Log message #4019736

# At Username Text
# Apr 24th 2017, 10:19 bravo-kernel Gotta go, gl guys and girls
# Apr 24th 2017, 10:18 bravo-kernel Simply put: a must IMHO
# Apr 24th 2017, 10:18 bravo-kernel :face_with_rolling_eyes:
# Apr 24th 2017, 10:18 bravo-kernel Not optional
# Apr 24th 2017, 10:18 birdy247 Not optimal?
# Apr 24th 2017, 10:17 bravo-kernel No problem
# Apr 24th 2017, 10:17 bravo-kernel Using JsonApiListener is not even optional anymore IMO
# Apr 24th 2017, 10:16 birdy247 big thanks for writing that
# Apr 24th 2017, 10:16 birdy247 @bravo-kernel great API blog post
# Apr 24th 2017, 10:16 birdy247 :)
# Apr 24th 2017, 10:16 bravo-kernel s/use/you might want to use/
# Apr 24th 2017, 10:15 bravo-kernel @birdy use muffin/obfuscate if you want to hide your (auto incremental) ids
# Apr 24th 2017, 10:14 Neon1024 You can thanks bravo-kernel
# Apr 24th 2017, 10:14 birdy247 the JsonApi is also sweet as
# Apr 24th 2017, 10:14 birdy247 Man, CRUD + API + Search = happy
# Apr 24th 2017, 10:05 Neon1024 https://youtu.be/3Neq2ey3mgE?t=18
# Apr 24th 2017, 10:05 Neon1024 But you’ve got a CMS so you’ve already got SSL
# Apr 24th 2017, 10:04 Neon1024 So worth some SSL at an absolute minimum
# Apr 24th 2017, 10:04 Neon1024 Will just get session hijacked, or man-in-the-middle’d etc etc
# Apr 24th 2017, 10:04 Neon1024 So something like example.com/api/v1/secret-endpoint/918?password=foobar
# Apr 24th 2017, 10:03 Neon1024 Plus, urls are transparent. Whatever is in the url is readable by anyone
# Apr 24th 2017, 10:03 Neon1024 Not that I like Phil Sturgeon, but that was a point he made in one of his api talks, and it’s a good one
# Apr 24th 2017, 10:02 birdy247 :+1:
# Apr 24th 2017, 10:02 Neon1024 If you happened to have a security hole, I could suck your database dry
# Apr 24th 2017, 10:01 birdy247 ah right
# Apr 24th 2017, 10:01 Neon1024 Making it very easy for me to automatically hit every record in your database
# Apr 24th 2017, 10:01 Neon1024 Well if it’s public Birdy, and you’re urls are something like example.com/api/v1/secrets/2 it’s safe to assume that example.com/api/v1/secret/3 will be a something as well
# Apr 24th 2017, 09:49 birdy247 Neon1024 you mentioned to hide primary keys in any responses
# Apr 24th 2017, 09:45 hagen00 sorry, will delete, it does work. I had a template error
# Apr 24th 2017, 09:45 birdy247 the resource
# Apr 24th 2017, 09:44 birdy247 Neon1024 got it :slightly_smiling_face:
# Apr 24th 2017, 09:43 Neon1024 https://crud.readthedocs.io/en/latest/listeners/jsonapi.html
# Apr 24th 2017, 09:42 Neon1024 https://github.com/FriendsOfCake/crud/blob/master/src/Listener/JsonApiListener.php
# Apr 24th 2017, 09:42 Neon1024 https://book.cakephp.org/3.0/en/development/routing.html#resource-routes
# Apr 24th 2017, 09:41 birdy247 api/v1/events/add with POST does add a new event
# Apr 24th 2017, 09:41 birdy247 instead if gives a list of events
# Apr 24th 2017, 09:41 birdy247 api/v1/events with POST does not add a new record
# Apr 24th 2017, 09:40 birdy247 api/v1/events with GET gives a list of events
# Apr 24th 2017, 09:38 birdy247 any ideas?
# Apr 24th 2017, 09:35 birdy247 rather than anyting to suggest its trying to add a new record
# Apr 24th 2017, 09:35 birdy247 but I always get back a list of results