Log message #4019723

# At Username Text
# Apr 24th 2017, 10:14 birdy247 the JsonApi is also sweet as
# Apr 24th 2017, 10:14 birdy247 Man, CRUD + API + Search = happy
# Apr 24th 2017, 10:05 Neon1024 https://youtu.be/3Neq2ey3mgE?t=18
# Apr 24th 2017, 10:05 Neon1024 But you’ve got a CMS so you’ve already got SSL
# Apr 24th 2017, 10:04 Neon1024 So worth some SSL at an absolute minimum
# Apr 24th 2017, 10:04 Neon1024 Will just get session hijacked, or man-in-the-middle’d etc etc
# Apr 24th 2017, 10:04 Neon1024 So something like example.com/api/v1/secret-endpoint/918?password=foobar
# Apr 24th 2017, 10:03 Neon1024 Plus, urls are transparent. Whatever is in the url is readable by anyone
# Apr 24th 2017, 10:03 Neon1024 Not that I like Phil Sturgeon, but that was a point he made in one of his api talks, and it’s a good one
# Apr 24th 2017, 10:02 birdy247 :+1:
# Apr 24th 2017, 10:02 Neon1024 If you happened to have a security hole, I could suck your database dry
# Apr 24th 2017, 10:01 birdy247 ah right
# Apr 24th 2017, 10:01 Neon1024 Making it very easy for me to automatically hit every record in your database
# Apr 24th 2017, 10:01 Neon1024 Well if it’s public Birdy, and you’re urls are something like example.com/api/v1/secrets/2 it’s safe to assume that example.com/api/v1/secret/3 will be a something as well
# Apr 24th 2017, 09:49 birdy247 Neon1024 you mentioned to hide primary keys in any responses
# Apr 24th 2017, 09:45 hagen00 sorry, will delete, it does work. I had a template error
# Apr 24th 2017, 09:45 birdy247 the resource
# Apr 24th 2017, 09:44 birdy247 Neon1024 got it :slightly_smiling_face:
# Apr 24th 2017, 09:43 Neon1024 https://crud.readthedocs.io/en/latest/listeners/jsonapi.html
# Apr 24th 2017, 09:42 Neon1024 https://github.com/FriendsOfCake/crud/blob/master/src/Listener/JsonApiListener.php
# Apr 24th 2017, 09:42 Neon1024 https://book.cakephp.org/3.0/en/development/routing.html#resource-routes
# Apr 24th 2017, 09:41 birdy247 api/v1/events/add with POST does add a new event
# Apr 24th 2017, 09:41 birdy247 instead if gives a list of events
# Apr 24th 2017, 09:41 birdy247 api/v1/events with POST does not add a new record
# Apr 24th 2017, 09:40 birdy247 api/v1/events with GET gives a list of events
# Apr 24th 2017, 09:38 birdy247 any ideas?
# Apr 24th 2017, 09:35 birdy247 rather than anyting to suggest its trying to add a new record
# Apr 24th 2017, 09:35 birdy247 but I always get back a list of results
# Apr 24th 2017, 09:35 birdy247 I am using POST
# Apr 24th 2017, 09:34 birdy247 I am trying to ADD a record via my API
# Apr 24th 2017, 09:06 theaxiom Yo dawg
# Apr 24th 2017, 09:06 theaxiom Maybe I will use both, haha
# Apr 24th 2017, 09:05 Neon1024 Well core team recently switched from Coveralls to CodeCov for what it’s worth
# Apr 24th 2017, 09:05 theaxiom Which is better, codecov or coveralls?
# Apr 24th 2017, 09:03 Neon1024 But #minor
# Apr 24th 2017, 09:03 Neon1024 Sometimes index templates are missing associations
# Apr 24th 2017, 09:03 Neon1024 The RelatedModelsListener needs a little love though imho
# Apr 24th 2017, 09:03 theaxiom You can also override the methods and then pass back to CRUD when you are done hi-jacking the event.
# Apr 24th 2017, 09:02 Neon1024 s/event/exception
# Apr 24th 2017, 09:02 Neon1024 Otherwise crud can’t catch the missing method event
# Apr 24th 2017, 09:02 birdy247 perfrcto for an API!