Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

API for retrieving/send data from/to a database

Tags:

.net

security

database

api

I would like to hear experiences from you? How can I best create an API for retrieving data from a database. If you send the view name or procedures name, so would not this be totally fine with tankne on safety. So I'm wondering if anyone has experience or ideas on this?

Should I for example have a field that tells what the user who connects the API has access to? Table and row access.

like image 606
eriksv88 Avatar asked May 29 '13 21:05

eriksv88

People also ask

What is data retrieval API?

An API (i.e., Application Programming Interface) is a standardized and secure interface that allows applications to communicate and work with each other. This type of API interface is purpose-built for information retrieval and updating without the need for manual user intervention.

How does an API communicate with a database?

APIs communicate through a set of rules that define how computers, applications or machines can talk to each other. The API acts as a middleman between any two machines that want to connect with each other for a specified task.

Can you send data via API?

API requests are sent with headers that include information about the request. When sending data with fetch() , you will need to specify the Content-type , which tells the API if the data you sent is JSON or a query string. This is another property you can pass into the options with your fetch() method.

1 Answers

I'll give it a shot.

You've already mentioned Web API, so I'll assume you're using that which means you have a REST API on top of a database.

Things to do:

  1. Come up with the data model you want to expose to the users. This will likely be different in various ways from your database model. If you're a store you might have 2-3 different tables to store products, but you will want to expose a "product" with one API call.

  2. Once you have your user facing data model, start writing tests. You need unit tests for your Web API controllers and you need to find a way to mock the database calls you're making. Tests are well worth the effort!

  3. For security you have many options. You can pick from things like HMAC (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) or OAuth (Best way to create a TOKEN system to authenticate web service calls?) or even JWT (Secure WebAPI with a JWT).

  4. Once you have a user authenticated, you can assign them privileges. They can read, write and update depending on what they have access to. You can have a database table to control this potentially.

  5. I would recommend thinking about versioning ahead of time. My recommendation would be to always have two versions of your API - current and previous. You deploy the API and when you replace it for the first time you support the deprecated API and the new one. Don't try to support more than two versions.

  6. Do your best to write some kind of interface that abstracts the database before sending data via Web API. This helps you swap out the database entirely in the future if you need to. It also helps unit testing.

like image 138
ryan1234 Avatar answered Oct 09 '22 21:10

ryan1234
Sign in to Comment

Related questions

StackOverflowException is thrown when serialising circular dependent ISerializable object with ReferenceLoopHandling.Ignore
How to cast object to its actual type
ServiceStack encountered exception: The underlying connection was closed: The message length limit was exceeded
Why System.Reflection.IntrospectionExtensions.GetTypeInfo has unreachable code?
How can I disable the Caps Lock warning with a password control?
F# compiler and runtime version number confusion
What other silent changes did happen from .Net Frameworkf v.4.0 to 4.5? [closed]
What's the proper way to wait on a Semaphore?
SortedSet / SortedList with better LINQ performance?
Server 500: Too many pending secure conversations
Reproducible crash using Graphics.DrawArc
Can I declare and use DTD entities in App.config?
Changing membership connection string
should I store a reference to the parent viewmodel in the child viewmodel?
How can I express NaN values in Excel?
Work-around for Struct with Entity Framework, Code-First approach
Analog to waitable timers in .NET
Math.Atan2 and FPATAN
MMORPG development and server side logic, update all Game Objects?
Is it possible to get notifed when hosted Chromium Embedded has a JavaScript error?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!