Call .NET Core API endpoint from the API itself

I'm creating a .NET Core 3 API with Entity Framework. The data comes from an existing database.

Now I have the following situation:

/persons -- get all the persons
/companies -- get all the companies
/attributes -- get all the attributes
/attributes/groups -- get all the attribute groups
/attributes/types -- get all the attribute types
/attributes/usage - get all the attribute usages
  • Attributes can belong to one or more groups.
  • Attributes can have a type: person or company.
  • Attributes are assigned to a person or company listed in the usage endpoint.

In the "end of use" we have something like:

fk_attribute_id = 1
identifier_attribute = 3
type_id = "person"

This means that person 3 has attribute 1.

Another example:

fk_attribute_id = 2
identifier_attribute = 2
type_id = "company"

This means that company 2 has attribute 2.

In my API I have several controllers / services to get this data based on EF. The customer could combine the data to get the desired result.

Now I think it's nice to have these endpoints:

/persons/3/attributes -- Get the attributes of person 3
/companies/2/attributes -- Get the attributes of company 2

But … that means I have to somehow call my own endpoints and combine the data? I can also call the DB using a stored procedure, although we want to avoid business logic in several places.

What would be the best course of action for this? Should we say: The API does not offer this, good luck client. Or … are there other options to provide this?

Plugins – WooCommerece REST API does not display all subcategories by parent

I request the following endpoint

wp-json / wc / v3 / categories? parent = someID

and get an answer for the first 2 kids, which is a problem where these kids also have kids (here deeply nested in categories as shown in the picture below) I need to show all the subcategories under a specific parent operating system how I can do this.
Enter image description here

api – Is the insertion of an authentication token in the HTML text safe?

I have a project, a web application / website, that uses cookies to authenticate users with long randomly generated strings (even on the same website: lax, httponly, secure), but I also have an API that needs authentication tokens itself.

My current design, when the website server authenticates the user, generates the API authentication token and inserts it along with the entire initial state of the page. Then the API requests are served with this authToken. Is this river by nature flawed?

I thought about using an extra HTTP request after loading the page to retrieve the API authentication token and thus not include it in the HTML text. However, this means slower execution because the page content usually depends on the API requests that require an additional HTTP request after the page Load to retrieve the API authToken.

I suppose the connection is of course already over HTTPS.

API – Is it safe to place authentication tokens in HTML Body?

I have a project, a web application / website, that uses cookies to authenticate users with long randomly generated strings (even on the same website: lax, httponly, secure), but I also have an API that needs authentication tokens itself.

My current design is that when the website server authenticates the user, the API authentication token is generated and inserted along with the entire initial state of the page, and then the API requests are served with this authentication token. Is this process inherently flawed? I thought about using an extra HTTP request after loading the page to retrieve the API authentication token and thus not include it in the HTML text. However, this means slower execution because the page content usually depends on the API requests that require an additional HTTP request after the page Load to retrieve the API authToken. I suppose the connection is of course already over HTTPS.

Javascript – Why are arrays within an object in the API request with Axios undefined?

I have created an API that sends this information:

{ 
  title: 'algum título', 
  content: ('vários parágrafos')
}

The method that receives the data is as follows:

async componentDidMount() {
    let response = await axios.get("http://localhost:8000");
    let api = response.data;

    this.setState({ data: api });
  }

Both title and content are received correctly. I can see the data by logging, but the variable type is wrong.

console.log(typeof api.title) // string
console.log(typeof api.content) // undefined

To solve the case, I use the brackets. Only then can I use the map.

{this.state.data.title}

{(this.state.data.content).map(elem =>

{elem}

) }

The point is not that I can not solve the problem, but I would like to understand it. Understand why that happens.

Digital Signature – Hawk Vs. API key authentication

What is better for an HTTP (S) API (/ which is better under what circumstances)?

  • Hawk authentication (a secret key is used to create a signature that is transmitted with the request: similar to AWS Signature v4)
  • API key authentication (a secret key itself that is transmitted with the request)

A disadvantage of hawk is that the server needs to store the secret part of the key somewhere in plain text (/ can convert it to plain text) to sign because the secret key is not being transmitted, but only a signature of the incoming requests themselves compared to the incoming signature.

A disadvantage of the API key is that the secret key itself is transmitted.

