I have to modify java based old project(servlet , Gradle project) which was not integrated with any of Java framework. For a recent project integration requirement, needs to call a external Api' PATCH request and change some value(owner ID) time to time on that external api hosted web application.
Endpoint looks like following
https://reverinapi/privivo/api/deys#/v1/drive/maks/{id}
Need to change owner id time to time and JSON should following,
{ "meta": { "ownerId": "smtip|appownid1" } }
I tried following way,
com.google.gson.JsonObject mainObject=new com.google.gson.JsonObject();
com.google.gson.JsonObject meta=new com.google.gson.JsonObject();
meta.addProperty("ownerId", "smtip|appownid1");
mainObject.add("meta", meta);
I don't familiar with how to call the api endpoint and please let me know if there any other efficient way to do this api call and change the value.
You need to use some HTTP client library to make the request. There are likely many available for Java, but Apache's is one.
Ah, I also just learnt that as of Java 11, there's an HTTP client included: https://www.baeldung.com/java-9-http-client.
Related
I am new to ElasticSearch and with our team we are developing a spring-boot application which communicates with an elasticsearch server. Actually the aim of the application is to map rest methods exposed by Elasticsearch in order to call the ES server from a Controller class with postman...
I've seen there is a brand new Java Client Api 8.4, but I cannot find in the documentation how to delete an indexed document for example. It seems that the Java Client Api is not such complete as the Rest Client Api.
So question is: what's the difference beetween Java Rest Client a Java Client API? which one should I use?
I know High level client is deprecated but as I mentioned I don't know how to call methods such as Delete By Query for examle...
I know also there is spring data elastic search for spring-boot but I would use the Java cliet which allows to work with raw json format
Thanks,
Saverio
Tldr;
The java API client documentation is purposefully short. On purpose it seems as it is already described in the main documentation of elasticsearch.
For a full reference, see the Elasticsearch documentation and in particular the REST APIs section. The Java API Client follows closely the JSON structures described there, using the Java API conventions.
Solution
Delete by query
It would most likely be like a search query by with a different function name instead.
SearchResponse<Product> response = esClient.search(s -> s // delete_by_query ?
.index("products")
.query(q -> q
.match(t -> t
.field("name")
.query(searchText)
)
),
Product.class
);
ElasticsearchClient has a delete() api (see javadoc) to remove documents from indexes and usage of it is not so different than the others.
For eg:
DeleteRequest request = DeleteRequest.of(i -> i.index("your-index").id("document-id"))
DeleteResponse<Product> response = client.delete(request);
should work.
I am having trouble on how to Mock an external API that an internal API calls.
What I want is basically to test the call on the internal API, to see if it reaches the point of the external API path. I am using Mockito with java and can't seem to get it working. I want to intercept the External API call and return a mock response so the external api isn't hit.
Here is what I have tried:
I am using Micronaut using HttpClients in my tests to do something like:
HttpResponse<blah> response = client.toBlocking().exchange(request, blah.class);
, which is the internal API call. The external api call is in the form of:
HttpResponse<blah> response = client.toBlocking().exchange(request, blah.class, error.class);
I am trying to catch the external API call in my Integration test class by:
when(client.toBlocking().exchange(any(MutableHttpRequest.class), any(Argument.class), any(Argument.class))).thenReturn(resp);
But it seems like I cannot even reach the internal api, the call never seems to be made. I believe that it is being intercepted earlier.
Any help or suggestions are appreciated - I am not sure if this is the right approach or if there's some easier way, but thank you in advance.
How to find the correct json schema to post to the magento endpoint and create an account?
Am able to create account only from the front end, I need to be able to do from the backend using curl or Postman.
http://{ipaddress}/index.php/customer/account/create/
This is an external api , i need to consume.
I want to post to this end point from java, however am not able to find the correct request schema of the json endpoint.
Any help to find the swagger end point or schema would be great
I am assuming you are talking about magento 1? Have you tried the REST API by chance? It's well written out on how you should make a call to it here.
If you need more functionality than just creating an account, you can also take a look at the SOAP API which handles more things, but does not support JSON from the box. They did implement the WS-I complaint mode to support Java calls, so maybe that's something you'd be interested in as well.
