I'm using django-rest-framework, which accepts API requests from frontend javascript. My frontend javascript and backend django APIs are hosted on the same apache server and are within the same domain.
Is there a way by which I can ensure that my APIs are accessible only via the frontend javascript and not via curl commands or any other programming methods ?
I'm not sure about that, the nature of an API is making it accessible to those who have the key and correct way to request information but there are other tools to achieve the same effect if you're only wanting your db accessible from your site. Take a look at django ajax https://github.com/yceruto/django-ajax it works by throwing a decorator on a view which returns a json response. I've found it to be a very helpful tool.
Related
I'm working in javascript(React) to create a web app that makes use of multiple APIs(Spotify, Twitch, Youtube) and so far I have been using Axios to make
the REST calls successfully. But now I have begun running into Cross-Origin Resource Sharing (CORS) errors and I have been told
that I need to make calls to external APIs from a server instead of from my client. I've never made API calls from a server and
have some questions:
Everything I am doing is currently running locally using Node and I dont have a "server" unless that's what Node counts as. Do I need to get a "server"?
Should I be creating my own API and hosting it on some server so that I can call that API from my javascript code?
How do I create my own API if that's what I should be doing?
Is there a different language I will need to use to make server-side api calls?
Everything I am doing is currently running locally using Node and I dont have a "server" unless that's what Node counts as. Do I need to get a "server"?
React comes with a bunch of development tools that use Node, including a development server. It isn't designed for production use though, so you shouldn't use it for that.
Should I be creating my own API and hosting it on some server so that I can call that API from my javascript code?
Yes.
How do I create my own API if that's what I should be doing?
Write some code which accepts an HTTP request, gets the data you want to respond to it with, and makes an HTTP response.
Express.js is a popular way to do this in Node. You can combine it with Next.js to apply server-side rendering for your React app (resulting in better performance, accessibility, reliability, and SEO).
Is there a different language I will need to use to make server-side api calls?
You can write your server-side code in any language you like.
I assume you are hosting your application on a development nodeJS server, therefor you
will need an extra server.
Yes. Create an API and call it from your frontend.
Create a server which takes http requests and does your stuff according to the route
chosen.There are many examples on how to do this with for example nodeJS+Express on the
internet.
The Language you use for the server side is your choice.
I am new in nativescript app development, I want to use SOAP web services in nativescript, i.e how to implement SOAP request & response in nativescript. Please give me suggestions, didn't find any way to implement SOAP, all search results are implemented in JavaScript code.
I do open github issues, please check - https://github.com/NativeScript/NativeScript/issues/2284
Thanks :)
Well, their is no built in soap handling. However, you can make you own in a couple steps.
NativeScript has built in http requests, and XMLHttpRequest and Fetch; this means you can query and receive back data you want from any service url. http://docs.nativescript.org/api-reference/modules/http.html, https://docs.nativescript.org/cookbook/fetch, http://docs.nativescript.org/cookbook/http
In addition, their is a third party plugin called nativescript-apiclient which makes it easier to deal with http requests with changing parameters. (i.e. http://somewhere/getdata/{token}/{data} where you can just pass in a token and data value...) See http://plugins.nativescript.rocks for different plugins available.
NativeScript has a XML parser built in, Soap responses are typically XML based. So you can easily instantiate the xml engine to parse your soap requests (http://docs.nativescript.org/cookbook/xml-parser)
I have made a very simple Web API in C# which does all the functionality required and have also made a simple User Interface in Appcelerator (Java Script). My task is to connect these two together so the app has the functionality of the API. I believe I must use JSON to communicate between C# and Java Script but I'm not sure how to do this.
Can anyone help or point me to the right direction?
Thank you
You can write your own API implementation in javascript that talks to your restful service via http calls.
Also, I recommend taking a look at this project here: https://github.com/viezel/napp.alloy.adapter.restapi which can save you a lot of time doing so.
The language in which your web API (service) is written is irrelevant to the question. You can use Ti.Network.HTTPClient to connect to any web service.
You just need to know what requests the API requires and how it responds. Most APIs nowadays use REST JSON, which means you request via an URL with optional body (for POST/PUT calls) and the response is in JSON format which you can parse using JSON.parse
I'm trying to connect to the Expedia Api. With this they have an api key and id.
I was using jsonp with this but there is a bug in there causing problems. The other thing is my api key is exposed in the javascript.
So now I have to find another way. I am now requesting json but of course I can't get cross domain with it so I have found a php proxy. My app is now reliant on php (this is ok though). When I access the php proxy I now get authentication errors. I have tried a different endpoint on a different site and the script works.
So therefore I cannot access this API.
There seems to be very little information, tutorials and scripts out there on how to make an api cross site, php proxies or authentication. I thought with the amount of sites now reliant on this type of technology there might be something.
How can I make a php proxy and return this data back to angular?
How can I safely hide my api key?
Have all of your API keys etc in a PHP file on your server. In that PHP file you need to curl to the API. Then have your PHP script return a json_encode() of whatever their API returns. That way no one sees your API deets.
I am newbie to angularjs. I developed an angularjs application using angular seed skeleton https://github.com/angular/angular-seed for client side. And for API server I used expressjs server.
My home page url is something like localhost:9000/app/index.html#/home
So, typically if I hit the url localhost:9000/app/index.html#/home I see my home page.
But, I have a requirement that there will be a POST request also to my application from some xyz application.
So, I want to determine, whether the incoming request to my angular seed application is coming from an external application or not.
Like in PHP there is a Super global array $_SERVER, with which you can determine the incoming request method... Is there anything in angularjs to determine the request method.
I hope my question is clear enough to understand.
Truly appreciate for reading my question, some hint would be great.
What you are asking implies you want to use an Angular frontend to provide POST method endpoints to your API. This does not make sense.
The equivalent of PHP's $_SERVER array to get passed variables is found inside Express's API, using the req parameter of a specific route setup. See http://expressjs.com/4x/api.html#router.route. This is where you create logic based on request method. app.get() and app.post() and app.put() and so on, as Ben's comment mentioned.
In the traditional PHP example you mention, the entire request goes to the server and a page result is returned to the browser, so you have the chance to detect that a POST or GET was made and direct the request appropriately.
Angular is a javascript based framework that runs in a browser. The browser will use GET requests to initially download all the html/js/css, but then it runs in a javascript context and no server is involved after this point unless explicitly coded in an Angular module/controller. This is where you would make GET/POST/PUT/DELETE requests to your API backend.
Your API is accessed with XHR (XmlHttpRequest) calls in a javascript context, based on user interaction with the UI. These calls can be made using GET or POST et al depending on how your API functions, using angular $http or $resource and the like.