When I go to this URL in Firefox Developer https://itunes.apple.com/search?term=mozart, it asks me if I want to download a file called 1.txt containing the results in JSON, but I want to see them directly on my browser.
That may be because the Itunes API doesn't have the content-type: application/json header in its responses (the header is content-type: text/javascript; charset=utf-8), but I cannot find another simple API that doesn't require authentication to teach someone how REST APIs work (Twitter, Facebook, Google Maps all require a token). I don't want to use Postman or something like that, it would only confuse this person.
So I seek help here, either to see the Itunes responses directly on my browser, or to find another API where there isn't this problem.
Thank you for your help.
Type about:config on your address bar
Search for 'devtools.jsonview.enabled'
If the status is not default, right click on the line and select 'Toggle'
After that the json should start appearing on the page
Related
I am a total newb to API and json so this might be basic. But couldn't find a solution by googling.
I want to change e-shop order status via API by clicking a hyperlink in an e-mail.
I activated an API and managed to change the order status by Postman by following command:
PUT {url}/api/v2/orders HTTP/1.1
Content-Type: application/json
Authorization: Basic {abcdefgh}
{
"orders": [
{
"order_number": "00001",
"status_id": "16",
}
]
}
Is there a way how to run this command by simply clicking a hyperlink?
And should I be concerned about security since the authorisation is hardcoded there?
CHeerS!
Email clients for safety reasons do not support the execution of scripts or anything else other than a GET request. As this would require the use of javascript/jquery to build up a payload and call the API with said payload.
You will need to take the client to a secure page to sign in and manage their order.
The hyperlink can perhaps take them to a sign-in page or register page.
Token authorization might work with email being the verification taking the user to a page to see their orders. But again, you won't be sure an authorized person opens the email.
Regarding hard coding any type of authorization, that is a big no.
Since clicking a hyperlink in an email is the same as typing out the address in the browser bar, you can't make POST requests through it. One way of doing what you want is to generate a onetime-use token, and simply put it in the url. When the user clicks the kyperlink, the GET request to the server will contain the token, which can be used for validation.
Is there a way how to run this command by simply clicking a hyperlink?
Not in general, no. Clicking on a link in an e-mail issues a GET request, which can't contain a body. That is: your "orders" JSON won't be included. It also won't know to include the Authorization header.
As far as I know, no common e-mail clients allow you to issue PUT or POST requests.
So: could you encode the request in the URL, and use a GET request instead? Absolutely you could. Don't do this.
There are several reasons for this. The most important is the one you mention:
And should I be concerned about security since the authorisation is hardcoded there?
Hardcoding authorization is a bad idea in general, but particularly in an email: (1) you can't guarantee that an email is encrypted, which exposes the credentials to anyone who can capture the message; (2) if you forward the email to me, I now have your credentials.
Moreover, if you include the authorization in the URL, that's now in the user's browser history, and if they share the link with anyone ("hey, look at this deal on paperclips!"...), well: same as above.
I have a lightweight node.js module that needs to pull from google drive. They have a REST/HTTPS interface but AFAICT it's only accessible via their SDK. I want to use REST/HTTPS so I don't have to use an SDK. Is this possible for file download? For file find (file:list e.g. https://developers.google.com/drive/v3/reference/files/list)?
I don't understand why you think it's only accessible using an SDK. The link you posted clearly shows the URL endpoint, lists the optional parameters and gives the format of the JSON response.
If you click "Try it now" and open your browser console, you will see the http request and response which you can mirror in your app.
The only thing you also need to consider is that before making a REST request to Google, you must obtain an Access Token and set it in an Authorization: Bearer xxxxxxxx header, or provide it as a query parameter as &access_token=xxxxxxxxx
Today the Facebook oauth login to my website broke. I fired up the debugger and found that parsing the access token was failing. This appears to be because Facebook changed the format of the oauth response. It used to be CGI parameters:
access_token=EAAFO...cBUZD&token_type=bearer&expires_in=5183996
But all of a sudden it appears to be coming over as JSON:
{"access_token":"EAAFO...cBUZD","token_type":"bearer","expires_in":5183996}
The fix in my code looks pretty simple. I just need to change the parser from a CGI parser to a JSON parser and get the same variable that I'm interested in: access_token.
My question is about versioning of this. I don't like it when my site breaks.
Why did Facebook change this? Is this change documented? Is there some sort of versioning on Oauth that I should be using to prevent breakages like this? How do I get notified of future changes to Oauth by Facebook?
