Setting Authorization Header of HttpClient
So the way to do it is the following, httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(“Bearer”, “Your Oauth token”);
rest
Representational state transfer (REST) and Simple Object Access Protocol (SOAP)
Simple explanation about SOAP and REST SOAP – “Simple Object Access Protocol” SOAP is a method of transferring messages, or small amounts of information, over the Internet. SOAP messages are formatted in XML and are typically sent using HTTP (hypertext transfer protocol). Rest – Representational state transfer Rest is a simple way of sending and … Read more
RESTful Authentication
How to handle authentication in a RESTful Client-Server architecture is a matter of debate. Commonly, it can be achieved, in the SOA over HTTP world via: HTTP basic auth over HTTPS; Cookies and session management; Token in HTTP headers (e.g. OAuth 2.0 + JWT); Query Authentication with additional signature parameters. You’ll have to adapt, or … Read more
Best Practices for securing a REST API / web service [closed]
As tweakt said, Amazon S3 is a good model to work with. Their request signatures do have some features (such as incorporating a timestamp) that help guard against both accidental and malicious request replaying. The nice thing about HTTP Basic is that virtually all HTTP libraries support it. You will, of course, need to require … Read more
Best practices for API versioning? [closed]
This is a good and a tricky question. The topic of URI design is at the same time the most prominent part of a REST API and, therefore, a potentially long-term commitment towards the users of that API. Since evolution of an application and, to a lesser extent, its API is a fact of life … Read more
Posting a File and Associated Data to a RESTful WebService preferably as JSON
I asked a similar question here: How do I upload a file with metadata using a REST web service? You basically have three choices: Base64 encode the file, at the expense of increasing the data size by around 33%, and add processing overhead in both the server and the client for encoding/decoding. Send the file … Read more
Is an entity body allowed for an HTTP DELETE request?
The spec does not explicitly forbid or discourage it, so I would tend to say it is allowed. Microsoft sees it the same way (I can hear murmuring in the audience), they state in the MSDN article about the DELETE Method of ADO.NET Data Services Framework: If a DELETE request includes an entity body, the … Read more
Which status code should I use for failed validations or invalid duplicates?
For input validation failure: 400 Bad Request + your optional description. This is suggested in the book “RESTful Web Services”. For double submit: 409 Conflict Update June 2014 The relevant specification used to be RFC2616, which gave the use of 400 (Bad Request) rather narrowly as The request could not be understood by the server … Read more
How do you set the Content-Type header for an HttpClient request?
The content type is a header of the content, not of the request, which is why this is failing. AddWithoutValidation as suggested by Robert Levy may work, but you can also set the content type when creating the request content itself (note that the code snippet adds application/json in two places-for Accept and Content-Type headers): … Read more
Use of PUT vs PATCH methods in REST API real life scenarios
NOTE: When I first spent time reading about REST, idempotence was a confusing concept to try to get right. I still didn’t get it quite right in my original answer, as further comments (and Jason Hoetger’s answer) have shown. For a while, I have resisted updating this answer extensively, to avoid effectively plagiarizing Jason, but … Read more