So I had a scenario in which I have to request two different endpoints at the same time from a user for the performance test. How can this be achieved using Gatling?
Related
Assuming there is a mobile app that sends the mobile phone number to the backend, and the backend sends an SMS with a code to allow connection if the phone number exists. This works as intended.
But a user recently created many accounts and then made a script (?) that calls the backend route (10 times with 10 different accounts) then switches IP, calls the backend again with this new ip, etc. Every time they call the route, it generates a new SMS.
The only result is that many SMS are sent and it adds cost to the company.
Is there a way to prevent this?
Currently, a single user can not call more than 3 times the API without a successful login, but with many accounts rotation, it still generates a lot of SMS. And I guess the script can be improved.
Can we add protection API side, even if the IP changes and the headers are all correct?
In order to restrict actions to specific tokens I need to check if a request made to my api is made from an frontend or backend application.
I want to implement the same behavior like Stripe. Using a secret key on client side will result in an error.
So is there a safe way to check this?
The answer could be through the User Agent, but in fact there is no exact way to identify and differentiate whether a request came from a browser or from another API for example, as it is possible to manipulate the User Agent.
Well-behaved "bots" (like common search engine spiders) will identify themselves using a User Agent specific to them.
I'm developing an API that calls subscription and tenant information when a user logs in to azure through azure-cli.
When a user logs in to CSP(internally, CSP login is performed using az login --use-device-code), the user receives the url https://microsoft.com/devicelogin and a secret code.
After completing this process, the user's login information is left on our main server, and the user's subscription and tenant information can be called using this.
In the case of a single user, this process has no problem at all. But, when multiple users make a request at the same time, the information of only the user who made the last request is called.
In addition, another problem is that the main server's process is blocked until the process is finished when requested via azure-cli.
When multiple users request CSP login, what is the way to operate normally without blocking the main server and without overwriting user information?
For reference, the main server is FastAPI.
Based on what you have explained, it looks like you have a fast api server which exposes an api which the users use for login. The response from the api will be the device-login url and the device code for the client to use. All the subsequent calls will be done using this information.
So now the first problem is the main thread issue, where the api should not get block until the process is done.
For this you need to have asynchronous apis, which performs background jobs and inform the user when the task is complete or the user can request for the information periodically until the job status changes.
This means we will need to modify our fastapi server with something that can perform multi-threading, queue tasks and have some lookup cache.
The best approach I suggest is having a fastapi stack with the below libs:
Celery - an asynchronous task manager that lets you run and manage jobs in a queue.
RabbitMQ - a message broker that is used to communicate between the task workers and Celery
Redis - an in-memory cache (key-value store) for storing and retrieving values.
You can use the same Redis cache to solve your second problem asw well where you need to store and use multiple session information without overwriting. This will help you handle multiple session info or multiple user infor.
Please have a look at some sample projects from github below:
jjpizarro/fastapi-celery-1
CloudNua/fastapi-celery
I am creating a project that have two user roles, basic and partner users.
I have the end point /api/stores/:storeid/appointments
if the requester is basic user then this will send available appointments timings
if the requester is partner user then this will send requested appointments timings and should be able to modify them
keeping in mind each request has its own calculations and queries to send back data.
what i am thinking is to establish a new route like,
/api/partners/stores/:storeid/appointments
so i can process requests differently
is this a valid way of doing things or I should only have one route to the resource ?
then conditionally query and process the request
Iam trying to built multiple agents within api ai.i have devloped three agents and i want that agent a gets user queries and forward it to the other agents how can agent forward user queries to other agent and can get response from those two agent and show to the user
Agents cannot directly route queries between themselves. You could take a look at the query API from Dialogflow. In your fulfillment you can take the user request and send a query to the other agent, then return that response back to the user.