Bittrex API rate limit – Bitcoin Stack Exchange

This question has been asked in the #api-developers channel of the Bittrex Slack Group a few times.

Here’s the important fragment of the discussion with somewhat an answer to our question.

July 2nd, 2017

Some user:
seriously guys.. the rate limit.. what is it..

bittrex-bill:
It varies by API call.
If you hit the limit, you are abusing it. If you hit the limit a lot, you risk getting banned :]
I dont have a clearer answer for you right now

Some user:
Is greater than 1 minute consistently 24/7 within an acceptable use?

bittrex-bill:
yes

That’s it! I personally wish they would update the API docs with a clear and hard limitation, but for now, when we’re writing code that is long-running, and executes in a loop, we should try to cap the requests around 1 request per minute per API method.

javascript – No puedo recibir el JSON en una llamada a la API de Steam

estoy trabajando en una app de React.js que tiene como objetivo poder buscar un juego que esté en steam y mostrar información de ese juego.

El problema es que cuando hago la llamada por fetch a esta url:
https://api.steampowered.com/ISteamApps/GetAppList/v2/

no logro que me retorne ninguna data,
sin embargo si esta llamada la hago por Postman la respuesta es exitosa

API development – Exposing new version VS updating current version

Context

There is a back end and a front end team.

Back end exposes an endpoint to the front end app:

PATCH car/{carID}/tire

Problem

I want to update the aforementioned PATCH request functionality which will change the request’s body .

Solution

There are two options:

  • Change the current endpoint and ask the front end team to update the payload on the request’s body.
  • Create a new endpoint car/{engineID}/v2/tire , so the front end team can switch to this version when they see fit.

Question

I prefer the second approach, as it allows the two team to work asynchronously . The short coming here is that every time I will need to update this endpoint I will need to expose a newer version ??

In which scenarios should I follow the first approach, which actually breaks the current system ? Does this violates the open-closed principle ? Does the open-closed principle apply here ? Should I follow this principle in this scenario ? Is there another alternative to the two aforementioned methods ? Is there a design flaw that resulted in this scenario ?

sharepoint online – How to filter “Yes/No (check box)” field from lookup list using pnp/rest api

How to filter “Yes/No (check box)” field from lookup list using PnP/REST API?

I can filter other columns with different types but not able to filter “Yes/No (check box)” field.

It is showing below error message:

The query to field ‘LookupList/LookupField’ is not valid.

magento2.2 – M2.2: Using REST API, Can Clear Cart but Mini-Cart Not Clearing

We are currently integrating another checkout portal to go on top of our existing Magento 2 platform. They are using the REST API to do most of their calls to Magento 2, including that of clearing the cart. When clearing the cart on the portal, it will clear it fully, and when coming back to the Magento 2 side, the cart will be empty, however the Mini-Cart will still be populated with all the items that we’re previously there before being cleared.

They are using the specific endpoint:

DELETE method : rest/V1/carts/mine/items/#ITEM_ID#

However they have not found any other means of clearing the cart, and using the above results in the mentioned issue of the mini cart still being populated.

I have done a little research and found that it appears the mini-cart information stays due to being stored in local storage. It is mentioned to try using;

$objectManager = MagentoFrameworkAppObjectManager::getInstance();
$cartObject = $objectManager->create('MagentoCheckoutModelCart')->truncate();
$cartObject->saveQuote();

or

$cart->truncate()->save();
Where $cart is an instance of MagentoCheckoutModelCart.

However I wouldn’t know where to make those above changes, nor aware if that will achieve the result of having both carts emptied when they use the DELETE method endpoint. Is there a different method I should have them use to clear both the cart and mini-cart while just having access to the REST API endpoints? Or something I can change on my end that will clear it for them when the endpoint is called, like hooking into the above API method and truncate the mini-cart from the Magento 2 code?

8 – Search API XSS issue

Using the search API documentation, built a form in the header that passes the search text to the search page.

https://www.drupal.org/docs/8/modules/search-api/getting-started/common-pitfalls

When doing a simple search with this text

<script>alert('Test');</script>

shows a popup test on the page. Any suggestions on how to fix it?

SharePoint search API not bringing results from Subsites

I am trying to use Search Api in SharePoint online to search against a RefinableString that is mapped to to a column

https://tenant.sharepoint.com/sites/SiteName/_api/search/query?querytext='RefinableString00:SomeQueryText'&rowlimit=500&selectproperties='Title,RefinableString00'

When I query this, it brings the documents from the root site collection only. When I include the path:"http://pathToSubsite" in querytext, it brings the document from that subsite only. So if want to bring results from all the subsites, do I need to include all of them in the path?

Not sure what I am missing in the query. Also I noticed that it the result is containing only one result even when we have more than 1 matching results in the site.

How to get users email address using SharePoint REST API

I am using the following code to get the current logged in user to a SP page. I’m only able to get the Title. How can I get the email address as well? Thank you.

// Get current user
jQuery.ajax({
    url: "https://.../_api/web/currentuser?$select=Title,User/ID,User/EMail&$expand=User",
    type: "GET",
    headers: {"Accept": "application/json;odata=verbose","Content-Type": "application/json;odata=verbose"},
    success: function(data) {
        username = data.d.Title;
        console.log(data.d);
        console.log("user name: " + username);
        document.getElementById("user").innerHTML = username;
    },
    error: function(data) {
        console.log("Error occurred trying to get user id");
    }
});

xss – Is splitting a REST API server from a Web server considered a security threat?

I am participating in a project that involves a JavaScript SPA that provides a service and is intended to interact via REST APIs with one of our servers. Initially, I proposed to work on the two entities as two separate projects; specifically I put forth the following

  • The user accesses the Web app through a www.myservice.org address
  • The Web app contacts an api.myservice.org service for REST interactions

but I was immediately faced with rejection. I was told that the Web app, residing at www.myservice.org, should contact the REST server via something like www.myservice.org/api because doing otherwise would entail a security threat. I didn’t say this was a bad idea, but I insisted on splitting the API server from the SPA-serving one for the following reasons

  • Scaling
  • Separation of concerns
  • Easier code management

I’m much more of a developer than a system admin and security expert, so I couldn’t promptly reply their rejection. Why would having two api.myservice.org and www.myservice.org servers represent a security issue? I was vaguely told about Cross-site scripting but even then the reasoning wasn’t perfectly clear to me.