Jump to content

WinAPI - Partial Response


Recommended Posts

Add ability to specify what fields the server will respond with when performing a API call.

 

Scenario:

Create a service account password for an IIS service, the tech will not need the password instantaneously and he only needs to know that it succeeded.

# PowerShell Request

#JSON data for the object
$jsonData = '
{
    "PasswordListID":"7331",
    "Title":"IIS [Feature] Service Account",
    "UserName":"iis_[feature]_service_001",
    "GeneratePassword":"True",
    "ReturnFields":[ "PasswordID" ]
}
'

$PasswordstateUrl = 'https://passwordstate/winapi/passwords/'
$result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials
# Response

HTTP/1.1 200           
[
    {
        "PasswordID": 1337
    }
]

Benefits:

The benefit of this is less data transfered over the network which means less bandwidth usage, less CPU time spent on the server and client, as well as less memory usage on the client but crucially minimize the amount of clear-text passwords flying through the network and ending up in client RAM.

Link to comment
Share on other sites

Hi Christopher,

 

Thanks for your request. To implement something like this would be a complete re-write of the API, as we return a Class object here. So if we were to only return partial values, we would need many Classes to support this i..e currently 23 different classes for a password record.

If you also use the ExcludePassword parameter, you can ensure the password value is not returned with these calls as well.

If we get enough interest from the community on this, we will consider it. Appreciate the request though.

Regards

Click Studios

Link to comment
Share on other sites

I understand that, with the way your API works right now, it'll be a lot of work to change the way data is handled and a major change like that would certainly break others scripts. However instead of writing a new class for each password record isn't it possible to write a LINQ filter based on the request from the user in-between the data from the database and the RestSharp response to get the desired effect?

 

The ExcludePassword parameter doesn't seem to work in conjunction with the GeneratePassword parameter so in this particular case doesn't work.

 

[ps. updated my previous post with the correct json data]

Link to comment
Share on other sites

Hi Christopher,

 

We just added the ExcludePassword parameter for the Update Password method today, and will be available in the next release.

 

Not sure about your LINQ filter - do you know of any examples of how this can be done from a Microsoft WinAPI? If not, we can investigate this ourselves if there's enough interest for this from the community.

Regards

Click Studios

 

Link to comment
Share on other sites

Ah, you guys work fast. I'll check out ExcludePassword when it's available.

 

I don't have any specific example only brainstorming. However there is a wrapper for ASP.NET Web API that can return partial json results https://github.com/dotarj/PartialResponse (have not tested it myself). If you can use JSON.net then it has a built-in way of delivering partial results by creating a ContractResolver https://www.newtonsoft.com/json/help/html/ContractResolver.htm

 

Hope this helps and keep up the excellent work.

 

Regards

Christopher

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...