(Acceptable answers could include: "both: instead X may be Y because Z")

node.js – Google Drive API without automatic synthesizer request

I have an app that only works with my account, which means I do not have to authorize anyone to access their drives, but I do not think there's any way to work with the API without using the oauth system do I have to ask the user to log in?

I used the playground to once authenticate myself and then reuse the token by updating it on my backend. Is not there an easy way to do this by skipping the playground part?

Shipping – How can we programmatically create partial deliveries with rest api?

I would like to create a partial shipment to manage the reorder
Here is what I am looking for

Customers place the below item
Item1 Quantity 5
Item2 Quantity 10
Item4 Quantity 8

I wanted to ship the available product and the available quantity for the first delivery and then the grater for the second time

Here is the product and the quantity that I have to ship first

Item1 Quantity 1
Item2 Quantity 5
Item4 Quantity 3

Here is my model class

  _orderRepository =   $orderRepository;
        $this->_convertOrder = $convertOrder;
        $this->_trackFactory = $trackFactory;
        $this->_shipmentNotifier = $shipmentNotifier;
        $this->_shipmentFactory = $shipmentFactory;
        $this->_transactionFactory = $transactionFactory;
        $this->_logger = $logger;
        $this->_esnFactory  =   $esnFactory;

    }

    /**
     * Get Shipping update.
     * @api
     * @param ShipmentDataInterface $shipment
     * @return ShipmentDataInterface|void
     * @throws MagentoFrameworkExceptionLocalizedException
     */
    public function saveNewShipment($shipment)
    {
        try{
            $order  =   $this->_orderRepository->get($shipment->getOrderId());
            if($order->canShip()){
                $data   = array(
                    'carrier_code'=>$shipment->getCarrierCode(),
                    'title'=>$shipment->getCarrierTitle(),
                    'number'=>$shipment->getTrackingNumber()
                );
                $orderShipment  =   $this->prepareShipment($order, $data);
                if ($orderShipment){
                    $order->setIsInProcess(true);
                    $order->addStatusHistoryComment('ITEM SHIPPED', false);
                    $transactionSave =  $this->_transactionFactory->create()->addObject($orderShipment)->addObject($orderShipment->getOrder());
                    $transactionSave->save();
                }
               // return $orderShipment;
            }
        }  catch (Exception $e) {
            throw new MagentoFrameworkExceptionLocalizedException(
                __($e->getMessage())
            );
        }


    }

    /**
     * @param $order MagentoSalesModelOrder
     * @param $track array
     * @return $this
     */
    protected function prepareShipment($order, $track)
    {
        $shipment = $this->_shipmentFactory->create(
            $order,
            $this->prepareShipmentItems($order),
            $track
        );
        return $shipment->getTotalQty() ? $shipment->register() : false;
    }
    /**
     * @param $order MagentoSalesModelOrder
     * @return array
     */
    protected function prepareShipmentItems($order)
    {
        $items = ();

        foreach($order->getAllItems() as $item) {
            $items($item->getItemId()) = $item->getQtyOrdered();
        }
        return $items;
    }


}

and here are my postdata with shipping

{
    "shipment": {
        "order_id": 123,
                "carrier_code": "DHLNew",
                "carrier_title": "DHL EXPRESS",
                "tracking_number": "TESTDHL12345",
        "items": (
            {
                "sku": "item1",
                "somedata": "somedata",
                "ShippingBoxNumber": "1",
                "Qty": "1"

            },
            {
                "sku": "item2",
                "somedata": "somedata",
                "ShippingBoxNumber": "1",
                "Qty": "5"
            },
            {
                "sku": "item1",
                "somedata": "somedata",
                "ShippingBoxNumber": "1",
                "Qty": "3" 
            }

        )
    }
}

Every help is appropriated

Design Patterns – Is it legal for JSON: API resources to have relationships with parents of parents?

I have the following hierarchy:

venue -> concert -> booking

And within the booking I have a relationship for the concert. But should the booking also be related to the venue? Or is it bad practice to have relationships at this depth?

What if there is a seat in a booking? Would a relationship to the venue still be appropriate?

Or is it better to make two requests instead to get the venue? For example, use the booking -> concert relationship to get the relationship between the concert and the venue?