I'm trying to use the Assistant2 APIs inside my Web Application (Angular CLI project) with the ibm-watson library and the suggested Webpack Configuration.
But at runtime I get different CORS policy errors calling the Assistant2 APIs.
So it's possible to use the Assistant2 APIs via browser?? Or calls must be all made server side to avoid the CORS policy errors?
Well, Watson Assistant provides REST API that can be called from anywhere where there is access to IBM Cloud (which bacicaly means access to internet) - so from browser as well.
Now, while you can call the Watson Assistant REST API directly from the client-side browser, sometimes it might be beneficial to have a server doing the actual call as when you call the REST API from the browser then the user has access to the request and the response from the system. This means the user has access to context part of the dialog response which in some cases might not be desired (depends on the stuff that the author is storing in the context).
Related
So i want to develop a simple web application, which will basically be a basic form which on submission will allow to make an external api request. So are there any application designers that can allow to do that with minimalistic code. Appian for example has an interface/application designer that lets you drag and drop a UI interface and build a workflow, make api calls externally or to a database. So like that are there any other apps that allow to do something similar (make api calls/build ui easily/store in databse)? Any other suggestions are also welcome!
It heavily depends on the API as well as the kind of task you´re trying to achieve.
Here´s just a few examples and considerations. (All the below supposes that we´re talking about Web-Based APIs).
If the API requires authentication of some sort and the user authenticates himself: A simple HTTP file with JavaScript to send the request will do the job
If the API requires authentication but you authenticate for all the users: You will need a backend application that does the API request since you need something secure where you can put your Auth-Details for the API. Classic PHP or NodeJS in combination with a served HTTP file for the form itself would work without any JavaScript (depends on the API definitions)
If the API does not require authentication maybe a simple HTML form would work
If you want to write to a database you can have a look at something like https://directus.io/. They allow building a database with a UI and they automatically generate a Web-API which you can then feed by your forms. If the end-user is known to you Directus actually allows users to log in and fill the database with forms that you can visually design but this is rather for employees entering data into an internal database than customers submitting their contact data to you
From my personal experience, all the UI-Tools that promise to integrate with REST APIs make it really hard to do so since every API is different and there is no real standard for them.
A novice javascript developer here!
A have a basic question on whats the best and secured way to make HTTP calls from a front application to a backend service that needs an authentication. My application is a SPA (using Vue.js) & getting data from Java services. Java services need authentication details and return sensitive user data.
I see there are a few options and I wanted to understand a better approach amongst all 3-
Making direct HTTP calls from javascript code- Concern for using this approach is, as Javascript code can also be viewed via dev tools in browser, wont it be easier for anyone to do an inspect and view all critical authentication details hence making overall integration less secure?
Making an HTTP call using Axios via Vue framework- Seems like Axios is Promise based HTTP client for the browser that lets you easily make HTTP calls without much code overhead. but is this secure? is Javascript code loaded in the browser? Or the front end code sends the request and axios makes the request from backend server where the application is hosted?
Using Node- If front end application has unique routes configured for each API call and in my application if I have a route mapping to use request module and node js backend code to make those HTTP calls, is that going to be a robust and secure way of integration?
Please let me know your thoughts and apologies if this is a dumb question!
Not dumb at all. You're just learning.
My first question to your answer 😅 will be: is your application server-side rendered or it's sap + backend?
If it's server-side rendered then I would say it's secured since Node will be sending pages with all required data. On the dev tool, you will only see static files being loaded.
However, if it's SAP, I am not sure whether there is a way to hide whatsoever you send to the server from the dev tool. The only one thing you will need to do is to make sure you encrypt whatever is sensitive to your application.
I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?
The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)
Update for the current state:
There is currently a
Identity-Aware Proxy Documentation for Node JS.
I have been looking for a way to make API calls to the Docusign REST API using strictly client-side javascript (no Node). I haven't been able to find a single example of how to do this which leads me to believe it's not possible for some reason.
Furthermore I haven't seen an SDK for client side javascript calls. Only the following are available: C#, Java, Objective C, Node, PHP
https://www.docusign.com/developer-center/api-overview#sdk-docusign
So my question is this, is it possible to make purely client side calls to the Docusign API?
Not fully from a client side, due to CORS restrictions for security purposes.
I have written this module in node js, which is an express middleware and will enable your node app with an API for accessing cloud storage services such as dropbox.
For example this will list the available services
wget http://localhost:6805/api/v1.0/services/list/
And this will list a directory of the user Dropbox
wget http://localhost:6805/api/v1.0/dropbox/exec/ls/path/to/folder/
Of course, the user must have connected his Dropbox account to the app. To do so, your app must call this
wget http://localhost:6805/api/v1.0/dropbox/connect/
Which returns an URL, which you will open to let the user authorize the access to the service (this is an oauth2 authorization mechanism). Then call this to finish the auth process
wget http://localhost:6805/api/v1.0/dropbox/login/
My question is : how to test the API? I mean functionnal tests. I could mock each service (Dropbox for example) but it may be a lot of work don't you think?
No answer yet, so I can say that for now, the only way I have found is to use selenium to simulate a browser.
I open a test page, and type my test login/password, just like a human would.
Then I run tests normally