I'm writing a web API.
I'm working with an 3rd party client that has sent a application/json request with an invalid JSON body.
My controller never get's the request because Symfony responds with Invalid json message received (400 Bad Request).
The developer of the 3rd party client will need this invalid JSON to debug their software.
Other than changing the content-type to text/plain, then testing the JSON myself, how can I save the invalid JSON for review later?
Thanks!
If you need to log an exception during a request handle, you just need to register an event listener on the kernel.exception. This event dispatches a GetResponseForExceptionEvent where you can find the triggered exception, the request and some others informations.
So, in this listener, check if the exception if a Symfony\Component\HttpKernel\Exception\BadRequestHttpException and then, log the request body where/as you want for further debugging.
Ah, ok. This was programmer error. The check wasn't done by Synfony, but by a leftover Friends Of Symfony Rest module. After removing this module, the behavior disappeared. Controller has to check the JSON body anyways.
Related
I am not that familiar with Expression Engine and I want to know the best way to recieve and sendback response to the webhook sent to an endpoint I can setup in Expression Engine. Is it even possible? I tried writing code to recieve a POST request on a template I just created and testing a POST request results in a 403 error with "The form is expired. Please refresh and try again."
Sounds like you'll need to create a plugin or module, which lets you create a corresponding Action URL you can POST to, and in the plugin/module code you can receive the POST request and do what you want with it.
https://docs.expressionengine.com/latest/development/models/action.html
https://docs.expressionengine.com/latest/development/modules.html
If you upgrade to EE6 there is a built in CLI tool to generate the base add-on files to get you started.
I'm working with new SAGE API v3.1.
For first steps, I'm testing with Postman according manual for get authorization.
Any problem, with test. When make a call for get New Access Token, postman send request, and SAGE open a modal window for ask my credentials for connect my request to one account.
Well. I try several options with Laravel 5.7, include modifications on Laravel Socialite, but not work. On all tries, get a Internal Server Error and I assume it's because I'm sending the request wrong.
On SAGE manual, I don't see more that Postman example for get access token. Not example for php, curl, ...
For others request I don't problem using Guzzle, but I need get tokern y refreesh token, with Postman. Horrible.
Image show real information for Test account.
On postman console, get some infor, but I lost with this and Internal Server error
Request Headers:
content-type:"application/x-www-form-urlencoded"
user-agent:"PostmanRuntime/7.3.0"
accept:"*/*"
host:"oauth.accounting.sage.com"
accept-encoding:"gzip, deflate"
content-length:274
Request Body:
grant_type:"authorization_code"
code:"ES/e1fd0bc2-1d06-41b6-902a-beb584f24ccf"
redirect_uri:"https://localhost/login/sage/callback"
client_id:"c420127c-76f3-48e5-9c11-77fcba90402d/2c09ea61-249c-4958-96f0-89209f1939e8"
client_secret:"?]#4iVWBhx/)gN;bA2M%"
NOTE: All data es valid for testing.
NOTE2: this is a piece that i don't understand code:"ES/e1fd0bc2-1d06-41b6-902a-beb584f24ccf" What is it? How to generate?
With this data, I try to put link https://www.sageone.com/oauth2/auth/central?grant_type%3Aauthorization_code%26code%3DES%2F37048339-8db2-4168-bfb0-760ef6709b93%26redirect_uri%3Dhttps%3A%2F%2Flocalhost%2Flogin%2Fsage%2Fcallback%26client_id%3Dc420127c-76f3-48e5-9c11-77fcba90402d%2F2c09ea61-249c-4958-96f0-89209f1939e8%26client_secret%3D%3F%5D%404iVWBhx%2F)gN%3BbA2M%25%0A) imitate Postman, but after put my credentials, not return to callback. It instead got to SAGE Account.
Postman sends the get new token request as a GET request, Laravel expects it to be a POST request.
