Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
imagance2022-01-08 18:59:22
PHP
imagance, 2022-01-08 18:59:22

Questions about REST API?

Hello, my question is probably stupid and I didn’t look for answers well, but tell me:
1. to pass json to api, be sure to use a link to a page with json, or somehow you can pass json directly to html. For example:
not so
api - json
test - html page,

but what would be like this
test - json and html page

2. For example, the admin role has a button that should be displayed, but a simple user should not be displayed as for REST this should be implemented ? That is, the client makes a request for a role to the backend and then, depending on the response, show or hide the button through display: block / none.

3. How should user authorization be checked correctly? I heard that a field should be created in the database where the authorization token is stored and will be deleted if there has not been a request for a token for a long time. But what if we use sessions? Will this break REST a lot?

4. How to make csrf protection in api?

Sorry to take up your time with such stupid questions, but I can not find detailed and understandable information on this topic.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Belyaev, 2022-01-08
@imagance

First, REST is not a standard, not strict rules, it's a recommendation.
The whole essence of these recommendations boils down to two things:
- Each resource (document, entity data) has its own URI
- For each action with a resource, its own HTTP request method is proposed
. Now for the questions:
1. If json and html data is simple different representations of the same resource, they may well live on the same URI. For example, a different representation is given depending on the HTTP header Accept.
2. REST does not regulate in any way how you build an application. It can be a separate request to the "role" entity or be part of the "user" entity, it's up to you.
3. Again, REST has nothing to do with it at all. In REST, there are no databases, sessions, or anything else that you use under the hood encapsulated from the client.
4. CSRF is done as in any other case. Here is the article: https://habr.com/en/post/318748/

Similar questions
A
Alex2017-10-02 14:08:44
How to disable access in NGINX to all non-existent third-level domains on the site via SSL (port 443)? 5Reply
S
Stavr Strelov2020-02-23 12:29:03
Java. How to format text in JTextArea and JTextField (change color, font, etc.)? 4Reply
V
Vadim Solovyov2020-02-27 16:09:37
How to cut off extra lines in Affinity Designer, leaving only a closed square? 2Reply
R
Romeo47552020-03-15 16:34:20
Synchronous requests for JS XMLHttpRequest - how to implement it now? 1Reply
V
Valera Vasilenko2017-11-07 04:19:41
How to make a link to Viber Public Chat? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question