Good luck!
I created endpoint apis but problem is anyone with my project id can go to api explorer and execute those apis. I have put only android client id (using debug keystore) on top of endpoint class declaration but still I can go to incognito mode and execute the apis. How can I restrict the apis so that only my android apps have access and all others will be thrown with some exception?
The APIs can be protected by adding a key parameter that has to be correct for API to be invoked. If the user of the API does not know the key, he won't be able to use the API even with API Explorer.
Advantages of this approach is that it is simple to do, allow you yourself to experiment with the API if you need.
Disadvantages include being very easy to circumvent by a determined user, just by looking at the traffic.
You need to make sure that you have coded your API/backend correctly to only accept the clientId for your app; make sure that you do not see com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID as one of the clientIds in your #Api annotation on the API class:
#Api(
name = "myApi",
version = "v1",
clientIds = {<your android clientId>},
)
public class myApi {
// your API code here
}
If the API Explorer client ID is present, it will allow it to execute your API from the API. I am not 100% sure, but I think you may still see your API form the explorer without the client ID, but execution will be prevented with an error.
This article has more info: https://cloud.google.com/appengine/docs/java/endpoints/auth#Specifying_authorized_clients_in_the_API_backend
You may want to think about putting proper auth around the endpoint calls (i.e. per-user auth checks around each method) if it is particularly sensitive. Just adding a User parameter to the #ApiMethod should be enough for force users to auth before executing each method.
Hope that helps.
You can use on each api allowed_client_ids to be ANDROID_CLIENT_ID only, can be a possible workaround.
I think this could help if you haven't followed it yet : https://cloud.google.com/appengine/docs/python/endpoints/auth#Python_Creating_OAuth_20_client_IDs
Use symmetric key cryptography along with digital signatures for this. However, you'll need to share the key with the Android app first.
Here's how it would work.
Whenever the Android app is making a network request, you take the URL & the parameters, then you Hash it and then encrypt it using the shared private key. You then append the signature as another parameter to the URL.
At the receiving end, your web API will validate whether the request came from your Android app ONLY.
Please note, that this will work ONLY for your app. It will not work as a way to catch all generic Android requests/
Here are some points for consideration :
Cloud Endpoints has been supporting the ANDROID CLIENT ID and
package signing, so that should atleast take care of the fact that
only a signed Android application from your side can access the
endpoint
.
If you wish to remove the Web Clients from access, then I would
probably look into the HTTP Headers and Agents to see if there is a
sure way of identifying these web clients.However, this would
require that you write your own Authorization logic in the method
since I do not believe that the endpoints infrastructure can take
care of this automatically for you
.
Remove access for everyone via the Annotations could be
problematic if you want a quick way to use the API Explorer to test
out the API. So do keep the API Explorer access available.
I am trying to create a Java wrapper for Vtiger REST API. I want to avoid the use of vtwsclib library because I could not find its Maven artifact. I want to use Spring RestTemplate. Actually, I don't understand why I need some special library to access REST API of a webservice.
First a got into problem with login process. Even when I followed the instructions from this link, I was not be able to retrieve sessionName. Finally, I resolved it after some research of vtwsclib library.
Next problem is with the retrieve operation. Even when I had sessionName and tried to retrieve some object by id with request (a ticket I can see in client app)
GET .../webservice.php?operation=retrieve&sessionName=xxxxx&id=xxxxx
I got:
{"success":false,"error":{"code":"ACCESS_DENIED","message":"Permission to perform the operation is denied for id"}}
Last problem is documentation, even when I visited their wiki Vtiger WIKI I could not find attributes of Ticket entity to create fields map.
So the work with this API is a bit painful for me. My questions are:
Is there some tutorial how to obtain sessionName using only Spring RestTemplate?
Why retrieve operation failed? update: bad id format
This is the main question. Is there some better documentation (tutorial, blog, file, ect.) for Vtiger REST API and descriptions of objects like Ticket?
I am also using Spring RestTemplate for Vtiger rest api.
For Retrieving details of record using REST API we need to pass id as moduleId x recordID (2x1234) format, otherwise it will give ACCESS_DENIED Error