What is best way to validate API calls, weather the request is valid or the user bypassing some calls, in web api?
Question
Thanks, I am developing one rest API in Dot.Net core. I need to secure my API calls while accessing.
I have 10 rest API calls, here few of them,
- ValidateUser,
- UploadDocument
- VerifyDocument
- ApproveDocument
- EligibleForPersonalLoan.
The order of these calls should be sequential order, what bulleted above Example: 1 -> 2 -> 3 -> 4 -> 5 -> 6.
if byepasser make a call request "2.UploadDocument" after the "5. EligibleForPersonalLoan" call, and this request is wrong and in this scenario the user has byepassed two calls(3 and 4), so here i want to return 'invalid request' error message. So how to handle this scenario.
1 answers
solution1
0 2019-08-20 09:26:51
You could easily managed it by introducing a new enum called "LoanStatus"
public class Loan
{
public long Id { get; set; }
public virtual User User{ get; set; }
public virtual List<Document> Documents{ get; set; }
public LoanStatus LoanStatus{ get; set; }
}
public enum LoanStatus
{
UserValidated,
DocumentUploaded,
DocumentVerified,
DocumentApproved,
LoanEligibility...
}
Each time a WebApi is called you check the LoanStatus property and see if it's in the expected status otherwise you throw a forbidden request. If the status is the one expected you do all your logic and then you change the status of the entity.
[HttpGet]
[Route("verifydocument/{loadId:long}")]
public IHttpActionResult VerifyDocument(long loadId)
{
try
{
var loan= _loanService.FindLoanById(loadId);
if (loan.LoanStatus!=null && loan.LoanStatus.Equals(LoanStatus.DocumentUploaded)
//Do logic for the verifyDocument and update the LoanStatus to DocumentVerified
{
return Ok(loanUpdated);
}
return Forbid();
}
catch (Exception exception)
{
return InternalServerError(exception);
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.