Deprecating AuthTokens in SDP Cloud:
SDP Cloud REST APIs supports two types of authentication, AuthToken and OAUTH. Of these, OAUTH is more secure and follows well defined standards. AuthTokens on the other hand do not have any well defined standards, do not have expiry and no support for delegated access. In short, they are less secure and must not be used going forward.
We would start deprecate the support for AuthToken based authentication for our REST APIs in a staged manner. From November 30th, users will not be able to generate new AuthToken. Already generated AuthToken will continue to work. From January 15, 2021, we will remove support for AuthTokens and users won't be able to use the already generated tokens for accessing REST APIs.
Deprecating URI Model:
In SDP Cloud v3 version of REST APIs, we support special operations that can be invoked over entities. For instance, the pickup operation on a request is nothing but an edit operation where only the technician field is updated. Traditionally, users must invoke the edit API of request and pass the current user's ID. In SDP Cloud we support a special URL for such convenience operations. The operations can be performed by accessing the URIs,
Here, the "assign" at the end is the convenience operation. As you can see, the difference between both of the URIs is the underscore present at the start of assign token. This underscore ('_') helps to identify the name of the invoked operation.
We are be deprecating the ambiguous operations URIs without underscore. Support for this URIs will be removed after January 15, 2021. Any invalid URL that will be accessed after the fore mentioned date will return a 404 error code.
PRO TIP: SDP Cloud APIs has HATEOAS implemented as a core component. Simply put, HATEOAS , provides a standard way for clients to discover the actions and operations offered by a resource/entity. HATEOAS will always return operations for which an user has authorization. This eliminates the need in clients to check if a particular operation is allowed for an user.
HATEOAS for an entity/resource can be accessed with the following URI,
Below is a sample HATEOAS response of the _links operation for the "request" entity. The links section provides the details of the operations like, unique name of the operation, the HTTP method to be used as well as the URL (href) to be invoked. We recommend users to identify the operation by it's name and fetch the URL