Hey everyone so I have a question, can I have an endpoint api in my Mobile application?
For example I have a server that would do stuff with data and then I would send a post request to my mobile application letting it know new data had came in. How would I go about that? Is that even possible?
My solution I came across was to use firebase api since I remember It has a watcher. So I can easily change some data inside the firebase database by using my server. The mobile application will have the firebase watcher and see that something in the FB database got changed and it will proceed to react to it.
Without using firebase. If I were to send a get request to my server from my mobile application every second(as a watcher) is that bad practice? Or is that pretty much what firebase's watcher is doing?
I know that when you deploy a web application you can have a backend inside the directory. Would mobile applications even allow that?
Is there a simpler way?
also note
I'm using Ionic framework so its a javascript framework
And I'm using nodejs/express as my server
If I were to send a get request to my server from my mobile
application every second(as a watcher) is that bad practice? Or is
that pretty much what firebase's watcher is doing?
This is a bad practice and that is not what it is doing.
I know that when you deploy a web application you can have a backend
inside the directory. Would mobile applications even allow that?
You can't have easily a backend in your mobile application. You can call it but not having one inside your application.
Using Firebase is the good practise.
If you want to create your own server, you can create also a firebase cloud messaging server.
What you are doing is called push notifications. More infos here : https://stackoverflow.com/tags/push-notification/info
Related
I’m building a React application with a Node backend. In the backend I have an API that just talks to a database and I can deploy the API and the React app at the same time.
Although this works fine, the API routes are not secure ,i.e, anyone can freely access myapp.com/api/getData. I would like only my React front end to be able to access these /API endpoints and I’m not sure what is the best way to do that.
To be clear, I don’t mean securing them so that only a logged in user can access them but basically preventing a user from going in their browser / Postman, typing in that URL and getting the data.
I know that a solution would be to have the API as a separate project, deployed separately and secure that with an API key for example but I like the convenience of having both deployed at the same time.
Is there a better way of doing this?
EDIT: I've ended up just moving the API to a separate project
I'm trying to build my first API to be consumed by a mobile application built with Ionic.
Before starting I'm looking into the architecture and I can not understand exactly how to make secure my API routes.
Let's say I have an endpoint like http://myapi/v1/get-items and my application doesn't need an user to be authenticated to view those items in the mobile app.
How should I protect that route from external queries, using Postman for example?
I wish that route to be not accessible unless is not requested by the application.
Looking on Google I can find many solution using basic authentication but all of those require an user to log in... What if my app doesn't have users to log in?
I'm a bit confused but I think there is a solution and I don't know it yet...
I hope you can help me to understand it.
EDIT:
My Question is totally different from the following: How to implement a secure REST API with node.js
I'm looking for solution that DO NOT require a User Authentication.
If you don't want to use User Auth through something like Passport then you can institute a whitelist in your Node API instead. express-ipfilter is an express middleware module that allows you to filter requests based on the request IP.
Requiring a login would be the cleanest and safest way to make sure your api remains private. However, if you want to keep external users out of your services without requiring a login, you will need to "sign" your requests. By that I mean doing something like encrypting a current timestamp on the client using a key known to both the server and the client app, adding that encrypted string as a header, receiving that header in your server, decrypting it and checking that it's not too old of a timestamp before you return a response.
It's not really safe (if someone can see the code they can see the encryption key) but it's an obstacle and it down't require logging in. See this for an example on encryption/decryption
I am now developing a mobile app using ionic framework and it's using larvel 4 REST API to do CRUD operations with MySql database. Based on the app requirement, the mobile app needs to call backend service everytime in order to complete certain process.
I am using Angular Resource to call those APIs and i am calling them every 3 secs using Javascript setinterval function. However, the app is working, I don't really feel that it's a good practice to do because it's a heavy task for both server and client.
Could you guys please guide me how I should solve this kind of situation and i really appreciate your help. Especially, which kind of tools I should setup and what are they? Thank you.
setInterval isn't a best practice to receive new data from your API server/DB because the server could get flooded when too many users access your web site. However there is a prettier solution: WebSockets. With websockets you receive notifications realtime. I am not a PHP developer so I don't know what WebSocket libraries are used for Laravel/PHP development. But on the AngularJS part I can recommend this: https://github.com/gdi2290/angular-websocket
A WebSocket example (non-related): http://jsfiddle.net/EAVvQ/24/
Hope this helped.
Cheers!
I have a AngularJS app (embedded in a Cordova app).
To get and set data, it uses a REST API (that runs on a Django backend server).
I need that the app keeps working for several features even if the network is down.
For example, I'm expecting this kind of behaviour:
Online Mode
A client does something in the app
a POST request (to create data) is sent to the API
The client gets a "Thank you for doing xxx"
Fallback offline mode
A client buys something on the app
The client gets a "xxx can't be done right now, but it will be done as soon as possible"
Nothing can be sent to the server since we're offline. So how to do? Is there a way to put the API requests in a queue that will be executed when we're back to online mode?
How would you technically design this? It seems there is lots of differents technologies for offline mode, and it's a little bit confusing to me. Any guidance would be welcome.
Thanks a lot.
I would like to use such app, that would make me feel stupid. But there is
You can check network status with this plugin.
https://github.com/apache/cordova-plugin-network-information/blob/master/doc/index.md
Each request will need a switch between sending HTTP POST and saving POST data to local storage.
Then you would just create callbacks for following events:
document.addEventListener("offline", onOffline, false);
function onOffline() {
// Turn on saving to local storage
}
document.addEventListener("online", onOnline, false);
function onOnline() {
// Read local storage, send all requests
}
I'm not sure what the pressure in the comments are not to do this. We have this functionality in an app we are developing.
Basically we package up the iOS app as a Cordova wrapped web container and also run a local proxy server as part of the app. It passes all data through it to the web service. If the requests fail, it returns an identifier to the app so you can determine that the connection to the server is down, and the app then saves the requests to localStorage. That way the UI can adapt to being in "offline mode." you can later push data from the app through the proxy once the connection to the server is restored. The app connects directly to the proxy rather than to a webservice.
As far as I'm aware, there's not an easy library to solve this situation though, and you have to be aware of how the requests will affect the online application (can things go out of sync in your system, if the user runs requests that are cached until later?)
It is definitely something that can be done, though.
I've being working with Node.js and Angular.js. But now I am moving into mobile (Android) and I would like to solve some doubts before getting started because documentations have being quite confusing. So here are my questions:
How will the mobile app connect to the backend? is it just configuring the config.xml file?
How is the Login system suppose to work when talking from the mobile to the backend?
Does the Login system allow to use the Notification API's? Which variables should I consider?
What limitations would I have when working with Javascript? Like Underscore, D3, Three.js, etc...
If anyone could answer these questions I would really appreciated
1) It depends on what you refer as "back-end". I assume you re referring to some remote server connection. As Cordova is fully based on HTML,CSS and Javascript, you can use some ajax calls to connect to your server(back-end) to get/put data.
2) For my apps, for login system, I use ajax based solution to callback my remote server and validate the login username and password.
3) Yes. You can use the features of Alert, Beep, Vibrate and even push notifications. Refer to the corresponding API docs.
4) Virtually no limitations on what use as long as its javascript and does not create contention with other javascript codes you use together.
It will connect to the backend the same way your web apps do, what transports do you usually use?
Logins will work the same way your web apps do.
There are no limitations on javascript, it will be very similar to developing for the mobile web except you will have more device APIs available to you and you will have the ability to create custom device APIs.