I am using Azure API Management.
I have create an API, a product and a subscription
The API is generic. it does a lookup of sales order history and requires a customer id to show that customers orders onyl. The relation between customer and subscription is intended as 1:1.
However I dont want subscribers to see other subscribers data. I thought, I could set a fixed parameter (e.g. customer id) to each subscription to be passed to the API on any call.
Or how can limit API to be only show subscriber specific data? Somehow the API has to differentiate between subscriber. Any idea?
When calling an API using a subscription key, the context.Subscription and context.User (not for standalone subscriptions) are set for use in policies.
Since you have a 1:1 relation between customer and subscription, you could set a header in the request to the backend with the user's email using the below policy statement in the inbound policy section
<set-header name="x-customer-email" exists-action="override">
<value>#(context.User.Email)</value>
</set-header>
Related
Ideal Scenario.
The user makes the order.
Firebase Server sends the request to Stripe.
Stripe Confirm Payment Method and sends a webhook to Firestore. At this point, I can create the order on the server. But:
webhook sometimes is fast and others not
need to create a temp order and update it later with the data from the hook
Problems till here
how to know the id of the created order to update later?
is there some way to send data automatically from the server to the client?
The most common way to handle this is to attach metadata to your PaymentIntent with a UUID for your Order ID. At the same time you create a corresponding order in your database. Then, that same Order ID will come through via your Webhook (via the metadata you set) when the payment has been completed and you update your database accordingly for that order.
We are a using a micro-service based pattern for our project where we have Users and their Orders. Users personal information (name, email, mobile) is stored in User table in relational database while we are storing Orders data of users in Orders collection in NoSql database. We want to develop an API to get a paginated list of all the orders placed with order details along with finer details of user associated like - user name, mobile, email along with each order. We are storing userId in Orders collection.
The problem is how do we get User details for each order in this list since both the resources are in different databases. We also thought of storing user name, email and mobile in Orders collection only but what if a user updates their profile, the Orders collection will have stale user data.
What is the best approach to address this issue?
You can use API gateway pattern, UI will call to API gateway endpoint and the Endpoint will call the both the API/services to get the result and aggregate it then returns aggregated response to the UI (caller)
https://microservices.io/patterns/apigateway.html
Well it mostly depends on scalability needs in terms of data size and number of requests. You may go with the API gateway if you don't have too much data and you don't get many requests to that service.
Otherwise if you really need something scalable then you should implement your own thought with an event based communication.
I already provided an answer for a similar situation you can take a look
https://stackoverflow.com/a/63957775/3719412
You have two services Orders and Users. You are requesting Orders service to get all Orders. It will return a response data which will contains ID of Users (each Order contains ID of User). Then, you will make a request to a Users service to get an information regarding User by ID which you got before. And finally, you can aggregate those results (if it is needed).
As guys mention, good solution will be to implement API Gateway here. As a client, you will send a request to a single port with endpoint (to a Gateway) and Gateway should create logic which I have described before.
I am setting up webhooks for Teams call records mentioned in https://learn.microsoft.com/en-us/graph/api/callrecords-callrecord-get?view=graph-rest-1.0&tabs=http .
My doubt is related to statement "Subscribe to change notifications to the /communications/callRecords endpoint.".
Can we use same notification url for multiple accounts with different tenant id ?
or Can we use same notification url for completely different organizations ?
There is no technical constraint preventing us from using the same webhook endpoint.
The webhook just needs to read the tenantId field to route notifications appropriately. Note that each tenant does need its own subscription, but they can all have the same notificationUrl.
I have a rest api which has organisations as a top level object and all other data belongs to an organisation e.g. orders, invoices, projects etc..
Users have the ability to belong to multiple organisations and on my frond end SPA I want them to be logged into one application at a time with the ability to switch.
Should I be storing the current organisation id on the client side and passing it with every request or should i have a rest endpoint that sets the current org id on the user table etc, which will also mean when they come back and login it is already set to the last organisation they accessed.
Should I be storing the current organization id on the client side and passing it with every request?
Yes,
a general practice is sending the information in each API because API are stateless.
Should I have a rest endpoint that sets the current org id on the user table?
NO you should not, one of the reason is let say user logs in browser1 you will store that organizationId in table, same user login from browser2 this will override your previous Id
Now if you go back to browser1 it will have inconsistent data unless you had designed a mechanism not to override the previous value.
Hope that make sense
In general, stateless APIs are fairly common. For instance, you might pass an Auth Token (JWT) with every single request, which identifies the User and could potentially provide other info about the User as well.
If you're using Laravel, you might want to look into this package to handle JSON Web Tokens: https://github.com/tymondesigns/jwt-auth. You could then serialize your User object on Login, which could also include their current Organization. The frontend can then pass this token with every request (as an Authorization Header)
We are trying to develop a SCIM enabled Provisioning system for provisioning data from an Enterprise Cloud Subscriber(ECS) to Salesforce(Cloud Service Provider-CSP). We are following SCIM 1.1 standard.
What are we able to do:
We are able to perform CRUD operations on User object using Salesforce auto-generated userId field
Exact Problem:
We are not able to update/delete User object using externalId provided by ECS.
Tried something as below... But it is not working, Unknown_Exception is thrown...
XXX/my.salesforce.com/services/scim/v1/Users/701984?fields=externalId
Please note that it is not possible to store Salesforce userId in ECS's database due to some compliance reasons. So we have to completely depend upon externalId only.
Possible Workaround:
Step1: Read the userId based on externalId from Salesforce
Step2: Update the User object using the salesforce UserId obtained in Step1.
But this two step process would definitely degrade the performance.
Is there any way to update/delete the User by externalId
Could you please guide us on this..
Thanks so much....
I realize this is old thread but wanted to note that you CAN update Users from REST using an external ID. The endpoint in above question is incorrect. Following is how it should be set, send as a PATCH request:
[instance]/services/data/v37.0/sobjects/user/[external_id__c]/[external id value]
Instance = your instance i.e. https://test.salesforce.com/
external_id__c = API name of your custom external Id field on User
external id value = whatever the value of the user's external Id
NOTES:
Salesforce responds with an HTTP 204 status code with No Content in the body, this isn't usual for patch requests, but it is 'success' response
The external id on user has to be a custom field, make sure it is set
as UNIQUE
Ensure the profile/permission set of the user that is making the call
has the Manage Users permission & has access to the external id field
It is pretty common pattern for other applications, too, to search first and then perform on update on the returned object. Your workaround seems fine to me. What performance problem are you concerned about? Are you concerned about Salesforce not being able to process more requests or are you concerned about the higher response time in your application because you need to make multiple requests? Have you actually measured how much an extra call costs?