The Facebook API upgrade tool does not list any changes that I need to my app for the latest version of the API. In any case, none of the URLs that I'm using for Oauth appear to have a version number embedded in them:
https://www.facebook.com/dialog/oauth
https://graph.facebook.com/oauth/access_token
As WizKid states, it was announced in Facebook Developers Changelog two years ago under the title "[Oauth Access Token] Format". Facebook does have a tool to try to find things that will break, because of API changes, but it didn't alert this one.
You can put API version numbers into Oauth URLs for Facebook. With version numbers, the flow for Facebook login is:
Redirect the user to https://www.facebook.com/v2.9/dialog/oauth with a bunch of required parameters such as your client id, the list of permissions you are requesting, and a return URL.
Facebook lets the user log in, asks them to accept the permissions you requested, and then redirects them back to your site with a "code" parameter
Server-side you contact https://graph.facebook.com/v2.9/oauth/access_token with that code (and some other stuff) as parameters. Facebook responds with a token
Server-side you contact https:///graph.facebook.com/v2.9/me with that token to request information about the user
This is the process that is pretty much documented here: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
I am trying to get started with REST API calls by seeing how to format the API calls using a browser. Most examples I have found online use SDKs or just return all fields for a request.
For example, I am trying to use the Soundcloud API to view track information.
To start, I've made a simple request in the browser as follows http://api.soundcloud.com/tracks/13158665.json?client_id=31a9f4a3314c219bd5c79393a8a569ec which returns a bunch of info about the track in JSON format
(e.g. {"kind":"track","id":13158665,"created_at":"2011/04/06 15:37:43 ...})
Is it possible to only to get returned the "created_at" value using the browser? I apologize if this question is basic, but I don't know what keywords to search online. Links to basic guides would be nice, although I would prefer to stay out of using a specific SDK for the time being.
In fact, it's really hard to answer such question since it depends on the Web APIs. I mean if the API supports to return only a subset of fields, you could but if not, you will receive all the content. From what I saw on the documentation, it's not possible. The filters only allow you to get a subset of elements and not control the list of returned fields within elements.
Notice that you have a great application to execute HTTP requests (and also REST) in Chrome: Postman. This allows to execute all HTTP methods and not only GET ones and controls the headers and sent content and also see what is received back.
If you use Firefox, Firebug provides a similar thing.
To finish, you could have a look at this link to find out hints about the way Web APIs work and are designed: https://templth.wordpress.com/2014/12/15/designing-a-web-api/.
Hope it helps you and I answered you question,
Thierry
Straight from the browser bar you can utilize REST endpoints that respond to a GET message. That is what you are doing when you hit that URI, you are sending an HTTP GET message to that server and it is sending back a JSON.
You are not always guaranteed a JSON, or anything when hitting a known REST endpoint. What each endpoint returns when hit with a GET is specific to how it was built. In that case, it is built to return a JSON, but some may return an HTML page. In my personal experience, most endpoints that utilize JSON returns expect you to process that object in a computer fashion and don't give you a lot of options to get a specific field of the JSON. Here is a good link on how to process JSON utilizing JavaScript.
You can utilize REST clients (such as the Advanced REST Client for Chrome) to craft HTTP POST and PUT if a specific REST endpoint has the functionality built in to receive data and do something with it. For example, a lot of wiki style REST endpoints will allow you to create a page with a specifically crafted HTTP POST with either specific header information, URI parameters or a JSON as part of it.
you can install DHC client app in your chrome and send request like put or get
I currently have a hangout application and I'd like to add some collaborative functionality to it given the realtime API.
Following the realtime API quickstart guide (adding two text areas and a button to authorize with), I've added the relevant code to the hangout XML module(Is this the correct name for this?)
It looks like, however, whenever I click the "authorize" button from within the google hangout instance, the page might refresh (or something?) and a GET request comes back with a: 400 (Bad Request) response.
Is there something I've overlooked?
Perhaps, some documentation I missed?
Is there a better approach to what I'm trying to accomplish?
EDIT: More information on the GET request and response from chrome's javascript console:
https://015isqam6kq3vfnd0h572bpk4rvnem82-a-hangout-opensocial.googleusercon…dgets/ifr?fileId=0B2FRfMTFpkH0S3RDUlhDMWNsbjQ&userId=103345858281489162915 400 (Bad Request) 015isqam6kq3vfnd0h572bpk4rvnem82-a-hangout-opensocial.googleusercontent.com…ets/ifr?fileId=0B2FRfMTFpkH0S3RDUlhDMWNsbjQ&userId=103345858281489162915:1
The page (where the hangout content should be) then shows:
"Missing or malformed url parameter"
The problem lies in the realtime-client-utils.js that the documentation provides.
The idea with the authorization is that upon authorization, it tries to redirect the page via window.location.href and adds parameters to the end of the URL.
Removing the redirect, setting the parameters in the parameters object manually, and restarting the authorization process fixes the problem.