The problem is that I don't know where to start in order to deal with a jSon Auth. Is possible wit zfcUser? any example out there?
Thanks in advance
ZfcUser module provides support for additional authentication mechanisms via plugins (Google, Facebook, LDAP, etc), but this feature seems to be in development now.
If you need that your mobile application to authenticate through some custom protocol based on JSON format, all you have to do is to create a controller action (say, mobileAuthAction()) which takes a JSON array with user credentials from POST, uses zfcUser API to authenticate the user, and return the response in JSON format. You may also look at view_manager configuration key to adjust the rendering strategy for your action to allow it to return JSON. Alternatively, you may call the $viewModel->setTerminal(false) to disable the layout rendering and echo your JSON to standard output.
I have a website where you can request data using ajax from our servers as json (only to be used on our site). Now i found that people start using our requests to get data from our system. Is there a way to block users from using our public json API. Ideas that i have been thinking about is:
Some kind of checksum.
A session unique javascript value on the page that have to match server-side
Some kind of rolling password with 1000 different valid values.
All these are not 100% safe but makes it harder to use our data. Any other ideas or solutions would be great.
(The requests that you can do is lookup and translations of zip codes, phone numbers, ssn and so on)
You could use the same API-key authentication method Google uses to limit access to its APIs.
Make it compulsory for every user to have a valid API key, to request data.
Generate API key and store it in your database, when a user requests one.
Link: Relevant Question
This way, you can monitor usage of your API, and impose usage limits on it.
As #c69 pointed out, you could also bind the API keys you generate to the API-user's domain . You can then check the Referer URL ($_SERVER['HTTP_REFERER'] in PHP), and reject request, if it is not being made from the API-user's domain.