I had to make my own POST OAuth Token request in Postman to get it to work since the Postman new access token feature does not let you change the request method to POST.
From a custom POST request you have to manually copy the response token, Right click edit your collection, go to Authorization tab, Select Type OAuth 2.0 and paste in your oAuth token in the available field.
All requests than need to use the token, make sure in the Authorization tab of each request entry that Inherit auth from parent is selected for the TYPE in order to inherit the token from the collection.
I've been trying to implement a private API for a project of mine and I'm looking for some clarity on exactly what method (and even programming language) I should be using to create this implementation. The API was written in PHP, I believe.
The documentation states that I need an authentication token to make all API calls. In order to do that, I've been given a username and password, but I need to send it in "JSON in the body of the HTTP Message"
This is what the documentation states:
All communications will be made using JSON over HTTP. This is a
RESTful API, meaning that it uses a combination of HTTP "verbs" (in
this case GET and PUT) and a URL that indicates the object(s) to be
fetched or acted upon. The parameters should be encoded in JSON in the
body of the HTTP message.
I'm using Postman to test the API and I can only figure out how to send authentication in the headers (I've tried using basic auth and even oAuth).
Can anyone help me shed some light on this? I've done a bit a research and I'm now a bit more lost. Any link to an example on how to do this or any help would be greatly appreciated.
I'm using Postman to test the API and I can only figure out how to send authentication in the headers (I've tried using basic auth and even oAuth).
As you are using postman, in the body tab of the request, select raw type to be JSON(applicatin/json)
Then enter your username and password in the json format.
You can change the http verb near the url parameter to GET, POST, PUT, DELETE or more
The parameters should be encoded in JSON in the body of the HTTP message.
Here is the sample request screenshot to send username and password in body parameter of request. I am using POST type of request here. You have to use the verb that the documentation states.
As stated in comment and documentation that you shared, try using adding those username and password in params. Here is sample screenshot of the request in Postman.
Well, created my personal API server, setted proper response codes, content and cache control(Ex. 404 Not Found, application/json, no-cache, must-revalidate) What else could be setted (in headers) to achieve "perfect" API ?
This API is public, but in future there are plans to create private API for registered user's. Is there any header's "settings" for this kind of API (like Unauthorized, WWW-Authenticate etc.)
You can add a parameter to suppress HTTP codes. Twitter has suppress_response_codes parameter. Quote from dev.twitter.com
suppress_response_codes: If this parameter is present, all responses will be returned with a 200 OK status code - even errors. This parameter exists to accommodate Flash and JavaScript applications running in browsers that intercept all non-200 responses. If used, it’s then the job of the client to determine error states by parsing the response body. Use with caution, as those error messages may change
Here is some resources for good RESTful api design.
Restful API Design
RESTful Service
Mobile API Design - Thinking Beyond REST
Create a REST API with PHP
I am just about to make a webservice available for fellow programmers in my sector using PHP on my own server.
As this is the first time I have done this, I first investigated APIs that I frequently use, Flickr etc.
My service returns granular data extracted from a very large csv file by examining GET arguments, it is read-only.
The data is returned in a variety of formats, xml, json, jsonp etc.
example of the call: /?offices=ABC|XYZ&format=xml
Firstly, I'd like to know if I am I correct in terming my service an "API"?
Also I would also like to know how best to handle failure.
I return straight text messages in the case of a user not submitting the expected input - "you failed to submit any offices".
In the case of any other unforeseen malfunction, at the moment it returns a failure message in payload of the chosen format, eg json with the single array "fail" in it and I have documented this.
Having read up a little on REST recently, when a failure is not caused by misuse of the "API" - should I return something other than HTTP code 200?
If you were accessing this service, what would you prefer to see?
Should I make this another GET option?
e.g /?offices=ABC|XYZ&format=xml&on_failure=http
Or am I getting muddled between the terms API and REST?
