Parse is a Backend-as-Service platform that offers RESTful API for data storage and query. It seems very appealing for front-end or mobile developer and allows them to focus on business logic without worry about those troublesome back-end technologies.
The RESTful endpoint looks something like this:
https://api.parse.com/1/classes/GameScore
If I want to use this on my site, say awesomehtmlsite.com, wouldn't the request be blocked by cross domain restrictions? Same would hold true for the Javascript API.
Can someone explain to me how I can utilize the RESTful API or the Javascript API?
Responses to calls to the Parse javascript API include the following header:
Access-Control-Allow-Origin:*
This allows it to be used cross-domain. You should just be able to follow the JavaScript guide/API that Parse provides, without worrying about cross-domain issues.
Related
I'm fairly new to the webdev. I have a React frontend built with Vite, and a Node.js backend that uses MongoDB. I finished my little project and when It came to deploy it to my Linux server, I got confused about how to handle API calls.
Is there any way to hide API URL's on frontend apps? Because everything is done in client side, and frontend is basically an interface between user and backend, that should be impossible. But how does for example, big companies like Facebook handle this? If I go to Facebook and inspect the code, can I find the exact IP and API address that facebook backend serves me the posts? Or are there any tricks to make this more secure? What are the industry standards are on this topic?
The interface between your web application in the browser and your backend service is HTTP(s). There are HTTP verbs such as GET, POST, DELETE, etc. You can pass argument or information to your backend services via query parameters which are visible in the URL, or you can send it in the body of a request. An HTTP POST, for example would have a body that is not seen or viewable unless the end user made specific effort to view it.
So i want to develop a simple web application, which will basically be a basic form which on submission will allow to make an external api request. So are there any application designers that can allow to do that with minimalistic code. Appian for example has an interface/application designer that lets you drag and drop a UI interface and build a workflow, make api calls externally or to a database. So like that are there any other apps that allow to do something similar (make api calls/build ui easily/store in databse)? Any other suggestions are also welcome!
It heavily depends on the API as well as the kind of task you´re trying to achieve.
Here´s just a few examples and considerations. (All the below supposes that we´re talking about Web-Based APIs).
If the API requires authentication of some sort and the user authenticates himself: A simple HTTP file with JavaScript to send the request will do the job
If the API requires authentication but you authenticate for all the users: You will need a backend application that does the API request since you need something secure where you can put your Auth-Details for the API. Classic PHP or NodeJS in combination with a served HTTP file for the form itself would work without any JavaScript (depends on the API definitions)
If the API does not require authentication maybe a simple HTML form would work
If you want to write to a database you can have a look at something like https://directus.io/. They allow building a database with a UI and they automatically generate a Web-API which you can then feed by your forms. If the end-user is known to you Directus actually allows users to log in and fill the database with forms that you can visually design but this is rather for employees entering data into an internal database than customers submitting their contact data to you
From my personal experience, all the UI-Tools that promise to integrate with REST APIs make it really hard to do so since every API is different and there is no real standard for them.
A novice javascript developer here!
A have a basic question on whats the best and secured way to make HTTP calls from a front application to a backend service that needs an authentication. My application is a SPA (using Vue.js) & getting data from Java services. Java services need authentication details and return sensitive user data.
I see there are a few options and I wanted to understand a better approach amongst all 3-
Making direct HTTP calls from javascript code- Concern for using this approach is, as Javascript code can also be viewed via dev tools in browser, wont it be easier for anyone to do an inspect and view all critical authentication details hence making overall integration less secure?
Making an HTTP call using Axios via Vue framework- Seems like Axios is Promise based HTTP client for the browser that lets you easily make HTTP calls without much code overhead. but is this secure? is Javascript code loaded in the browser? Or the front end code sends the request and axios makes the request from backend server where the application is hosted?
Using Node- If front end application has unique routes configured for each API call and in my application if I have a route mapping to use request module and node js backend code to make those HTTP calls, is that going to be a robust and secure way of integration?
Please let me know your thoughts and apologies if this is a dumb question!
Not dumb at all. You're just learning.
My first question to your answer 😅 will be: is your application server-side rendered or it's sap + backend?
If it's server-side rendered then I would say it's secured since Node will be sending pages with all required data. On the dev tool, you will only see static files being loaded.
However, if it's SAP, I am not sure whether there is a way to hide whatsoever you send to the server from the dev tool. The only one thing you will need to do is to make sure you encrypt whatever is sensitive to your application.
I have been looking for a way to make API calls to the Docusign REST API using strictly client-side javascript (no Node). I haven't been able to find a single example of how to do this which leads me to believe it's not possible for some reason.
Furthermore I haven't seen an SDK for client side javascript calls. Only the following are available: C#, Java, Objective C, Node, PHP
https://www.docusign.com/developer-center/api-overview#sdk-docusign
So my question is this, is it possible to make purely client side calls to the Docusign API?
Not fully from a client side, due to CORS restrictions for security purposes.
I know this at least IMO is a stupid request. Because WSDL is old hat and sucks compared to just doing a RESTful API. But I have a corporate "mandate" where we want to do a REST API but then corporate wants a WSDL still. I know..it makes no sense and apparently we can't push back and say NO and tell them to just use our future REST API.
So can you generate a WSDL if I were to start creating a REST API with ServiceStack? Meaning I add uri attributes and such? So that I can "make them happy"?
I prefer not to use WCF, it's a nightmare with a ton of attributes and configuration to try and hack a RPC style web service to try and be RESTful. Obviously that doesn't work out too well.
SOAP along with REST is supported and you can have REST API along with soap wsdl. There are some recommendations posted in servicestack wiki that you can review and get started! You just need to implement the restful service and soap, json, xml etc are automatically supported.