Extracting information from a webservice

Pierre-Yves Chibon py at chibon.fr
Thu Jan 17 20:44:06 PST 2013 

On Thu, Jan 17, 2013 at 10:33:13PM +0100, Aurélien PRALONG wrote:
>    Hello all,
> 
>    As you are writing about the companion, I will add some remarks.
> 
>    I didn't see that Pierre did so many work on the web-service, so I did a
>    stub WS in java to start adding new features to the companion (such as
>    history and registering from the mobile app directly). I obtained quite
>    the same API, except from these points :
>    I used only one URI for dive parts:
>       - GET /api/dive/{ID} to retrieve someone dives
>       - PUT /api/dive/{ID} to add a dive (data is inside the HTTP content)
>       - GET /api/user/{email} to get user ID from email
>       - PUT /api/user/ to create a user (data is inside the HTTP content)
> 
>    Content is passed as a XML. For instance, for a dive, we have :
>    <dive>
>       <name>My dive</name>
>       <latitude>10.0012</latitude>
>       <longitude>3.1.5</longitude>
>       <date>2013-01-17T22:12:10+01:00</date>
>    </dive>
> 
>    The content in input is set via the "Content-Type" HTTP header (e.g.
>    application/xml or application/json), and the output by "Accept" header.
>    Although I understand it is easier to manipulate an URL, I personnaly
>    think this approach (the REST approach) is more clear (2 URI) and
>    flexible. Indeed, if we want to add pictures to a dive (which would be
>    cool I think. Always fun to add a blurry fish), we can simply add a field
>    in the XML, which would be more difficult in the URL (base64 in URL ?).
>    And if use Java/Spring it is realy fast to configure (but I dont' think
>    you use it ;) ).
> 
>    Another problem I see is security (I'm probably paranoid) : with the new
>    API, you just have to call the WS with an email (say, any email in the
>    mailing list), and you can get the ID, so upload and get dives. Maybe
>    should we consider to add a password, at least for ID recovery ?

May I ask you to tell me my ID? :)

Unless, I am wrong, I think you missed something.

>    For GPS sync, I would suggest that each dive returned by the WS (when
>    getting all list, or uploading one from companion) should have an ID
>    managed by the server, so that the matching is easy.

I do not see an ID on the server side would help matching, could you elaborate?
I was more seeing a matching based on the date/time of the dives.

Which make me think, would we want a possibility to retrieve the dive associated
to someone for a given date or time period?

Pierre

More information about the subsurface mailing list