Discussion:
[arangodb-google] Need a way to use REST API for AQL queries without writing the actual query in the URL
h***@usc.edu
2018-07-24 17:43:44 UTC
Permalink
Hello,

I am new to Arango and exploring the graph queries and how to use the REST
APIs
The query can be executed using the REST API in the following way:

curl -X POST --data @- --dump - --basic --user "root"
http://localhost:8529/_db/licensedb/_api/cursor <<EOF
{
"query" : "FOR p IN products LET a = p.id FILTER a == 4 LET name = p.name
SORT p.id LIMIT 1 RETURN name"
}
EOF

However, I don't want to write the whole query in these curl statements. It
exposes the actual structure of the Graph Database that is created and does
not look very secure.
Is it possible to store the actual query on the server and execute it using
the name of the query or some ID associated to it.
Is there any other way of doing this without exposing the actual query in
the REST commands.

Thanks,
--
You received this message because you are subscribed to the Google Groups "ArangoDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to arangodb+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jan
2018-07-24 20:27:07 UTC
Permalink
Hi,

yes, this is also possible.
The general query API you are using is meant to execute arbitrary AQL
queries. Of course this implies sending the actual query string as part of
the request.
If you do not want to disclose any query strings in potentially insecure
request traffic, you can also create a custom API using ArangoDB's Foxx
framework.
A brief description of it can be found in the ArangoDB online manual:
https://docs.arangodb.com/3.3/Manual/Foxx/AtAGlance.html

That way, the APIs that execute AQL queries reside inside the arangod
server process, and their source code is not disclosed.
Callers can then call the APis exposed by your custom Foxx services without
even knowing how it is internally implemented and which exact queries it
executes.

The manual also provides an example how to run database queries from inside
a Foxx service:
https://docs.arangodb.com/3.3/Manual/Foxx/GettingStarted.html#writing-database-queries

You can also implement custom authentication etc. inside that custom Foxx
service if that is also a concern.

Best regards
Jan
Post by h***@usc.edu
Hello,
I am new to Arango and exploring the graph queries and how to use the REST
APIs
http://localhost:8529/_db/licensedb/_api/cursor <<EOF
{
"query" : "FOR p IN products LET a = p.id FILTER a == 4 LET name =
p.name SORT p.id LIMIT 1 RETURN name"
}
EOF
However, I don't want to write the whole query in these curl statements.
It exposes the actual structure of the Graph Database that is created and
does not look very secure.
Is it possible to store the actual query on the server and execute it
using the name of the query or some ID associated to it.
Is there any other way of doing this without exposing the actual query in
the REST commands.
Thanks,
--
You received this message because you are subscribed to the Google Groups "ArangoDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to arangodb+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
h***@usc.edu
2018-07-25 15:41:38 UTC
Permalink
Thanks for the reply Jan. I will look at the documents and links you
suggested to get a clear picture of working with the APIs.
Post by Jan
Hi,
yes, this is also possible.
The general query API you are using is meant to execute arbitrary AQL
queries. Of course this implies sending the actual query string as part of
the request.
If you do not want to disclose any query strings in potentially insecure
request traffic, you can also create a custom API using ArangoDB's Foxx
framework.
https://docs.arangodb.com/3.3/Manual/Foxx/AtAGlance.html
That way, the APIs that execute AQL queries reside inside the arangod
server process, and their source code is not disclosed.
Callers can then call the APis exposed by your custom Foxx services
without even knowing how it is internally implemented and which exact
queries it executes.
The manual also provides an example how to run database queries from
https://docs.arangodb.com/3.3/Manual/Foxx/GettingStarted.html#writing-database-queries
You can also implement custom authentication etc. inside that custom Foxx
service if that is also a concern.
Best regards
Jan
Post by h***@usc.edu
Hello,
I am new to Arango and exploring the graph queries and how to use the
REST APIs
http://localhost:8529/_db/licensedb/_api/cursor <<EOF
{
"query" : "FOR p IN products LET a = p.id FILTER a == 4 LET name =
p.name SORT p.id LIMIT 1 RETURN name"
}
EOF
However, I don't want to write the whole query in these curl statements.
It exposes the actual structure of the Graph Database that is created and
does not look very secure.
Is it possible to store the actual query on the server and execute it
using the name of the query or some ID associated to it.
Is there any other way of doing this without exposing the actual query in
the REST commands.
Thanks,
--
You received this message because you are subscribed to the Google Groups "ArangoDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to arangodb+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...