locked
Design question RRS feed

  • Question

  • User-1104215994 posted

    Hello,

    I implemented an asp.net web api2 rest service. My rest service is kinda proxy. I mean, <g class="gr_ gr_128 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="128" data-gr-id="128">client</g> makes a call to my rest API and my rest API call another rest API. Transfers the response from the 3rd party rest API to the client.

    3rd party rest API has 2 methods. First one is like authorization which returns back a token. And with this token client should make another request to the second method to complete the process. At this <g class="gr_ gr_1073 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" id="1073" data-gr-id="1073">point</g> everything goes well.

    I added an extra layer of authorization in order to validate the client. When <g class="gr_ gr_1165 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="1165" data-gr-id="1165">client</g> calls this first method, I am checking <g class="gr_ gr_1233 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="1233" data-gr-id="1233">client's</g> credentials. If <g class="gr_ gr_1328 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="1328" data-gr-id="1328">client</g> is authorized, I return a JWT token which should be used in the second method to complete the process. Now <g class="gr_ gr_1638 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="1638" data-gr-id="1638">client</g> has to send 2 different tokens.

    Now I am thinking if I can somehow keep the 3rd parties token instead of sending to the client and attach the token to the client request when <g class="gr_ gr_1777 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="1777" data-gr-id="1777">client</g> call the second method. Is this seems logical? If so how can I keep track of which request to attach? It is stateless right. Just trying to unburden the client and make my rest API more usable. I would glad if you can share your ideas.

    Thank you.

    Tuesday, May 7, 2019 6:41 PM

All replies

  • User475983607 posted

    Now I am thinking if I can somehow keep the 3rd parties token instead of sending to the client and attach the token to the client request when client call the second method. Is this seems logical? If so how can I keep track of which request to attach? It is stateless right. Just trying to unburden the client and make my rest API more usable. I would glad if you can share your ideas.

    Use a database table where the token your app created is the key used to fetch the 3rd party key.  You might want to add an expiration date column too.

    Tuesday, May 7, 2019 6:46 PM
  • User-1104215994 posted

    Use a database table where the token your app created is the key used to fetch the 3rd party key.  You might want to add an expiration date column too.

    Now it will be a load to my rest API :) I have to write both tokens into a table. Then query the table, fetch the 3.party token and attach it to the request. It seems it will consume some time.

    Tuesday, May 7, 2019 6:57 PM
  • User475983607 posted

    cenk1536

    Now it will be a load to my rest API :) I have to write both tokens into a table. Then query the table, fetch the 3.party token and attach it to the request. It seems it will consume some time.

    DB calls are generally asynchronous.  If the code is doing other work then waiting on the async call does not matter much.  Can you explain why you have this fear of using a database?  Can you explain why you think making a DB call takes more time?  Do you have a throughput specification?  If so, what is the spec?  

    If you prefer the web server persist the data, then use a static dictionary where the dictionary key is your token and the value is the 3rd party token.  There also Memory Cache which has the added benefit of a timeout.   Keep in mind both methods, static dictionary and Memory Cache, are volatile.  The application will lose all the tokens if the app restarts for any reason.  This might poss a challenge if the 3rd party token has not expired.  You'll have to read the 3rd party docs to make sure you understand how it works.

    Tuesday, May 7, 2019 7:13 PM
  • User-1104215994 posted

    DB calls are generally asynchronous.  If the code is doing other work then waiting on the async call does not matter much.  Can you explain why you have this fear of using a database?  Can you explain why you think making a DB call takes more time?  Do you have a throughput specification?  If so, what is the spec?  

    <g class="gr_ gr_136 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" id="136" data-gr-id="136">Yep</g> I will make DB calls async. I don't have throughput specs yet but I don't want more than 20- 30 secs max.

    Wednesday, May 8, 2019 5:25 AM
  • User36583972 posted


    Hi cenk1536,

    I am thinking if I can somehow keep the 3rd parties token instead of sending to the client and attach the token to the client request when client call the second method. Is this seems logical?

    Yes, this is more logical.

    If so how can I keep track of which request to attach? It is stateless right. Just trying to unburden the client and make my rest API more usable.

    You can save your token and 3.party token in the database.

    You can try to use DbContext in Entity Framework.

    DbContext is an important class in Entity Framework API. It is a bridge between your entity classes and the database.

    Best Regards

    Yong Lu

    Wednesday, May 8, 2019 6:38 AM