Menu
I would like to hear experiences from you? How can I best create an API for retrieving data from a database. If you send the view name or procedures name, so would not this be totally fine with tankne on safety. So I'm wondering if anyone has experience or ideas on this?
Should I for example have a field that tells what the user who connects the API has access to? Table and row access.
606
An API (i.e., Application Programming Interface) is a standardized and secure interface that allows applications to communicate and work with each other. This type of API interface is purpose-built for information retrieval and updating without the need for manual user intervention.
APIs communicate through a set of rules that define how computers, applications or machines can talk to each other. The API acts as a middleman between any two machines that want to connect with each other for a specified task.
API requests are sent with headers that include information about the request. When sending data with fetch() , you will need to specify the Content-type , which tells the API if the data you sent is JSON or a query string. This is another property you can pass into the options with your fetch() method.
I'll give it a shot.
You've already mentioned Web API, so I'll assume you're using that which means you have a REST API on top of a database.
Things to do:
Come up with the data model you want to expose to the users. This will likely be different in various ways from your database model. If you're a store you might have 2-3 different tables to store products, but you will want to expose a "product" with one API call.
Once you have your user facing data model, start writing tests. You need unit tests for your Web API controllers and you need to find a way to mock the database calls you're making. Tests are well worth the effort!
For security you have many options. You can pick from things like HMAC (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) or OAuth (Best way to create a TOKEN system to authenticate web service calls?) or even JWT (Secure WebAPI with a JWT).
Once you have a user authenticated, you can assign them privileges. They can read, write and update depending on what they have access to. You can have a database table to control this potentially.
I would recommend thinking about versioning ahead of time. My recommendation would be to always have two versions of your API - current and previous. You deploy the API and when you replace it for the first time you support the deprecated API and the new one. Don't try to support more than two versions.
Do your best to write some kind of interface that abstracts the database before sending data via Web API. This helps you swap out the database entirely in the future if you need to. It also helps unit testing.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
