Home > Software engineering >  How to run json API command by clicking a hyperlink?
How to run json API command by clicking a hyperlink?

Time:05-03

I am a total newb to API and json so this might be basic. But couldn't find a solution by googling.

I want to change e-shop order status via API by clicking a hyperlink in an e-mail. I activated an API and managed to change the order status by Postman by following command:

PUT {url}/api/v2/orders HTTP/1.1
Content-Type: application/json
Authorization: Basic {abcdefgh}
{
    "orders": [
        {
            "order_number": "00001",
            "status_id": "16",
        }
    ]
}

Is there a way how to run this command by simply clicking a hyperlink? And should I be concerned about security since the authorisation is hardcoded there?

CHeerS!

CodePudding user response:

Since clicking a hyperlink in an email is the same as typing out the address in the browser bar, you can't make POST requests through it. One way of doing what you want is to generate a onetime-use token, and simply put it in the url. When the user clicks the kyperlink, the GET request to the server will contain the token, which can be used for validation.

CodePudding user response:

Is there a way how to run this command by simply clicking a hyperlink?

Not in general, no. Clicking on a link in an e-mail issues a GET request, which can't contain a body. That is: your "orders" JSON won't be included. It also won't know to include the Authorization header.

As far as I know, no common e-mail clients allow you to issue PUT or POST requests.

So: could you encode the request in the URL, and use a GET request instead? Absolutely you could. Don't do this.

There are several reasons for this. The most important is the one you mention:

And should I be concerned about security since the authorisation is hardcoded there?

Hardcoding authorization is a bad idea in general, but particularly in an email: (1) you can't guarantee that an email is encrypted, which exposes the credentials to anyone who can capture the message; (2) if you forward the email to me, I now have your credentials.

Moreover, if you include the authorization in the URL, that's now in the user's browser history, and if they share the link with anyone ("hey, look at this deal on paperclips!"...), well: same as above.

CodePudding user response:

Email clients for safety reasons do not support the execution of scripts or anything else other than a GET request. As this would require the use of javascript/jquery to build up a payload and call the API with said payload.

You will need to take the client to a secure page to sign in and manage their order.

The hyperlink can perhaps take them to a sign-in page or register page.

Token authorization might work with email being the verification taking the user to a page to see their orders. But again, you won't be sure an authorized person opens the email.

Regarding hard coding any type of authorization, that is a big no.

Page link:https//www.codepudding.com/Softwareengineering/393626.html

Prev:How can find a sample api from internet for list of category and list of subCategory. subCategory wi
Next:NGINX rewrite / redirect / alias wildcard for full path
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding