Could you elaborate on this:
it’s not really possible to document and validate that an endpoint needs to have at least one of something
In what sense it is not possible, as I can easily see it done in the code?
Comment on Admins: Instnace randomly running extremely slowly? Check for this
freamon@preferred.social 6 days agoPieFed has a similar API endpoint. It used to be scoped, but was changed at the request of app developers. It’s how people browse sites by ’New Comments’, and - for a GET request - it’s not really possible to document and validate that an endpoint needs to have at least one of something (i.e. that none of ‘post_id’ or ‘user_id’ or ‘community_id’ or ‘user_id’ are individually required, but there needs to be one of them).
It’s unlikely that these crawlers will discover PieFed’s API, but I guess it’s no surprise that they’ve moved on from basic HTML crawling to probing APIs. In the meantime, I’ve added some basic protection to the back-end for anonymous, unscoped requests to PieFed’s endpoint.
Could you elaborate on this:
it’s not really possible to document and validate that an endpoint needs to have at least one of something
In what sense it is not possible, as I can easily see it done in the code?
It’s straight-forward enough to do in back-end code, to just reject a query if parameters are missing, but I don’t think there’s a way to define a schema that then gets used to auto-generate the documentation and validate the requests. If the request isn’t validated, then the back-end never sees it.
For something like https://freamon.github.io/piefed-api/#/Misc/get_api_alpha_search, the docs show that ‘q’ and ‘type_’ are required, and everything else is optional. The schema definition looks like:
/api/alpha/search:
get:
parameters:
- in: query
name: q
schema:
type: string
required: true
- in: query
name: type_
schema:
type: string
enum:
- Communities
- Posts
- Users
- Url
required: true
- in: query
name: limit
schema:
type: integer
required: false
required
is a simple boolean for each individual field - you can say every field is required, or no fields are required, but I haven’t come across a way to say that at least one field is required.
Ah, I see, so you are talking about this.
Of course it is nice if things get auto-generated, but doing it yourself, both in code and documentation should never be excluded as an option.
Exactly that, yeah. Thank you for the link.
OpenStars@piefed.social 6 days ago
Good thinking!:-)