Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Differentiate between Update and Post #25

Open
jwise-mfg opened this issue Dec 16, 2024 · 7 comments
Open

Differentiate between Update and Post #25

jwise-mfg opened this issue Dec 16, 2024 · 7 comments

Comments

@jwise-mfg
Copy link
Member

Splitting out #3

I would make UPDATE/POST (i.e. writes) a different endpoint. As a dev, this gives me more options to secure it, optimize it, etc

@jwise-mfg jwise-mfg changed the title Diffentiate between Update and Post Differentiate between Update and Post Dec 16, 2024
@matthewGEA
Copy link
Contributor

I concur with separating UPDATE/POST/PUBLISH/WRITE actions to an endpoint separate from READ. Having as a separate endpoint will enable some nodes in an architecture to be read-only with the data (similar to data-diode, etc)

@randy-armstrong
Copy link

randy-armstrong commented Dec 19, 2024

I think the API should only use POST only so it is not dependent on HTTP.
(i.e. POST is a traditional request-response paradigm that can be mapped to many different technologies).
It is a mistake to develop an API that only works with HTTP.

Example: the OPC UA JSON WebAPI works with WebSockets and HTTP POST. The WebSockets mapping would have been much more difficult if OPC UA JSON WebApi used verbs other than POST.

@matthewGEA
Copy link
Contributor

@randy-armstrong Good insight. My assumption is that mapping to HTTP should follow the Web of Things HTTP binding: https://w3c.github.io/wot-binding-templates/bindings/protocols/http/

While they do list POST to initialize websockets for the SUBSCRIBE function, READ is listed as "GET" and WRITE as "PUT".

So your opinion is that the WoT HTTP binding is too coupled to http?

@randy-armstrong
Copy link

WoT uses the outdated HTTP long poll for subscriptions.
WebSockets and similar technology are better options today.

@matthewGEA
Copy link
Contributor

Hmmm...WoT http binding has long poll as one of three subscription methods:

A.1.3 Observe property (HTTP binding with Long Polling subprotocol)

A.1.4 Observe property (HTTP binding with Server Sent Event subprotocol)

A.1.5 Observe property (HTTP binding with WebSocket subprotocol)

The document I linked above is a draft, so maybe the other two are new additions?

@randy-armstrong
Copy link

randy-armstrong commented Dec 20, 2024

Sorry. Did not read far enough. They define a mapping from GET query parameters to a message.
But the format is HTTP specific.
A JSON message body is more generic and maps easily to classes in many programming languages.
The HTTP form approach requires custom serialization code.

GET is also limited with the size of parameters and the parameters are public (i.e. they cannot be encrypted).
So POST is better for security.

@jwise-mfg
Copy link
Member Author

Relevant discussion here: https://news.ycombinator.com/item?id=42600276

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants