-2

I need to create a public API for my application that can receive a single POST request. More specifically, I need to give users the ability to post data to my database -- the user would be another dev shop and they would be posting a LOT of data, so I can't ask them to log into my site and start filling out forms. I realize POST data is typically consumed via the body, not query params (this is GET).

However, I know a lot of public API's out there do this (e.g. https://developer.flightstats.com/api-docs/alerts/v1. If you look at this site and create a 'flight rule', they're saving your call and returning JSON when your parameters return true). What is best practice for this?

I'm currently using Express w/ Sequelize, and PostgresQL.

Question: Is there a way to send a POST request via URI parameters, and more importantly, is there a safe way to do this? And, if there isn't, what is the best way for a user to post data to my database without filling out a form?

alecxe
  • 414,977
  • 106
  • 935
  • 1,083
Joe
  • 325
  • 3
  • 14
  • 1
    What is the question exactly? There isn't any http rule that says a post request cannot have parameters on it. – Taplar Dec 20 '16 at 02:12
  • @joe so you need to insert data into the database on GET request? – neoDev Dec 20 '16 at 02:15
  • I edited my question above. I need to allow a user to persist data (and a LOT of it) to my database easily. @neoDev, ...yes, but can you do this without security concerns? – Joe Dec 20 '16 at 02:19
  • Can your API users use dynamically-filled-out forms? (E.g., `var fd = new FormData();fd.append(...);`) – Kyle Lin Dec 20 '16 at 02:21
  • I think so-- I've been considering the idea, and definitely the best solution so far (to my knowledge). I've just been trying to figure out if it's possible to do via URI securely, but I'm not sure there's a good way. Thank you @KyleLin – Joe Dec 20 '16 at 02:26
  • Hey Ed, can you be specific as to why this question is on hold? I've clearly asked a question specific enough to start a conversation. – Joe Dec 20 '16 at 02:51
  • You already asked this question, then deleted it. It still is not clear what you're asking. The question "Is there a way to send a POST request via URI parameters" literally does not make sense. You can post data to a URL that contains query parameters, sure. But by definition the POST data does not go in the URL. To address your comment on the deleted post: no, it's not obvious what you're asking. It sounds like you're asking how to put POST data in a URL, how to persist data in a database, how to POST without a form, and how to build an API, all at once. Please be specific and read [ask]. – elixenide Dec 20 '16 at 02:54
  • Also, just FYI: the goal here is not to "start a conversation." This is not a typical forum; there's really not supposed to be a conversation so much as a (1) question and one or more self-contained answers. I/we aren't trying to keep you from asking your questions; we're trying to help you ask the question in a way that people can help you answer it. – elixenide Dec 20 '16 at 02:57
  • I'm not asking half of those things, and it's obvious from both of my posts I know what a POST is and how it works. I edited my question and asked something much more specific, so I appreciate leading me in that direction, but I sincerely wish people were kinder and more helpful on here. Of course POST data doesn't go in the URI, but it's being done, and I'm curious how to do it. How would you ask that question? – Joe Dec 20 '16 at 02:57
  • Most things don't have a single answer. While you've been here longer than me, I appreciate any answer I can get that's helpful, even if there's two different ways to come to a solution. – Joe Dec 20 '16 at 02:58
  • You say, "Of course POST data doesn't go in the URI, but it's being done." No, it's not. *Other* info can go in the URI, but *not POST data*. That is literally impossible. It's not a matter of convention or preference; it's literally impossible to put POST data in the URL as opposed to the body, just like you literally cannot get cows to lay eggs. But because you keep wording it that way anyway, it's impossible to know exactly what data you're asking about. – elixenide Dec 20 '16 at 03:01
  • You keep inserting the word *securely*. Security around this is a broad topic. Regardless of how you do this, POST GET whatever, your backend will have to do validation to clean the request input. – Taplar Dec 20 '16 at 03:03
  • Ok, I need to persist data to my database via an API call from a user. That's what you would use a POST for in a typical CRUD app, which is why I'm using that word, but if that's more clear, that's what I'm looking to do. – Joe Dec 20 '16 at 03:03
  • Regarding security: I'm asking about best practices. I know there's ways to persist data, and want to know about any additional security issues with any given solution. – Joe Dec 20 '16 at 03:05

1 Answers1

1

Your client dont need to fill up the form , they can call your restfulapi . You need to make restful api server

See the sample below for the restful api client

$.ajax({
    type: 'POST',
    url: '/url',
    data:  JSON.stringify({name: 'jonas',"age":30}),
    success: function(data) { 
        alert('success');
       },
    contentType: "application/json",
    dataType: 'json'
});

Check this How to POST JSON data with Curl from Terminal/Commandline to Test Spring REST?

also check this What exactly is RESTful programming?

For security you can use basic auth / digest auth or any other custom authentication based your needs

Community
  • 1
  • 1
sumit
  • 13,148
  • 10
  • 57
  • 103
  • it will be nice to get reason for down vote :). He wants the best way to post in database without filling a form . – sumit Dec 20 '16 at 02:31
  • Yeah, sorry, there's some mean people on here-- I get it too, see above :) So I know with a POST data gets sent via the body-- is this getting sent via body as JSON? Thanks for the answer, it was very thorough! – Joe Dec 20 '16 at 02:37