Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.

HTTP Framework Endpoint Toggle

Opto_WillOpto_Will
in SRP HTTP Framework
Is there a way in the Framework to toggle off the visibility of a Endpoint (and method within)?

Basically, we are looking at better control of API 'modules' so we may not want all Endpoints or Methods to be available by default. This can obviously be done manually, by (rather than deploying the whole record) but that makes the installation a bit more tedious.

There will obviously be another consideration with regards of updatability once a particular site deviates from the standard but first things first....

Comments

  • DonBakkeDonBakke
    There isn't a built-in way to do this as thoroughly as you are describing. If I want to disable an endpoint then I remove all methods. But that doesn't "toggle off the visibility" in the way you are probably hoping for.

    Even if we added a feature that toggled on/off the visibility, it would still be an extension to the resource configuration record. It seems like you were hoping to avoid that. What kind of a solution did you have in mind? Also, were you hoping this would be tied to security (i.e., authorization based) or is this still something that would be configuration based (i.e., specific to a given site)?
  • Opto_WillOpto_Will
    Don,
    You are on point as always.
    I havent thought too much about a design but I have been asked the question by the higher-ups in the past.
    Basically an attempt to monetize some of the unique API endpoints. I like how I can deploy the full endpoint list via the configuration record but then that would indeed overwrite any visibility customisation. Food for thought...

    And yes, ultimately I can see arguements for both access scenarios. At the start, I would say site based (i.e. they pay for a special integration like to a particular CRM) but I can see it might quickly go down the path of user level security.

    I think I will park this until there is more pressure from above to come up with a solution.

  • DonBakkeDonBakke
    For what it is worth, our road map for the next major release of the HTTP Framework is to move the resource configuration record into a standalone database table. This would allow each resource/endpoint to be a record with its own metadata/properties. Once this is done, deployment of specific endpoints would be much easier as well as improving how authorization would tie in.
  • Opto_WillOpto_Will
    Indeed it would :)
  • Opto_WillOpto_Will
    One last question while I have you Don.
    Any high level statstical metrics on endpoint access in that roadmap?
    I get we can keep logs but thats a LOT of ever expanding information when something as simple as daterange/endpoint/method/access count (or some variation therein) could be enough...

    Once again, nothing concrete in plans yet. Just food for thought at this stage...
  • DonBakkeDonBakke
    Wasn't on the roadmap but doesn't mean it can't be added or even floated near the top. I'll keep you posted.
  • Opto_WillOpto_Will
    Thanks Don.
Sign In or Register to comment.