SO suggested this post, which deals with 400/401
What's an appropriate HTTP status code to return by a REST API service for a validation failure?
but I am looking for clarification about the terms I am using. If the payload contains the error message - as in the case of Flickr then why should I wander away from that?
The larger providers like Flickr and Twitter have muddied the definition of REST quite a bit. Many developers now mistakenly believe that any service or API over HTTP is "RESTful." What you describe here is more of a data Web service using a form of RPC. Truly RESTful APIs use fluent HTTP and Web standards, and are resource centric.
To answer the main question about HTTP status codes, I would say that for RPC services it's not necessary, as the HTTP status codes won't always directly translate to method call errors. A better approach would be to map your own error codes and return them along with the status message.
For example, an RPC service for user lookups may return the following on success:
SUCCESS=1
USERNAME=example
FIRSTNAME=Example
LASTNAME=User
DISPLAYNAME=Example User
The same service may return the following on failure:
SUCCESS=0
ERRORCODE=1002
ERRORMSG=User subsystem error; requested user was not found.
In an RPC service, the exact details of the response are very flexible. All it does is relay the results of the method call to the invoker. As long as you document what the developer should see, and return clear and consistent messages, it'll work out just fine. The only HTTP status codes an RPC service should return are 200 and 500 (and only then when things break so badly you can't even return a proper error).
Back to the matter of REST, the same user service can be made RESTful if we think of a user as a resource and use an appropriate URL scheme. The very, very basic makeup of a RESTful API are as follows:
GET /api/users - should return a list
of available user accounts in the
system.
GET /api/users/example - should return
details of the example account;
returns a 404 HTTP status if the user
does not exist.
POST /api/users - create a new user
account; should return a link to the
newly created account (ways of doing
this vary, but the LOCATION header
makes sense here). Various HTTP status
codes may be returned depending on the
result.
PUT /api/users/example - edit the
details of an existing user account.
Various HTTP status codes may be
returned depending on the result.
DELETE /api/users/example - delete an
existing user account. Various HTTP
status codes may be returned depending
on the result.
The standard HTTP status codes most common to RESTful interfaces are below.
200 OK - The request was successfully completed. If this request created a new resource that is addressable with a URI, and a response body is returned containing a representation of the new resource, a 200 status will be returned with a Location header containing the canonical URI for the newly created resource.
201 Created - A request that created a new resource was completed, and no response body containing a representation of the new resource is being returned. A Location header containing the canonical URI for the newly created resource should also be returned.
202 Accepted - The request has been accepted for processing, but the processing has not been completed. Per the HTTP/1.1 specification, the returned entity (if any) SHOULD include an indication of the request's current status, and either a pointer to a status monitor or some estimate of when the user can expect the request to be fulfilled.
204 No Content - The server fulfilled the request, but does not need to return a response message body.
400 Bad Request - The request could not be processed because it contains missing or invalid information (such as validation error on an input field, a missing required value, and so on).
401 Unauthorized - The authentication credentials included with this request are missing or invalid.
403 Forbidden - The server recognized your credentials, but you do not possess authorization to perform this request.
404 Not Found - The request specified a URI of a resource that does not exist.
405 Method Not Allowed - The HTTP verb specified in the request (DELETE, GET, HEAD, POST, PUT) is not supported for this request URI.
406 Not Acceptable - The resource identified by this request is not capable of generating a representation corresponding to one of the media types in the Accept header of the request.
409 Conflict - A creation or update request could not be completed, because it would cause a conflict in the current state of the resources supported by the server (for example, an attempt to create a new resource with a unique identifier already assigned to some existing resource).
500 Internal Server Error - The server encountered an unexpected condition which prevented it from fulfilling the request.
501 Not Implemented - The server does not (currently) support the functionality required to fulfill the request.
503 Service Unavailable - The server is currently unable to handle the request due to temporary overloading or maintenance of the server.
Hopefully this information is useful, and not overload. :-)